Mastering Veeam backup & replication [Second edition.] 9781803236810

Table of contents :
Cover
Title page
Copyright and Credits
Dedication
Contributors
Table of Contents
Preface
Section 1: Installation – Best Practices and Optimizations
Chapter 1: Installing and Upgrading Veeam
Technical requirements
Understanding the best practices and optimizations for Veeam installation
Installing Veeam Backup & Replication v11a
How to configure and optimize proxy servers
How to set up repository servers for success
Understanding the scale-out backup repository
Upgrading Veeam Backup & Replication to v11a
Summary
Chapter 2: The 3-2-1-1-0 Rule – Keeping Data Safe
Technical requirements
Guest perspective from Rick Vanover of Veeam
Introducing what the 3-2-1-1-0 rule is
Importance of the 3-2-1-1-0 rule
Understanding how the 3-2-1-1-0 rule applies to your backup strategy when setting up jobs
Exploring what media is best suited for use with the 3-2-1-1-0 rule
Scenario 1
Scenario 2
Scenario 3
Scenario 4
Scenario 5
Summary
Section 2: CDP and Immutability – Hardened Repositories, Backups, and Object Storage
Chapter 3: CDP – Continuous Data Protection
Technical requirements
Understanding CDP and what it is
The backup server – Veeam CDP Coordinator Service
Source and target hosts with the I/O filter
CDP proxies
CDP policies
Determining the requirements and limitations of CDP
Requirements
Limitations
Setting up CDP – the I/O filter
Configuring CDP proxies and settings
Understanding CDP policies for replication
Summary
Further reading
Chapter 4: Immutability – Hardened Repositories
Technical requirements
Understanding hardened repositories
Learning how to configure hardened repositories in Veeam
Learning how eliminating SSH protects the server
Discovering how to configure backup jobs to use immutability with the hardened repositories
Summary
Further reading
Chapter 5: Backup Enhancements – Jobs, Copy Jobs, Restores, and More
Technical requirements
Understanding backup job enhancements and new features
High-priority jobs
Background GFS retention
Orphaned GFS backup retention
Deleted VM retention improvements
Distinguishing the new features of backup copy jobs
Time-based GFS retention
GFS full creation time
No quarterly backups
Repository as a source
Daily retention
Understanding restores with Linux target support and expanded platforms
Linux target support
Linux FLR without a helper appliance
Linux FLR performance improvements
Expanded platform support
Discovering other enhancements, including explorers
Summary
Further reading
Chapter 6: Expanded Object Storage Support – Capacity and Archive Tiers
Technical requirements
Understanding new object storage capacity and archive tiers
Understanding object storage configuring capacity and archive tiers
Discovering immutability with Amazon S3 Glacier and policy-based offloading
Working with the archive tier for cost-optimized archiving and storage
Summary
Further reading
Section 3: Linux Proxy Enhancements, Instant Recovery, Veeam ONE, and Orchestrator
Chapter 7: Linux Proxy Enhancements
Technical requirements
Understanding Linux proxy enhancements and what's new in v11a
Understanding how the latest enhancements can help your organization
A Linux proxy server can be physical or virtual
More transport modes – NBD, Direct SAN, and Hot-Add
Backup from storage snapshot (iSCSI, FC)
Allow quick rollback/CBT restore
Persistent data mover deployed
Enhanced data mover security
Certificate-based authentication instead of saved Linux credentials
New elliptic curve (EC) cryptography – adds EC-based SSH key pairs such as Ed25519 or ECDSA
Discovering the persistent data mover with enhanced security
Discovering how credentials are the past and certificates are the future
Special section by Rick Vanover from Veeam – future Linux capabilities and industry direction
Summary
Further reading
Chapter 8: Understanding Instant Recovery
Technical requirements
Discovering the requirements and prerequisites for Instant Recovery
Exploring Instant Recovery – what is It?
Investigating and understanding the Instant Recovery process and steps
Exploring the migration and cancellation steps for recovery
Discovering what is new in Veeam Backup & Replication v11a
Instant Recovery of Microsoft SQL Server and Oracle databases
Instant file share recovery
Instant recovery of anything to Microsoft Hyper-V
Summary
Further reading
Chapter 9: Introducing Veeam ONE v11a
Technical requirements
Exploring Veeam ONE – an overview
Single-server architecture – typical deployment
Distributed server architecture – advanced deployment
Understanding Veeam ONE – installation and configuration
Installation of Veeam ONE v11a
Discovering monitoring – vSphere, vCloud, and Veeam
Investigating and understanding reporting
Exploring Veeam ONE for troubleshooting
Investigating what is new in Veeam ONE v11a
Major new features
Enhanced Veeam Backup & Replication support
Other enhancements
Veeam ONE community resources
Summary
Further reading
Chapter 10: Introducing Veeam Disaster Recovery Orchestrator
Technical requirements
Veeam Disaster Recovery Orchestrator – What is it?
Prerequisites for Veeam Disaster Recovery Orchestrator
Installation of Veeam Disaster Recovery Orchestrator
Configuring Veeam Disaster Recovery Orchestrator
Working with orchestration plans for DR
Investigating scripts, reports, and dashboards
Scripts
Reports
Dashboards
Summary
Further reading
Index
About Packt
Other Books You May Enjoy

Citation preview

Mastering Veeam Backup & Replication Second Edition Secure backup with Veeam 11 for defending your data and accelerating your data protection strategy

Chris Childerhose

BIRMINGHAM—MUMBAI

Mastering Veeam Backup & Replication Second Edition Copyright © 2022 Packt Publishing All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews. Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing or its dealers and distributors, will be held liable for any damages caused or alleged to have been caused directly or indirectly by this book. Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information. Group Product Manager: Vijin Boricha Publishing Product Manager: Mohd Riyan Khan Senior Editor: Shazeen Iqbal Content Development Editor: Romy Dias Technical Editor: Nithik Cheruvakodan Copy Editor: Safis Editing Project Coordinator: Shagun Saini Proofreader: Safis Editing Indexer: Pratik Shirodkar Production Designer: Aparna Bhagat Marketing Coordinator: Hemangi Lotlikar First published: February 2021 Second edition: February 2022 Production reference: 1080222 Published by Packt Publishing Ltd. Livery Place 35 Livery Street Birmingham B3 2PB, UK. ISBN 978-1-80323-681-0

www.packt.com

To all my colleagues and fellow Vanguards, who spoke words of encouragement and praise about my writing a book, it is truly humbling to have a great community in the Veeam Vanguards/Legends and colleagues that support your work.

Contributors About the author Chris Childerhose is an information technology professional with over 26 years of experience in network/systems architecture, network and systems administration, and technical support. He is a Veeam Vanguard/Veeam Legend and is a Veeam Certified Architect and Veeam Certified Engineer. He also has the following certifications: vExpert, VCAP-DCA, VCP-DCV, and MCITP. He currently works for ThinkOn as the lead infrastructure architect, where he designs the infrastructure for all client services offered. Chris is also an avid blogger on all things virtual, focusing on Veeam and VMware. Writing a book is more challenging than I thought and more rewarding than I could have ever imagined, and a second edition is still quite a task. None of this would have been possible without my wife, Julie. She stood by me during every struggle and my successes, including many nights writing. She was someone I could talk about my book with and how things were going. She always pushes me and I will be forever thankful for this. I'm eternally grateful to Rick Vanover of Veeam, who took the time to do a technical review of my second book and all of my chapters when he didn't have to. I genuinely have no words to thank him for this amazing selflessness to help a fellow Veeamer on a second book about Veeam with his perspective.

About the reviewers Arron Stebbing is a principal sales acceleration technical trainer at Veeam Software. Arron develops and delivers training programs about modern data protection software. Arron has extensive experience building and operating cloud service provider environments and has been working in the IT industry for 17+ years. Arron can communicate to executives business value and outcomes as well as educating the technical team on how to deliver the business value required to meet the requirements. Steve Dolphin is an experienced professional with experience delivering organizational change projects. While more recently working on cross-business projects involving culture, employee change, and technology, his background in computer science stems from his undergraduate bachelor's almost 20 years ago. His current role involves understanding the best impact of Microsoft technology stacks including Azure, Azure Virtual Desktop, and M365. On-premise systems he's familiar with include VMware, Veeam, Dell storage and servers, and HP switching. He is particularly motivated by corporate structure, governance, and employee-ownership setups and has been a speaker at events and a champion for agile working.

Table of Contents Preface

Section 1: Installation – Best Practices and Optimizations

1

Installing and Upgrading Veeam Technical requirements Understanding the best practices and optimizations for Veeam installation Installing Veeam Backup & Replication v11a

How to configure and optimize proxy servers

4 4 4

How to set up repository servers for success Understanding the scale-out backup repository Upgrading Veeam Backup & Replication to v11a Summary

19 21 30 38

15

2

The 3-2-1-1-0 Rule – Keeping Data Safe Technical requirements Guest perspective from Rick Vanover of Veeam Introducing what the 3-2-1-1-0 rule is

40

Importance of the 3-2-1-1-0 rule

41

40 40

Understanding how the 3-2-11-0 rule applies to your backup strategy when setting up jobs 42 Exploring what media is best suited for use with the 3-2-1-1-0 rule 46 Scenario 1 Scenario 2

47 50

viii Table of Contents Scenario 3 Scenario 4

52 54

Scenario 5

58

Summary61

Section 2: CDP and Immutability – Hardened Repositories, Backups, and Object Storage

3

CDP – Continuous Data Protection Technical requirements 66 Understanding CDP and what it is66 The backup server – Veeam CDP Coordinator Service Source and target hosts with the I/O filter CDP proxies CDP policies

Determining the requirements and limitations of CDP

67 67 69 69

Limitations70

Setting up CDP – the I/O filter 71 Configuring CDP proxies and settings77 Understanding CDP policies for replication88 Summary98 Further reading 98

69

Requirements70

4

Immutability – Hardened Repositories Technical requirements 100 Understanding hardened repositories100 Learning how to configure hardened repositories in Veeam 103

Learning how eliminating SSH protects the server 114 Discovering how to configure backup jobs to use immutability with the hardened repositories 114 Summary120 Further reading 121

Table of Contents ix

5

Backup Enhancements – Jobs, Copy Jobs, Restores, and More Technical requirements 124 Understanding backup job enhancements and new features124 High-priority jobs Background GFS retention Orphaned GFS backup retention Deleted VM retention improvements

125 126 126 126

Distinguishing the new features of backup copy jobs 126 Time-based GFS retention GFS full creation time No quarterly backups Repository as a source

127 128 128 129

Daily retention

Understanding restores with Linux target support and expanded platforms Linux target support Linux FLR without a helper appliance Linux FLR performance improvements Expanded platform support

130

132 132 132 133 133

Discovering other enhancements, including explorers135 Summary136 Further reading 136

6

Expanded Object Storage Support – Capacity and Archive Tiers Technical requirements 138 Understanding new object storage capacity and archive tiers138 Understanding object storage configuring capacity and archive tiers 142

Discovering immutability with Amazon S3 Glacier and policy-based offloading 153 Working with the archive tier for cost-optimized archiving and storage 155 Summary156 Further reading 156

x Table of Contents

Section 3: Linux Proxy Enhancements, Instant Recovery, Veeam ONE, and Orchestrator

7

Linux Proxy Enhancements Technical requirements 160 Understanding Linux proxy enhancements and what's new in v11a 160 Understanding how the latest enhancements can help your organization162 A Linux proxy server can be physical or virtual More transport modes – NBD, Direct SAN, and Hot-Add Backup from storage snapshot (iSCSI, FC) Allow quick rollback/CBT restore Persistent data mover deployed Enhanced data mover security

162 163 165 166 166 167

Certificate-based authentication instead of saved Linux credentials New elliptic curve (EC) cryptography – adds EC-based SSH key pairs such as Ed25519 or ECDSA

167

167

Discovering the persistent data mover with enhanced security 167 Discovering how credentials are the past and certificates are the future 168 Special section by Rick Vanover from Veeam – future Linux capabilities and industry direction169 Summary170 Further reading 170

8

Understanding Instant Recovery Technical requirements 172 Discovering the requirements and prerequisites for Instant Recovery172 Exploring Instant Recovery – what is It? 175 Investigating and understanding the Instant Recovery process and steps 178

Exploring the migration and cancellation steps for recovery 190 Discovering what is new in Veeam Backup & Replication v11a196 Instant Recovery of Microsoft SQL Server and Oracle databases Instant file share recovery

197 200

Table of Contents xi Instant recovery of anything to Microsoft Hyper-V

204

Summary Further reading

209 209

9

Introducing Veeam ONE v11a Technical requirements Exploring Veeam ONE – an overview Single-server architecture – typical deployment Distributed server architecture – advanced deployment

212 212 214 214

Understanding Veeam ONE – installation and configuration 217 Installation of Veeam ONE v11a

Discovering monitoring – vSphere, vCloud, and Veeam

218

226

Investigating and understanding reporting Exploring Veeam ONE for troubleshooting Investigating what is new in Veeam ONE v11a

233 238 242

Major new features 242 Enhanced Veeam Backup & Replication support 243 Other enhancements 243

Veeam ONE community resources  Summary Further reading

244 244 245

10

Introducing Veeam Disaster Recovery Orchestrator Technical requirements 248 Veeam Disaster Recovery Orchestrator – What is it? 248 Prerequisites for Veeam Disaster Recovery Orchestrator 254 Installation of Veeam Disaster Recovery Orchestrator

Configuring Veeam Disaster Recovery Orchestrator

256

264

Index Other Books You May Enjoy

Working with orchestration plans for DR Investigating scripts, reports, and dashboards Scripts Reports Dashboards

Summary Further reading

267 279 280 281 283

285 285

Preface Veeam is one of the leading modern data protection solutions, and learning this technology can help you protect your virtual environments effectively. This book guides you through implementing modern data protection solutions for your cloud and virtual infrastructure with Veeam. You will even gain in-depth knowledge of advanced-level concepts, such as Continuous Data Protection (CDP), immutability with hardened repositories, Instant Recovery, Veeam ONE, and Veeam Disaster Recovery Orchestrator.

Who this book is for This book is for VMware administrators or backup administrators with some existing knowledge of Veeam and the topics covered in this book. You should know some virtualization and backup concepts to understand what is discussed in each chapter. Veeam is one of the leading modern data protection solutions, and learning this technology will help you protect your environments. Most users will want to implement many of the topics discussed and investigate Veeam ONE for monitoring/reporting their infrastructure and Veeam Disaster Recovery Orchestrator for Disaster Recovery (DR) scenarios.

What this book covers Chapter 1, Installing and Upgrading Veeam, covers the upgrade and installation for Veeam Backup & Replication. You will learn how to set up things such as the backup server, proxies, and repositories. There will be a reference to the Veeam best practice site as well. Once installation and upgrade are covered, I will dive further into adding repository servers and proxy servers. Chapter 2, The 3-2-1-1-0 Rule – Keeping Data Safe, discusses the all-important 3-2-1-1-0 rule of backups, which refers to three copies of data, two on different media, one copy offsite, one copy offline, and having verified backups with zero errors. We will discuss the importance of keeping your data safe, and using this method is one of the best ways to do this. We will also discuss some of the different types of media and services that we can use, including tape for air-gapped protection.

xiv

Preface

Chapter 3, CDP – Continuous Data Protection, shows and discusses the newest features of Veeam Backup & Replication v11. You will learn about the CDP feature of v11 and its requirements. You will learn about immutability with hardened repositories – those being Linux-based. We will even discuss many new backup features and enhancements and the new, expanded object storage, including Google Cloud and Microsoft Azure. You will gain a wealth of knowledge on new features to implement and use in your environments. Chapter 4, Immutability – Hardened Repositories, dives into hardened repositories and best practices for creating them. We will also discuss single-use credentials for deployment and how this helps with security. We will discuss how SSH is no longer a requirement, only at initial deployment. We'll also look at immutable backups to protect your onsite data from hackers and how this meets security compliance. Chapter 5, Backup Enhancements – Jobs, Copy Jobs, Restores, and More, dives into all of the many enhancements for Veeam Backup & Replication for v11 for backups. We will discuss backup jobs, backup copy jobs, restores, and a few other things. We will outline which enhancements can help your environment and look at them further. Chapter 6, Expanded Object Storage Support – Capacity and Archive Tiers, discusses the newest supported capacity and archive tiers of object storage and how they can help reduce costs. We will discuss configuring and using these newly supported vendors within Veeam. We will discuss immutable backups with Amazon S3 Glacier and policy-based offloading. We will also touch on cost-optimized archiving and flexible storage methods with the archive tier. Chapter 7, Linux Proxy Enhancements, dives into the enhancements of proxy servers in Veeam Backup & Replication v11. We will discuss how these changes benefit organizations, the persistent data mover, and the enhanced security. We will also talk about how Veeam uses certificate-based authentication instead of saving credentials for communication. Chapter 8, Understanding Instant Recovery, dives into one of the great features of Veeam – Instant Recovery. We will discuss the new Instant Recovery of Microsoft SQL Server and Oracle databases, and we will also discuss the new instant NAS publishing for quick file access. Finally, we'll discuss the new feature of instant recovery of anything to Microsoft Hyper-V, allowing even more portability of backups. Chapter 9, Introducing Veeam ONE v11a, discusses the reporting tool of the Veeam Availability Suite – Veeam ONE. We will discuss the new features, such as CDP monitoring, Veeam Agent for Mac, and the new user interface. We will look at the many enhancements made to the Veeam Backup & Replication support system. We will also look at other changes, such as VMware vSphere 7 Update 1 support, vCloud 10.2, Windows 10 20H2, and Windows Server 20H2.

Preface

xv

Chapter 10, Introducing Veeam Disaster Recovery Orchestrator, covers Veeam's DR orchestration utility – Veeam Disaster Recovery Orchestrator. We will discuss how Veeam Disaster Recovery Orchestrator can help organizations test DR recovery. We will discuss DR orchestration, automating DR testing, and how this helps meet DR compliance requirements. We will also see how Veeam Disaster Recovery Orchestrator can benefit any organization using Veeam.

To get the most out of this book You should have at least 6 months of hands-on knowledge with Windows/Linux servers and virtualization with VMware, and it would be best if you were comfortable setting up servers and configuring them with storage. You should also have some backup knowledge and have already used Veeam even for basic tasks since many topics in the book look at the more advanced features of Veeam Backup & Replication.

You should have Windows Server set up to install Veeam Backup & Replication, Veeam ONE, and Veeam Disaster Recovery Orchestrator. Veeam Availability Suite and Veeam Disaster Recovery Orchestrator ISO files and trial licenses can be downloaded from the http://www.veeam.com website.

Download the color images We also provide a PDF file that has color images of the screenshots and diagrams used in this book. You can download it here: https://static.packt-cdn.com/ downloads/9781803236810_ColorImages.pdf.

Conventions used There are a number of text conventions used throughout this book. Bold: Indicates a new term, an important word, or words that you see onscreen. For instance, words in menus or dialog boxes appear in bold. Here is an example: "When you click the Populate button, the drives of the Linux server will appear. Choose the drive to be used for the repository and click Next." Tips or Important Notes Appear like this.

xvi

Preface

Get in touch Feedback from our readers is always welcome. General feedback: If you have questions about any aspect of this book, email us at [email protected] and mention the book title in the subject of your message. Errata: Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you have found a mistake in this book, we would be grateful if you would report this to us. Please visit www.packtpub.com/support/errata and fill in the form. Piracy: If you come across any illegal copies of our works in any form on the internet, we would be grateful if you would provide us with the location address or website name. Please contact us at [email protected] with a link to the material. If you are interested in becoming an author: If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, please visit authors.packtpub.com.

Share Your Thoughts Once you've read Mastering Veeam Backup Replication Second Edition, we'd love to hear your thoughts! Please click here to go straight to the Amazon review page for this book and share your feedback. Your review is important to us and the tech community and will help us make sure we're delivering excellent quality content.

Section 1: Installation – Best Practices and Optimizations The objective of this section is to teach you best practices and optimizations for installing and upgrading Veeam. This section will also introduce the 3-2-1-1-0 backup rule for safeguarding data. You will learn how to apply the best practices and optimizations to your installation of Veeam. This section contains the following chapters: • Chapter 1, Installing and Upgrading Veeam • Chapter 2, The 3-2-1-1-0 Rule – Keeping Data Safe

1

Installing and Upgrading Veeam Veeam Backup & Replication v11a is part of Veeam Availability Suite, which is ready for the modern data center and allows you to back up all your workloads, including cloud, virtual, physical, and applications. It is simple yet flexible to meet your most challenging environment needs. This chapter will discuss how to install and upgrade the software, what components make up Veeam Backup & Replication v11a, and some best practices and optimizations. There will be practical examples throughout this chapter of optimizing specific elements that make up the Veeam environment. We will also touch on some websites, such as the Best Practices Guide for Veeam, among others, to give you resources to help set up Veeam in your environment. As they say about Veeam – "It Just Works." In this chapter, we're going to cover the following main topics: • Understanding the best practices and optimizations for Veeam installation • How to configure and optimize proxy servers • How to set up repository servers for success • Understanding the scale-out backup repository • Upgrading Veeam Backup & Replication to v11a

4

Installing and Upgrading Veeam

Technical requirements To ensure a successful installation, you will require the following: • You must have deployed a Windows 2019/2022 server with the necessary disk space to install the application (2008 R2 SP1 is also currently supported). Windows 10 and other modern Windows desktop operating systems are also supported. • You must have downloaded the latest ISO file from www.veeam.com, which requires registration on the site and allows you to obtain a trial license. At the time of this writing, version 11.0.1.1261_20210923 is the current release. • Veeam Best Practices website: https://bp.veeam.com/vbr/. • Veeam Documentation website: https://helpcenter.veeam.com/docs/ backup/vsphere/overview.html?ver=110.

Understanding the best practices and optimizations for Veeam installation The installation of Veeam Backup & Replication v11a is a straightforward process. Setting up Veeam, if not done right, can lead to components not working correctly and poor performance, among other things. However, if you set up Veeam correctly, it will protect your data and environment with minimal configuration. This section will go through the installation process and touch on the best practices and optimizations for your environment.

Installing Veeam Backup & Replication v11a Before installing Veeam, you need to ensure that you have a server deployed, either Windows 2019 or 2022, with enough disk space for the installation. Note Veeam will configure the default backup repository on the drive with the most available disk space, whether that is the OS drive, Application drive, or Catalog drive.

Understanding the best practices and optimizations for Veeam installation

5

The disk layout should be similar to the following: • OS drive: This is where your operating system resides and should be used only for this. • Application drive: This will be your application installation drive for Veeam and all its components. • Catalog drive: Veeam uses a catalog that can generate around 10 GB of data per 100 VMs backed up with file indexes. If this will be a significant storage requirement for your deployment, it may be advisable to allocate the Catalog folder to a separate drive. Once your server is ready and you have downloaded the ISO file and mounted it, follow these steps to install Veeam: 1. Run the setup.exe file on the mounted ISO drive:

Figure 1.1 - Main installation screen

6

Installing and Upgrading Veeam

2. Click on the Install button under the Veeam Backup & Replication 11a section on the left or the Install link on the right-hand side under Standalone components. 3. You will be prompted to install the Microsoft Visual C++ runtime. Click OK to proceed. Once you've installed it, you may be prompted to reboot your server. Click YES to proceed:

Figure 1.2 – Installing Microsoft Visual C++

The preceding screenshot shows the Visual C++ Redistributable installation request. The following screenshot shows the Reboot option once Visual C++ Redistributable has been installed:

Figure 1.3 – Reboot prompt after installing Microsoft Visual C++

Note You may need to mount the ISO again after rebooting the server before proceeding.

4. At this point, you will see the License Agreement window, so you will need to select the two checkboxes to place a checkmark and then click Next to continue.

Understanding the best practices and optimizations for Veeam installation

5. You will now need to provide a valid license file, whether it's been purchased or a trial; if you do not have this at this stage of the installation, you can click Next to continue, and Veeam will operate in the Community (Free) Edition. When you obtain the license file, you can install that within the application under the menu and license:

Figure 1.4 – License dialogue window

6. The next screen is where you choose which components you want to install and in which directory. Veeam recommends that all of them are selected: ‚ Veeam Backup & Replication: The main application. ‚ Veeam Backup Catalog: Used when you turn on guest OS indexing within your jobs. ‚ Veeam Backup & Replication Console: This is where you go to view, create, and edit jobs and manage the environment.

7

8

Installing and Upgrading Veeam

7. After clicking Next, the installer will then do a system check for any pre-requisites required. Should something be missing, you will be prompted and have the option to install the missing components:

Figure 1.5 – System Configuration Check – missing components

8. Click the Install button to install the missing components. 9. Once all the components have passed, you can click Next to move to the following screen. Unlike in previous versions of Veeam Backup & Replication, the following screen does not give you the option to input a user account to run the services. Instead, with Version 11a of Veeam, you need to select the checkbox next to Let me specify different settings and then click Next. 10. You will now have the opportunity to enter a user account for the Veeam services, better known as a Service Account. There are some recommended settings for this service account: ‚ You must have Local Administrator rights on the Veeam server. ‚ If you are using a separate SQL Server and not the Express edition (Microsoft SQL Server 2016 SP2 Express edition) that comes with Veeam's Install, you will require permissions to create the database.

Understanding the best practices and optimizations for Veeam installation

9

‚ You will need full NTFS permissions to the folder that will contain the catalog. For more details about these permissions, please visit https://helpcenter.veeam.com/docs/backup/vsphere/required_ permissions.html?ver=110:

Figure 1.6 – Server user account

For this setup, I am using an account that I have created on my lab server. In contrast, in a production scenario, you would already have a service account set up in Active Directory to enter at this stage.

10

Installing and Upgrading Veeam

11. The next screen lets you select the type of SQL installation you will be using. For a lab scenario, using SQL Express is good enough. If you are in an enterprise environment, the recommended best practice is to use an external SQL Server for the best performance. Also, take note that you can use Windows authentication or SQL Server authentication:

Figure 1.7 – SQL Server instance for Veeam

12. After selecting the appropriate options, click Next once again.

Understanding the best practices and optimizations for Veeam installation

13. The following window is for TCP/IP port configuration; you can adjust these settings if you use different ports, but the default ports should suffice:

Figure 1.8 – Port Configuration defaults

14. Then, click Next to go the Data Locations screen:

Figure 1.9 – Data Locations – directory selection

11

12

Installing and Upgrading Veeam

15. Here, you must specify the Application drive under Instant recovery write cache, which mounts restore points during recovery. Please use the dedicated drive you set up for Guest file system Catalog. The installer is now ready to complete by installing the local SQL Express instance and then the application. Veeam will also set the user account you selected to start all the services:

Figure 1.10 – Ready to Install – checking for updates

16. After reviewing the setup, click Install to proceed with the installation and start setting up the components that work together with the backup server. Now, let's start configuring the required settings for Veeam to work with VMware: ‚ Repository server: The server that's used to store the backup files. ‚ Proxy servers: The servers that perform all the backup tasks. ‚ VMware vCenter Credentials: This is used to connect and see your clusters, hosts, vApps, and virtual machines. vCenter Server is not required as standalone ESXi hosts are also supported if they're licensed in VMware.

Understanding the best practices and optimizations for Veeam installation

13

17. When you first launch the Veeam Backup & Replication console, you will be taken directly to the INVENTORY tab, and Virtual Infrastructure will be in focus:

Figure 1.11 – Initial console screen

18. This screen is where we will begin adding the Virtual Center so that you can start backing up your virtual machines. Click on the ADD SERVER option to start this process. You will then be prompted to select what kind of server to add. Choose VMware vSphere and then either vSphere or vCloud Director:

Figure 1.12 – vSphere or vCloud Director selection

You would typically select vSphere here; however, if you have vCloud Director in your environment, you may also want to choose this option. When you choose vSphere, you will be prompted for two things to complete the connection: ‚ The DNS or IP address of your vCenter server (DNS is the preferred method). ‚ Credentials – this can either be a vsphere.local user or a domain account that's been set up for access.

14

Installing and Upgrading Veeam

19. Enter the required credentials, click Next, and then click Apply to complete the VMware vSphere setup. You will now see your vCenter server listed under the Virtual Infrastructure section of the console and will be able to browse the hosts and virtual machines. Now, let's look at the next piece that's required for the infrastructure, which is the proxy server. By default, the Veeam Backup & Replication server is your VMware Backup Proxy and File Backup Proxy. Due to the limitations of my lab, I am going to use this server as an example, but in the real world, you would add multiple proxy servers to your environment for better performance and as per best practices. Also, based on best practices, you would typically disable the Veeam Backup & Replication server from being a proxy server to allow the other proxy servers to handle the workload. The next component you will require is a repository server, which is the location where Veeam Backup & Replication will store your backup files. By default, Veeam Backup & Replication creates a Default Backup Repository, typically on the biggest drive attached to your backup server. This location will be where the Configuration Backups usually get backed up. There are multiple options for adding a repository:

Figure 1.13 – Add Backup Repository selection

How to configure and optimize proxy servers

15

The first three selections are for block storage, while the last one is Object storage, which is used as part of a scale-out backup repository as the capacity tier for offloading data. You have now installed and done the basic configuration that's required for Veeam Backup & Replication. We will now look at how to optimize proxy servers and repository servers.

How to configure and optimize proxy servers Proxy servers are the workhorses of the Veeam Backup & Replication v11a application, and they do all the heavy lifting or processing of tasks for backup and restore jobs. When you set up Veeam, you need to ensure that the proxy servers get configured as per best practices: • https://bp.veeam.com/vbr/VBP/2_Design_Structures/D_Veeam_ Components/D_backup_proxies/vmware_proxies.html • https://helpcenter.veeam.com/docs/backup/vsphere/backup_ proxy.html?ver=110 When you decide to deploy a proxy server, Veeam Backup & Replication will install two components on the server: • Veeam Installer Service: This is used to check the server and upgrade software as required. • Veeam Data Mover: This is the processing engine for the proxy server and does all the required tasks. Veeam Backup & Replication proxy servers use a transport mode to retrieve data during backup. Three standard modes are available, and they are listed in order, starting with the most efficient method: • Direct Storage access: The proxy is placed in the same network as your storage arrays and can retrieve data directly from there. • Virtual Appliance: This mode mounts the VMDK files to the proxy server for what we typically call Hot-Add Mode to back up the server data. • Network: This mode is the least efficient but is used when the previous methods are unavailable. It moves the data through your network stack. It is recommended not to use 1 GB but rather 10 GB.

16

Installing and Upgrading Veeam

In addition to these standard transport modes, which are provided natively for VMware environments, Veeam provides two other transport modes: Backup from Storage Snapshots and Direct NFS. These provide storage-specific transport options for NFS systems and storage systems that integrate with Veeam. See the integration with storage systems guide for more details: https:// helpcenter.veeam.com/docs/backup/vsphere/storage_integration. html?ver=110. Along with the transport modes, there are specific tasks that the proxy server performs: • Retrieving the VM data from storage • Compressing • Deduplicating • Encrypting • Sending the data to the backup repository server (backup job) or another backup proxy server (replication job) Veeam proxy servers leverage what is known as VMware vStorage APIs for Data Protection (VADP) when using all transport modes other than Backup from Storage Snapshots and Direct NFS. You should consider the following regarding your proxy servers: 1. Operating System: Most software vendors will always recommend the latest and greatest, so if you choose Windows, then choose 2022. Alternatively, you can select Linux using the latest release (Example – Ubuntu 20.04.1 LTS). Note that for Linux VMware, backup proxies support all transport modes as of Veeam Backup & Replication v11a. 2. Proxy Placement: Depending on the transport mode for the server, you will need to place it as close to the servers you want to back up, such as on a specific host in VMware. The closer to the source data, the better! 3. Proxy Sizing: This can be tricky to determine and will depend on the physical or virtual server. Veeam proxy servers complete what are called tasks, which is where one virtual disk is processed for a VM or one physical disk is processed for a server. Therefore, Veeam recommends one physical core or one vCPU and 2 GB of RAM per task.

How to configure and optimize proxy servers

17

Veeam has a formula to calculate the required resources for a proxy server: • D = Source data in MB • W = Backup window in seconds • T = Throughput in MB/s = D/W • CR = Change rate • CF = Cores required for full backup = T/100 • CI = Cores required for incremental backup = (T * CR)/25 Based on these requirements, we can use a data sample to perform the calculations: • 1,000 virtual machines • 400 TB of data • An 8-hour backup window • 5% change rate Using these numbers, we can perform the following calculations: 𝐷𝐷 = 400 𝑇𝑇𝑇𝑇 ∗ 1024 ∗ 1024 = 419,430,400 𝑀𝑀𝑀𝑀 (𝐷𝐷𝐷𝐷𝐷𝐷𝐷𝐷 𝑖𝑖𝑖𝑖 𝑐𝑐𝑐𝑐𝑐𝑐𝑐𝑐𝑐𝑐𝑐𝑐𝑐𝑐𝑐𝑐𝑐𝑐 𝑡𝑡𝑡𝑡 𝑀𝑀𝑀𝑀)

𝑊𝑊 = 8 ℎ𝑜𝑜𝑜𝑜𝑜𝑜𝑜𝑜 ∗ 3600 𝑠𝑠𝑠𝑠𝑠𝑠𝑠𝑠𝑠𝑠𝑠𝑠𝑠𝑠 = 28,800 𝑠𝑠𝑠𝑠𝑠𝑠𝑠𝑠𝑠𝑠𝑠𝑠𝑠𝑠

𝑇𝑇 = 419,430,400 / 28,800 = 14,564 𝑀𝑀𝑀𝑀/𝑠𝑠

We can use the numbers we calculated to determine the required amount of cores needed to run both full and incremental backups to meet our defined SLA: 𝐶𝐶𝐶𝐶 = 𝑇𝑇 / 100 → 𝐶𝐶𝐶𝐶 (𝐹𝐹𝐹𝐹𝐹𝐹𝐹𝐹) = 14,564 / 100 ~ 146 𝑐𝑐𝑐𝑐𝑐𝑐𝑐𝑐𝑐𝑐

𝐶𝐶𝐶𝐶 = (𝑇𝑇 ∗ 𝐶𝐶𝐶𝐶) / 25 → 𝐶𝐶𝐶𝐶 (𝐼𝐼𝐼𝐼𝐼𝐼𝐼𝐼𝐼𝐼𝐼𝐼𝐼𝐼𝐼𝐼𝐼𝐼𝐼𝐼𝐼𝐼) = (14,564 ∗ 5) / 25 ~ 29 𝑐𝑐𝑐𝑐𝑐𝑐𝑐𝑐𝑐𝑐

Based on our calculations and considering that you require 2 GB of RAM for each task, you need a virtual server with 146 vCPUs and 292 GB of RAM. This size may seem like a considerable server, but keep in mind that it uses the sample data. Your calculations will likely be much smaller or possibly more extensive, depending on your dataset. Should you decide to use a physical server as a proxy, you should have a server with 2–10 core CPUs. In the case of our sample data, two physical servers are what you require. If you are using virtual servers for proxies, the best practice is to configure them with a maximum of 8 vCPUs and add as many as needed for your environment – in this case, we would need nine servers. Should you want to size things based on incremental backups only, your requirements are less than half of the full backup sizing – 29 vCPUs and 58 GB of RAM.

18

Installing and Upgrading Veeam

There are limitations for proxy servers that you need to be aware of when it comes to job processing and performance. As we noted previously, a proxy server performs tasks, which are assigned CPU resources. Concurrent task processing is dependent on the resources you have available in your infrastructure and the number of proxy servers you have deployed. As shown in the following screenshot, when it comes to adding a proxy server to Veeam Backup & Replication, there is the Max concurrent tasks option, which correlates to the number of CPUs that are assigned:

Figure 1.14 – Max concurrent tasks limitation for proxy servers

Task limits can be found at https://helpcenter.veeam.com/docs/backup/ vsphere/limiting_tasks.html?ver=110. Important Note Job performance gets impacted based on the tasks of a proxy server. For example, if you had a proxy server with 8 CPUs and added two virtual machines for backup, one with four disks and another with six disks, the proxy server would process only eight of the 10 disks in parallel. The remaining two disks would have to wait on resources before backing up.

You should now be able to right-size your proxy servers regarding CPU and RAM and understand proxy placement and how it processes tasks. Proxy servers send data to repository servers, which is the focus of the next section.

How to set up repository servers for success

19

How to set up repository servers for success A repository server is a storage location for your backups, so setting them up right the first time will ensure that you have the best performance. When creating a repository, it is always a good idea to follow the Veeam Backup & Replication best practices: https://bp.veeam.com/vbr/VBP/2_Design_Structures/D_Veeam_ Components/D_backup_repositories/.

The following are some things to consider when setting up a repository: • ReFS/XFS: With Windows 2019/2022, ensure you format your repository drive(s) as ReFS with 64k block sizing to take advantage of space savings for synthetic full and GFS. For Linux, you need to set up XFS and Reflink to take advantage of space-saving and Fast Cloning. In both of these situations, storage efficiency will be realized for synthetic full backups. This efficiency prevents duplication but is not deduplication. • Sizing: Ensure that you adhere to the Veeam Backup & Replication recommendation of 1 core and 4 GB of RAM per repository task. Just like proxy servers, your repository servers have task limits as well. At a minimum, you need two cores and 8 GB of RAM. When you calculate the sizing requirements, you need to take into account your proxy servers and the amount of CPU that's been configured; you then need to use a 3:1 ratio for the core count on a repository server. Example: Your proxy server gets configured with 8 CPUs; you need to configure the repository server with 2 CPUs based on this rule of 3:1. To configure the RAM, you must multiply the CPU count by four to end up with 8 GB of RAM. When you use the Windows ReFS filesystem as your repository, you also need to consider the overhead that's required for the filesystem and add another 0.5 GB of RAM per terabyte of ReFS. Setting up your task limits for a repository server is different than a proxy server due to the way tasks are consumed. The setting you have chosen will be handled differently: • Per-VM Backup Files: When selected, this creates a backup chain per VM located in a job. Therefore, if the backup job has 10 virtual machines, it will consume 10 repository tasks and 10 proxy tasks. • No Per-VM Selection: The backup job consumes one repository task, and the proxy task will remain the same with one task per virtual disk.

20

Installing and Upgrading Veeam Note To find out more about task limits, go to https://helpcenter.

veeam.com/docs/backup/vsphere/limiting_tasks. html?ver=110.

When you're setting up a repository for the first time, you can set the task limit:

Figure 1.15 – Repository task limit

Important Note When you limit the number of tasks per repository and have jobs with many virtual machines requiring backups, this will be one of the bottlenecks in your environment. You also need to ensure that you do not set the limit too high as that could overwhelm your storage, causing performance degradation. Make sure that you test all your components and the resources that are available for your backup infrastructure.

After completing this section, you should be able to choose which type of filesystem you wish to use for your repository and size it correctly based on your CPU and RAM. We also discussed the per-VM versus no per-VM methods. Now, we will use this knowledge to tie this into creating a scale-out backup repository.

Understanding the scale-out backup repository

Understanding the scale-out backup repository So, what is a scale-out backup repository, or SOBR, you ask? A SOBR uses multiple backup repositories, called performance extents, to create a sizeable horizontal scaling repository system. Veeam Backup & Replication can use multiple repositories of various types, such as the following: • Windows Backup Repositories: NTFS or the recommended ReFS • Linux Backup Repositories: XFS with Reflink • Shared Folder: NFS, SMB, or CIFS • Deduplication storage appliances SOBR can expand with on-premises storage such as block storage or even a cloud-based object repository known as a capacity extent. Veeam Backup & Replication combines the performance extents, capacity extents, and archive extents into one to summarize their capacities:

Figure 1.16 – Scale-out backup repository

21

22

Installing and Upgrading Veeam

The ability to use a SOBR is dependent on the license version that you are using with Veeam Backup & Replication: • Enterprise: Allows for a total of two SOBRs with three extents. • Enterprise Plus: Provides an unlimited number of SOBRs with as many performance extents as needed, but only one capacity tier per SOBR. Tip Should you happen to downgrade your licensing from Enterprise Plus or Enterprise to Standard, you will lose the ability to target your jobs to the SOBR. You can, however, restore data from the SOBR.

The different license types limit you in the number of SOBRs and extents per SOBR you can configure. As we noted previously, there is a limit of two for Enterprise and an unlimited number for Enterprise Plus. Tip For the best performance and manageability, it is best to keep your SOBR limited to three to four extents if possible. If you are using object storage, then one of the components of the SOBR will be the capacity tier.

The scale-out repository works with many types of jobs or tasks in Veeam Backup & Replication: • Backup jobs • Backup copy jobs • VeeamZIP jobs • Agent backups – Linux or Windows agent v2.0 or later • NAS backup jobs • Nutanix AHV backup jobs • Veeam Agent for MAC • Veeam backups for Amazon and Microsoft Azure (via backup copy jobs)

Understanding the scale-out backup repository

23

The next thing to keep in mind is the limitations of using a SOBR as there are certain things you cannot do: • Only Enterprise & Enterprise Plus License. • You cannot use it as a target for configuration backup jobs, replications jobs, VM copy jobs, Veeam Agents v1.5 or earlier for Windows, or v1.0 Update1 or earlier for Linux. • Adding a repository as an extent to a SOBR will not be allowed if there is an unsupported job using the repository. • Rotating drives are not supported. • You are unable to use the same extent in two scale-out repositories. Please refer to the following limitations page on the Veeam Backup & Replication website for more details: https://helpcenter.veeam.com/docs/backup/vsphere/ limitations-for-sobr.html?ver=110. When it comes to the makeup of the scale-out repository, there are three tiers: • Performance tier: Fast storage and fastest access to data • Capacity tier: Typically, this is object storage for archival and offloading capabilities • Archive tier: Additional object storage for long-term archival and infrequently accessed You will want to ensure the performance tier is the fastest storage so that when access to files and restores is required, it is the quickest. When you create a standard repository before adding it to a SOBR, there are specific settings retained in the SOBR: • The number of simultaneous tasks it can perform • The storage read and write speeds • Data decompression settings on the storage • The block alignment settings of the storage The SOBR will not inherit a repository backed by rotating drives or if you chose to use the per-VM backup option; this is on by default in a SOBR.

24

Installing and Upgrading Veeam

Something else to think about is the backup file placement policy that you will use. There are pros and cons to both and specific operating systems, such as ReFS and XFS, that require one over the other. The two types of placement policies are as follows: • Data locality • Performance Please refer to the Performance Tier page on the Veeam Backup & Replication website for more information: https://helpcenter.veeam.com/docs/backup/vsphere/ backup_repository_sobr_extents.html?ver=110. Data locality allows the scale-out to place all backup files in the chain to the same extent within the SOBR, keeping files together. The metadata file (VBM) is located on all the extents in the SOBR for consistency and if files need to move extents. In contrast, the Performance policy will enable you to choose which extents to use for both full backup files (VBK) and incremental files (VIB). For further information on backup placement, see this page on the Veeam Backup & Replication website: https://helpcenter.veeam.com/docs/backup/ vsphere/backup_repository_sobr_placement.html?ver=110. Now, when it comes to the capacity tier, there can only be one per scale-out, and it is required to be one of the following:

Figure 1.17 – Object Storage options for capacity extent

Understanding the scale-out backup repository

25

Using a capacity tier as part of your SOBR is suitable for the following reasons: • You can tier off older data or when your SOBR reaches a specific percentage capacity to allow you to free up storage space. • Company policy stipulates you keep a certain amount of data onsite, then all older data after X days is tiered off to the capacity tier. • Using it falls into the 3-2-1-1-0 rule, where one copy of the information is offsite. See this blog post for more details on the 3-2-1-1-0 rule: https://www.veeam. com/blog/3-2-1-rule-for-ransomware-protection.html. You specify the capacity tier after creating it as a standard repository and during the SOBR wizard:

Figure 1.18 – Capacity tier of the scale-out wizard

Please visit the Capacity Tier page on the Veeam Backup & Replication website for more information: https://helpcenter.veeam.com/docs/backup/vsphere/ capacity_tier.html?ver=110.

26

Installing and Upgrading Veeam

We are now going to tie everything we've learned together and create a SOBR. First, you need to open the Veeam Backup & Replication console and select the BACKUP INFRASTRUCTURE section at the bottom left. Then, click on the Scale-out Repositories option on the left:

Figure 1.19 – The Scale-out Repositories section of the console

Once you are in this section, you can either click the Add Scale-out Repository button in the toolbar or, on the right-hand pane, you can right-click and select Add Scale-out backup repository….

Understanding the scale-out backup repository

27

At this point, you must name the scale-out and give it a thoughtful description; the default name is Scale-out Backup Repository 1. Then, click Next to go to the Performance Tier section of the wizard:

Figure 1.20 – Scale-out wizard – Performance Tier

In this section, click the Add… button and choose the standard repositories that will be part of your scale-out. You can also click on the Advanced button to choose two options: • Use per-VM backup files (recommended) • Perform a full backup when the required extent is offline Click the Next button to proceed. At this point, you must pick your placement policy, which will be Data Locality or Performance. As we mentioned previously, if you're using ReFS or XFS, you must select Data Locality to take advantage of the storage savings each operating system provides. Click Next after making your choice.

28

Installing and Upgrading Veeam

You can now choose to use Capacity Tier for your SOBR or just click the Apply button to finish. Note that when you select a capacity tier, there are several options you can enable: • Copy backups to object storage as soon as they get created in the performance tier. • Move backups to object storage as they age out of the restore window. The default is 14 days. You can also click on the Override button to specify offloading until space is below a certain percentage. • You can also encrypt your data upload to the object storage as another level of security:

Figure 1.21 – Capacity tier selection for scale-out

Note that some capacity tier targets support immutability. This feature is an essential attribute in the war on ransomware. In v11a, capacity tier targets that support immutability include AWS S3 with object lock and S3-compatible object storage systems. Please see the Veeam Readiness program to determine whether your object storage is supported here: https://www.veeam.com/alliance-partner-technicalprograms.html?programCategory=objectImmutable.

Understanding the scale-out backup repository

29

Once complete, you will see your new scale-out repository. When you select it, you will see the performance tier extents and the capacity tier if you chose it:

Figure 1.22 – Scale-out repository created

If you want further information on the SOBR, visit this page on the Veeam Backup & Replication website: https://helpcenter.veeam.com/docs/backup/ vsphere/sobr_add.html?ver=110. The final thing to discuss is how to manage the SOBR after creating it. Once created, you may need to do any of the following: • Edit its settings to change the performance policy, for example. • You may need to rescan the repository to update the configuration in the database. • Extend the performance tier by adding another extent to the SOBR. • Put an extent in maintenance mode to either perform maintenance on the server that holds it or evacuate the backups to remove the extent. • Switch an extent into what is called Sealed Mode, where you do not want any more writes to it but you can still restore from it. This allows you to replace the extent with a new one. • Run a report on the SOBR. • Remove an extent from the SOBR, which requires maintenance mode, evacuate, and then remove. • Remove the SOBR altogether. Once it's been set up within Veeam Backup & Replication, the SOBR is pretty selfsufficient. Still, there is maintenance that you need to do to ensure optimal performance, and plenty of storage is available for backups. For more information on SOBR management, please visit the following page on the Veeam Backup & Replication website: https://helpcenter.veeam.com/docs/backup/ vsphere/managing_sobr_data.html?ver=100.

30

Installing and Upgrading Veeam

Upgrading Veeam Backup & Replication to v11a In this section, we will discuss the process that's required to upgrade your existing Veeam Backup & Replication environment to v11a. If you have Veeam Backup & Replication v10 installed, you can proceed with the following steps to conduct the upgrade. Important Note If you have Veeam Enterprise Manager installed on your server, you will get prompted to upgrade this first before upgrading Veeam Backup & Replication.

Once your server is ready and you have downloaded the ISO file and mounted it, follow these steps to upgrade your server and components: 1. Run the setup.exe file on the mounted ISO drive:

Figure 1.23 – Main installation screen – Upgrade

Upgrading Veeam Backup & Replication to v11a

31

2. Click on the Upgrade button under the Veeam Backup & Replication 11a section on the left or the Upgrade link on the right-hand side under Standalone components. 3. You will be prompted to install the Microsoft Visual C++ runtime. Click OK to proceed. Once it's been installed, you may be prompted to reboot your server, so click YES to proceed:

Figure 1.24 – Installing Microsoft Visual C++

The preceding screenshot shows the Visual C++ Redistributable installation request. The following screenshot shows the Reboot option once Visual C++ Redistributable has been installed:

Figure 1.25 – Reboot prompt after installing Microsoft Visual C++

Note You may need to mount the ISO again after rebooting the server before proceeding.

4. At this point, you will see the License Agreement window, so you need to select the two checkboxes to place a checkmark and then click Next to continue.

32

Installing and Upgrading Veeam

5. You will be shown which components are installed and will be upgraded during the process. Click Next to continue:

Figure 1.26 – Components to upgrade

6. You will now need to provide a valid license file, whether it's been purchased or a trial; if you do not have one at this stage of the installation, you can click Next to continue, and Veeam will operate in the Community (Free) Edition. The upgrade should already show that the v10 license has been updated to v11a; otherwise, when you obtain the license file, you can install that within the application under the menu and license:

Figure 1.27 – The Provide License window

Upgrading Veeam Backup & Replication to v11a

The following screenshot shows the Veeam Installer creating the v11a license from the existing license within your Veeam Backup and Replication software:

Figure 1.28 – License file during the upgrade process created

7. After clicking Next, the installer will then do a system check for any prerequisites. Should something be missing, you will be prompted and have the option to install the missing components:

Figure 1.29 – System Configuration Check – missing components

8. Click the Install button to install the missing components.

33

34

Installing and Upgrading Veeam

9. Once all the components have passed, you can click Next to move to the next screen. The dialog box on the next page is where you specify your Veeam service account, which will be used during the installation. Here, select the The following user account: option:

Figure 1.30 – Service account for Veeam services

The account must have the following properties: • Local administrator rights on the Veeam server. • If you are using a separate SQL Server and not the Express edition that comes with the installation, you will need permission to update the database. • You will need full NTFS permissions for the folder that will contain the catalog. For all the detailed permissions, please visit https://helpcenter.veeam.com/docs/backup/vsphere/required_ permissions.html?ver=110.

Upgrading Veeam Backup & Replication to v11a

35

For this setup, I am using an account that I created on my lab server. In contrast, in a production scenario, you would already have a service account set up in Active Directory to enter at this step. 1. The next screen selects the SQL installation you are already using. In a lab, a scenario using SQL Express is good enough. The VeeamBackup database will also be upgraded as that will be used from the v10 installation. If you are in an enterprise environment, the recommended best practice is to use an external SQL Server for the best performance. Also, take note that you can use Windows authentication or SQL Server authentication:

Figure 1.31 – SQL Server instance for Veeam

2. After selecting the appropriate options, click Next once more. 3. Upon clicking Next, you will be reminded that the VeeamBackup databases will get upgraded. Click Yes to proceed. 4. You will then be at the final screen, called Ready to Install, where you can turn on Update remote components automatically, which is highly recommended.

36

Installing and Upgrading Veeam

The installer is now ready to complete by stopping the services, upgrading the application, and processing the database upgrades. Veeam will also set the user account you selected to start all the services:

Figure 1.32 – Ready to Install – Update remote components automatically

5. After reviewing the setup, click Install to proceed with the upgrade. Note The installation process for the upgrade can take some time to complete, depending on the size of your SQL database. Please be patient as it will tell you once it's finished.

6. Once the installation has been completed, you will be presented with the Installation succeeded dialog. Click Finish to close the upgrade window:

Upgrading Veeam Backup & Replication to v11a

Figure 1.33 – Installation succeeded window

7. You may be prompted to restart your server for the configuration changes to take effect. Click Yes if you're prompted and allow your system to restart. 8. Once your system has rebooted, launch the Veeam Backup & Replication console using the respective icon on your desktop. Click on the Connect button, and the application will open. All the components will have been upgraded based on the checkbox shown in Figure 1.32:

Figure 1.34 – Veeam Backup & Replication console login screen

37

38

Installing and Upgrading Veeam Note Had Update remote components automatically not been selected, you would have been prompted with a dialog that has all the components selected, and you would need to click Apply to proceed.

The upgrade process is now complete, and all of your jobs should continue to run as scheduled.

Summary This chapter has provided you with the tools required to install Veeam Backup & Replication v11a and the components that make up the installation. We discussed the prerequisites, including the versions of SQL Server that you can use – Express or SQL Standard/Enterprise. Then, we addressed how to set up proxy servers, configuration best practices, and optimal settings. This part was then followed by a discussion on repositories, how to create them, and included best practices and optimizations for best performance. After, we looked at scale-out backup repositories and how to set them up, which included the performance tier, the capacity tier, and managing them once they've been set up. Lastly, we looked at the upgrade process for Veeam Backup & Replication to update an existing instance from version 10 to 11a. This chapter should have helped ensure that you have all the basics covered. This will help in the next chapter, where we will look at the 3-2-1-1-0 rule and keeping data safe.

2

The 3-2-1-1-0 Rule – Keeping Data Safe When protecting your data, you must have more than one copy to ensure data safety. In this chapter, we will cover the 3-2-1-1-0 rule and what it means. You will learn how to take this information and set up your backups based on this rule. You will also learn about the different media types, such as Replication, Snapshots, and even Capacity Tier Copy Mode (Part of SOBR). If you adhere to the 3-2-1-1-0 rule, it ensures your data is safe, and at least one copy is offsite: • 3 Copies: Keep three copies of your data, one being the primary and two secondary copies. • 2 Media Types: Store your backups on at least two different types of media. • 1 Offsite: Ensure that at least one copy of your data is kept offsite. • 1 Offline Air-Gapped or Immutable: Ensure that one copy of your data is offline or has immutability. • 0 Errors after Testing: Ensure that automated backup testing shows zero errors.

40

The 3-2-1-1-0 Rule – Keeping Data Safe

In this chapter, we're going to cover the following main topics: • Guest perspective from Rick Vanover of Veeam • Introducing what the 3-2-1-1-0 rule is • Understanding how the 3-2-1-1-0 rule applies to your backup strategy when setting up jobs • Exploring what media is best suited for use with the 3-2-1-1-0 rule

Technical requirements One of the main requirements will be to have Veeam Backup & Replication set up to go through some of the examples given in the following sections. If you have followed Chapter 1, Installing and Upgrading Veeam, then you have all the prerequisites.

Guest perspective from Rick Vanover of Veeam The 3-2-1-1-0 rule is an excellent mindset for backup data management. The beauty of this rule is that it doesn't require any specific type of hardware, yet it can address nearly any kind of failure scenario, including ransomware, hardware failure, network/power/ site loss, and accidental deletion. Keep the 3-2-1-1-0 rule in play as a minimum viable configuration for how many copies of data Veeam can manage. The recommendation is to have at least one copy of data that is either offline or air-gapped for the highest resiliency levels. When implementing the 3-2-1-1-0 rule with Veeam, there is flexibility everywhere. It doesn't necessarily mean more backup jobs or data transfers are needed. Backup copy jobs, replica jobs, storage snapshots, SOBR copy mode, and more are all ways to achieve the 3-2-1-1-0 rule.

Introducing what the 3-2-1-1-0 rule is The 3-2-1-1-0 rule for backup is a reliable methodology to protect your data against a variety of things, such as the following: • Ransomware: Deleting or infecting backup files • Corrupted media: Unable to read or restore from • Datacenter loss: When one copy is sent offsite elsewhere

Introducing what the 3-2-1-1-0 rule is

41

For you to protect your data, it is best practice to adhere to the 3-2-1-1-0 principles: • 3: The number of copies of data that you should have for all backup jobs • 2: The number of media types that you should use for your backups • 1: The number of copies of data going offsite to a secured location • 1: The number of copies offline air-gapped or having immutability • 0: Zero errors after automated media testing to ensure recoverability Figure 2.1 explains the 3-2-2-1-0 rule:

Figure 2.1 – 3-2-1-1-0 rule explained

Figure 2.2 in the next section shows how you configure Grandfather-Father-Son (GFS) retention to meet the rule.

Importance of the 3-2-1-1-0 rule The 3-2-1 backup strategy has been around for decades and was recently updated to 3-2-1-1-0, but the principle remains. This backup strategy is recognized as best practice by Veeam and other information security professionals and government authorities. While this strategy does not mean that data is never compromised, it does eliminate many risks as it ensures there is no single point of failure for your data. It covers you should one copy become corrupted or one of the many technologies you use fails. It can also cover you for theft when, say, ransomware wipes out your data.

42

The 3-2-1-1-0 Rule – Keeping Data Safe

One of the best things about setting up your backups for the 3-2-1-1-0 rule is the many resources online, one of them being the Veeam blog: • How to follow the 3-2-1 backup Rule with Veeam Backup & Replication: https:// www.veeam.com/blog/321-backup-rule.html • How Veeam and 3-2-1 Rule Help You Fight Ransomware: https://www.veeam. com/blog/3-2-1-rule-for-ransomware-protection.html We have now covered what the 3-2-1-1-0 rule is and how it plays into your backup strategy. Next, we will look at how you apply it to your backup jobs.

Understanding how the 3-2-1-1-0 rule applies to your backup strategy when setting up jobs So, you might at this point be wondering how to go about applying the 3-2-1-1-0 backup rule and what sort of media you should consider. There are plenty of media types that you can use to fit the model for 3-2-1-1-0 and also take into account setting up retention with GFS, which breaks down like this: • Grandfather: Backups are kept for a year. • Father: Backups are kept for a month. • Son: Backups are kept for a week. You can set this up in the following manner:

Table 2.1 – GFS backup example for a month

When you are setting up your backup jobs within Veeam Backup & Replication, you will have the option to configure the number of days/restore points:

Understanding how the 3-2-1-1-0 rule applies to your backup strategy when setting up jobs

Figure 2.2 – Backup job – restore points or days

It is also within this configuration window that you set up your GFS retention policy, which works with the 3-2-1-1-0 rule when used in conjunction with the Configure secondary backup destinations for this job option:

Figure 2.3 – GFS and secondary backup

43

44

The 3-2-1-1-0 Rule – Keeping Data Safe

When you select the GFS retention policy, you need to click the Configure button to tell Veeam Backup & Replication how many backups of each type you want to keep and for how long:

Figure 2.4 – Configure GFS settings

Furthermore, before you can select the option to configure a secondary backup destination, you need to create either a Backup Copy Job or a Backup to Tape Job within Veeam Backup & Replication. This option fits the 3-2-1-1-0 rule, and when combined with another job type that sends data offsite to another form of block/object storage or to tape for taking offsite, you ensure that you have the first 1 of the rule covered: Offsite.

Figure 2.5 – Backup copy job for the secondary copy

Understanding how the 3-2-1-1-0 rule applies to your backup strategy when setting up jobs

45

Another way to ensure you comply with the 3-2-1-1-0 rule would be by using the Capacity Tier of the scale-out backup repository. There is an option within Veeam Backup & Replication version v11a that allows you to copy the backups to the Capacity Tier as soon as they get created on the Performance Tier of your scale-out backup repository. However, note that the move option alone does not meet the 3-2-1-1-0 rule and you are required to have both options selected:

Figure 2.6 – Capacity Tier – immediate copy

When thinking about the 3-2-1-1-0 rule, you should also take into account what you want your Recovery Point Objective (RPO) and Recovery Time Objective (RTO) to be: • RPO: Your backup schedule defines the RPO. For instance, if you run a backup once a day, you are saying that you can lose up to one day of data when it comes to restoring, as the backup you select would consist of data from one day prior; depending on your failure, you have a recovery point to one day ago. • RTO: The RTO is the amount of time it will take to restore your application and data to a running state. It is basically how long your business can be down without data. Is it 2 hours? 24 hours? Three days? A week? Every business case will be different, so ensure you evaluate this with the client or tenant before setting things up.

46

The 3-2-1-1-0 Rule – Keeping Data Safe

Regardless of the RTO and RPO settings, Veeam recommends having thorough conversations with stakeholders to ensure that the configuration of your backup implementation is in line with their expectations. Otherwise, there is potentially a gap between what gets implemented and what the expectations are. This discussion can also be an excellent catalyst for funding IT projects if investments in storage, networking, or software are needed to bridge the gap. We have now learned to apply the 3-2-1-1-0 rule when creating jobs by setting up specific jobs and options. We will look at the media that can be used with the 3-2-1-1-0 rule to meet all requirements.

Exploring what media is best suited for use with the 3-2-1-1-0 rule When implementing the 3-2-1-1-0 rule for backups, you want to follow the best practice to ensure you use at least two different media types. There are many media types out there that are suitable for use within Veeam Backup & Replication: • Disk Media: ‚ SAN ‚ Storage snapshots (primary storage) ‚ NFS NAS devices ‚ SMB NAS devices ‚ USB ‚ Rotating/removable media such as RDX drives ‚ A general-purpose disk that is directly attached storage ‚ Replication jobs to primary storage for VMs (VMware vSphere and Microsoft Hyper-V) • Tape Media: ‚ LTO ‚ WORM LTO ‚ Virtual Tape Library (VTL)

Exploring what media is best suited for use with the 3-2-1-1-0 rule

47

• Deduplication Appliances: ‚ Dell Data Domain ‚ HPE StoreOnce ‚ ExaGrid ‚ Quantum DXi ‚ Filesystems with deduplication technology (Windows Deduplication) • BaaS/DRaaS: ‚ Backup as a Service ‚ Disaster Recovery as a Service • Cloud: ‚ Azure blob ‚ AWS S3 ‚ S3-Compatible ‚ IBM Cloud Object Storage ‚ Google Cloud Object Storage Depending on how you want to set up the 3-2-1-1-0 rule and your company requirements, you will choose media that best suits your scenario. We will look into the different permutations of backups with various media that meet the 3-2-1-1-0 rule as there are pros and cons to each, and we'll see some practical advice for each.

Scenario 1 The following scenario covers one of the many ways to configure your backups to meet the 3-2-1-1-0 rule: 1. Primary backup to disk – backup to a NAS or SAN with fast storage 2. Secondary copy to another form of a disk – backup copy to a deduplication appliance or lower-tier storage 3. Backup to tape – LTO tape backup

48

The 3-2-1-1-0 Rule – Keeping Data Safe

This permutation is one of the more typical scenarios you will see in the backup industry, and it does meet the 3-2-1-1-0 rule and uses two forms of disk media, such as Storage Area Network (SAN) and Network Attached Storage (NAS). The following screenshot shows how to set up your backups to go to your primary storage system:

Figure 2.7 – Backup to disk job

The next screenshot shows a Backup Copy job going to secondary disk storage:

Exploring what media is best suited for use with the 3-2-1-1-0 rule

49

Figure 2.8 – Backup Copy job to a secondary disk

After configuring your Backup Copy job in Figure 2.8, you configure the tape backup job, as noted in the following screenshot:

Figure 2.9 – Full backup to tape job

50

The 3-2-1-1-0 Rule – Keeping Data Safe

The following are the pros of the Scenario 1 configuration: • You meet the three backups requirement using two forms of disk media as well as tape. • These meet the two forms of media requirement by using both disk and tape. • The tape or the second disk could be the offsite copy. • The tape backup is considered air-gapped media, which can prevent ransomware from infecting your data. The following are the cons of the Scenario 1 configuration: • You are using two forms of media that could be susceptible to corruption. • Tape media, if used for the offsite copy, does take time to retrieve as you typically send it to a secure facility. Tip When using this method for backup to meet the 3-2-1-1-0 rule, ensure that your first disk backup is on fast storage but only kept for a minimal amount of time. The backup copy to the secondary disk and tape media can be retained for longer. When you use tape, ensure that it is stored in a secure location and that you test restores frequently. Tape media can last up to 30 years, but it is all dependent on where and how it is stored.

Scenario 1 covered one of the more common configurations for backup. Now let's take a look at a second scenario.

Scenario 2 The following scenario covers a second way to configure your backups to meet the 3-2-1-1-0 rule: 1. Primary backup to disk – backup to a NAS or SAN with fast storage 2. Storage snapshot for secondary – integration with a storage system for taking snapshots for backup 3. Backup to tape – LTO tape backup

Exploring what media is best suited for use with the 3-2-1-1-0 rule

51

With this permutation, you use a different type of media with storage snapshots. This is one of the more recent technologies that has come out in the past 10 or so years. As shown in the next figure, you configure the storage snapshots in the job configuration under Advanced Settings:

Figure 2.10 – Backup from storage snapshots integration

The following are the pros of the Scenario 2 configuration: • Veeam Backup & Replication v11a has storage snapshot integration that can take backups directly from the snapshot, not affecting your production volumes or servers – an example of this would be with NetApp storage. • Veeam Explorer for Storage Snapshots for recovery by browsing the snapshots taken for the storage system integration. • Both disk and storage snapshots are on typically much faster media. • Restoring from both disk and storage snapshots is quick. • Storage snapshots are easy to clone to a volume for testing a VM restore without affecting production. • The tape would be the offsite copy. • Tape backup is considered air-gapped media, which can prevent ransomware from infecting your data.

52

The 3-2-1-1-0 Rule – Keeping Data Safe

The following are the cons of the Scenario 2 configuration: • Not all storage supports storage snapshots, so you need to purchase more expensive storage arrays. • Tape media, if used for offsite storage, takes time to retrieve as you typically send it to a secure facility. Tip Using this method for backup to meet the 3-2-1-1-0 rule for both disk and storage snapshots will typically be high-speed, so your RTO will be very low and possibly your RPO too. The storage snapshot integration is a great way to ensure that the impact on your environment will be minimal. Please visit the following website for more information on the storage that integrates with Veeam Backup & Replication as well as vendors:

https://www.veeam.com/storage-integrations.html

Scenario 2 showed us the storage snapshot integration to meet the 3-2-1-1-0 rule. We will now take a look at a third scenario using Veeam Cloud Connect as one of the configurations.

Scenario 3 The following scenario is a third way to configure your backup jobs to meet the 3-2-11-0 rule using the Veeam Cloud Connect technology for Disaster Recovery as a Service (DRaaS:. 1. Primary backup to disk – backup to a NAS or SAN with fast storage 2. DRaaS – VM replication to the service provider – subscription to Veeam Cloud Connect to allow you to store backups at the service provider 3. Backup to tape – LTO tape backup While two of these backups are similar, using a service provider for a DRaaS is a whole new way to back up your data and servers using replication. Server or VM replication is a more recent technology that sends a copy of your server to the service provider, which sits dormant until you declare a disaster. At this point, they can be powered on and accessed. The following illustration shows how to configure replication to be used in your backups to Veeam Cloud Connect:

Exploring what media is best suited for use with the 3-2-1-1-0 rule

53

Figure 2.11 – Replication job to the service provider

The following are the pros of the Scenario 3 configuration: • VM Replication to a service provider ensures data resiliency as well as offsite backup. • Datacenter loss will not be an issue as you can power on your servers at the service provider. • With VM replication, you can conduct test failovers to ensure your data is accessible and servers work from the service provider level. • You can orchestrate failover testing using another product by Veeam called Veeam Disaster Recovery Orchestrator. Note More information is available here: https://www.veeam.com/ disaster-recovery-orchestrator.html.

54

The 3-2-1-1-0 Rule – Keeping Data Safe

• Backup to disk is always fast and reliable if the RAID level is set up correctly and based on best practices. • Tape backup is excellent for air-gapped backup and offsite storage. The following are the cons of the Scenario 3 configuration: • The service provider could have an outage that causes data loss, in which case you'll need to reseed it again from your onsite backup. • The connection to the service provider could go down for various reasons, so your offsite replication would need to be paused. • Disk failure (depending on the setup) could cause data corruption or loss. • Tapes can wear out depending on how they are stored and other factors. • Retrieval of tapes takes time, and so does data restoration. Tip If you are looking for a second offsite option other than disk or tape, using a managed service provider with DRaaS is a great alternative. Being able to replicate your entire servers and data over and then having the option to test failovers and using it live allows you to ensure your data is safe. Also, service providers tend to have redundancy built into their solutions, ensuring that your information is secure.

Now that we have covered Veeam Cloud Connect in Scenario 3, we will take a look at Scenario 4, which introduces many of the newest technologies in Veeam Backup and Replication.

Scenario 4 The following scenario shows how to meet the 3-2-1-1-0 rule using SOBR, Capacity Tier – Copy Mode, and Veeam Cloud Connect all in one: 1. Primary backup to disk: Scale-out backup repository 2. Capacity Tier: Copy mode 3. Service provider: Veeam Cloud Connect

Exploring what media is best suited for use with the 3-2-1-1-0 rule

These three methods for the 3-2-1-1-0 rule use some of the more advanced features of Veeam Backup & Replication. The first backup option you have is the scale-out backup repository as your disk-based backup, consisting of extents (storage) with the number of SOBRs and extents dependent on your license. You then have Capacity Tier within the scale-out backup repository with copy mode, which copies backups directly to object storage when backup jobs complete on the Performance Tier. Veeam Cloud Connect allows you to create a backup job, a backup copy job, or a replication job depending on the services you get, which allows for different types of recovery jobs, and thus there is another way of sending your data offsite. Figure 2.12 shows how to create a backup job using a scale-out backup repository:

Figure 2.12 – Backup to disk – scale-out repository

55

56

The 3-2-1-1-0 Rule – Keeping Data Safe

The following screenshot shows the Capacity Tier of the scale-out backup repository using copy mode:

Figure 2.13 – Capacity Tier – copy mode turned on

The Capacity Tier allows you to use object storage such as Cloudian, as noted in Figure 2.13. Configuring a service provider, as shown in the next screenshot, will enable you to use Veeam Cloud Connect for your backups:

Figure 2.14 – Service provider for Veeam Cloud Connect backup

Exploring what media is best suited for use with the 3-2-1-1-0 rule

57

The following are the pros of the Scenario 4 configuration: • The scale-out repository offers resilience as you set up the Performance Tier or extents (storage attached to Windows or Linux servers) and can have more than one extent, allowing disk space balancing and redundancy should one extent fail. • Scale-out repositories can also grow as required and run on either Windows or Linux. Tip The mixing of operating systems is allowed, as noted in the Veeam Backup & Replication documentation. Still, best practice says that you should not mix them as you can run into problems. The same goes for installing multiple backup products on the same system or sharing the backup system with other production applications. As much separation as possible gives you the best experience with the Veeam infrastructure.

• The Capacity Tier for the scale-out is a great offsite option using copy mode as it will send your backups as soon as they are completed on the Performance Tier. • Depending on the vendor you use for object storage within the Capacity Tier, you can also have object lock to prevent ransomware and make your data immutable. • Immutable backups can also protect against accidental deletion or malicious administration in the Veeam Backup & Replication console. • Using a service provider that offers Veeam Cloud Connect allows you to have offsite data using a variety of methods. • Also, using a service provider, you tend to get redundant data protection with their systems. • Many service providers also provide Veeam Cloud Connect with Insider Protection, which prevents the deletion of backups through accidental deletion, malicious administrators, or ransomware. While Insider Protection provides an excellent recoverability scenario, do not count it as a copy in the 3-2-1-1-0 model.

58

The 3-2-1-1-0 Rule – Keeping Data Safe

The following are the cons of the Scenario 4 configuration: • If the backup to a scale-out repository is not set up correctly, you will not get the best performance. • If any of your backup chains or data gets corrupted going to the disk-based backup in the scale-out repository, then it will also move to the Capacity Tier in the same state. • If the service provider has an outage or hardware failure, that could cause data corruption and make it unusable. • If you or the service provider have internet outages, then data backup will need to be paused, and your RPO or SLA window may lapse. Important Note All of the technologies mentioned here use many of the more advanced features of Veeam Backup & Replication. Scale-out repositories offer scaling, resilience, and performance. Using these with your local backup is a great value proposition. On top of this, if you combine the scale-out repository with the Capacity Tier, you have a one-two punch for backing up your data locally and offsite. When choosing a vendor, be sure to look into those that offer object lock and immutability. Service providers provide many reasonable plans for data backup using DRaaS, so using one allows two or more copies of your data to be offsite, which is always a good thing.

Now that you have seen Scenario 4, we will take a look at one final scenario that introduces backup to tape in the mix to meet the 3-2-1-1-0 rule.

Scenario 5 This final scenario will cover topics already discussed for other scenarios, but introduces backup to tape as one method of meeting the 3-2-1-1-0 rule: 1. Primary backup to disk 2. Service provider – Veeam Cloud Connect 3. Backup to tape This permutation is another one of the more typical scenarios you will see in the backup industry, and it does meet the 3-2-1-1-0 rule using disk, tape, and a service provider. Both the tape and the service provider are considered offsite backups.

Exploring what media is best suited for use with the 3-2-1-1-0 rule

59

The following screenshot shows a backup job configured for a service provider repository as noted by Backup repository: Cloud repository 1:

Figure 2.15 – Service provider backup job to a cloud repository

The following are the pros of the Scenario 5 configuration: • You meet the backup requirements using three forms: disk, tape, and service provider. • You will ensure data resiliency by having three forms of backup. • You can use both the tape and service provider storage for your offsite copy. • Tape backup is considered air-gapped media, which can prevent ransomware from infecting your data. In this case, the service provider would conduct a tenant to tape job after the data is sent from the tenant site. • Using a service provider is one of the best ways to ensure your information is offsite and safe.

60

The 3-2-1-1-0 Rule – Keeping Data Safe

The following are the cons of the Scenario 5 configuration: • The service provider could have an outage that causes data loss, in which case you'd need to reseed it again from your onsite backup. • The connection to the service provider could go down for various reasons, so your offsite replication would need to be paused. • Disk failure (depending on the setup) could cause data corruption or loss. • Tapes can wear out depending on how they are stored and other factors. • Retrieval of tapes takes time, and so does data restoration. • The service provider would now be the man in the middle for the tape restoration process, which would add time to the restoration process. Important Note While using these three forms of media meets the 3-2-1-1-0 rule, the other scenarios are more resilient and offer even more data protection. When using disk-based backup, always ensure you use fast media for quick backups and restores. Always be sure you send tapes offsite or store them in a secure location if you keep them onsite. You will still want to test tapes to ensure you can restore them and meet your RPO. Also, when using a service provider for either the backup copy or replication, be sure to test restores often. Data rarely gets corrupted or deleted, but just in case.

While all these scenarios touch on the 3-2-1-1-0 rule, many of them only cover up to 3-2-1-1. So, what about the zero in the rule, and how do you ensure you are meeting that? Within Veeam Backup & Replication v11a there is SureBackup, which can be used to test and verify your backups to ensure there are no errors and that your media is accessible. As you can see, there are multiple ways to set up your backup infrastructure to meet the 3-2-1-1-0 rule. There are also many types of media that you can use, and the different combination scenarios we looked at demonstrate that.

Summary

61

Summary This chapter has reviewed the importance of keeping your data safe by following the 3-2-1-1-0 rule for backups. We looked at what the 3-2-1-1-0 rule is and what it means when it comes to setting up your backups. Also covered was how this rule protects you from ransomware, corrupted data, and possible datacenter loss. We added the Grandfather-Father-Son (GFS) rule for backups to show how you can retain your data to meet your Service Level Agreement (SLA), Recovery Point Objective (RPO), and Recovery Time Objective (RTO). You also saw a discussion of the different types of media you can use and various scenarios for backups. Both Chapter 1, Installing and Upgrading Veeam, and Chapter 2, The 3-2-1-1-0 Rule – Keeping Data Safe, covered Veeam Backup & Replication basics for installation, including best practices and optimization and the 3-2-1-1-0 rule for data resiliency. The next chapter – Chapter 3, CDP – Continuous Data Protection, starts the book's next section on the more advanced and newer features of Veeam Backup & Replication v11a.

Section 2: CDP and Immutability – Hardened Repositories, Backups, and Object Storage This section aims to show and discuss the newest features of Veeam Backup & Replication v11a. You will learn about the Continuous Data Protection (CDP) feature of v11a and its requirements. You will learn about immutability with hardened repositories – those being Linux-based. We will even discuss many new backup features and enhancements and the new, expanded object storage, including Google Cloud and Microsoft Azure. You will have a wealth of knowledge on new features to implement and use in your environments. This section contains the following chapters: • Chapter 3, CDP – Continuous Data Protection • Chapter 4, Immutability – Hardened Repositories • Chapter 5, Backup Enhancements – Jobs, Copy Jobs, Restores, and More • Chapter 6, Expanded Object Storage Support – Capacity and Archive Tiers

3

CDP – Continuous Data Protection Continuous Data Protection (CDP) is a new technology within Veeam Backup & Replication 11 that helps you to protect your mission-critical VMware Virtual Machines (VMs). CDP is beneficial when data loss for several seconds or even several minutes is not acceptable for your applications. Additionally, CDP provides a minimum Recovery Time Objective (RTO) as the VM replicas are in a ready-to-start state. This chapter will discuss what CDP is and the most efficient way to configure it using Veeam Backup & Replication. We will discuss setting up vSphere API for I/O Filtering (VAIO), configuring the source and target CDP proxies, and setting up a CDP policy. We will discuss the components that Veeam Backup & Replication uses for the CDP process. At the end of the chapter, you will have a better understanding of CDP. In this chapter, we're going to cover the following main topics: • Understanding CDP and what it is • Determining the requirements and limitations of CDP • Setting up CDP – the I/O filter • Configuring CDP proxies and settings • Understanding CDP policies for replication

66

CDP – Continuous Data Protection

Technical requirements For this chapter, having Veeam Backup & Replication installed is required along with access to a VMware environment to work with CDP. If you have been following along with the book, Chapter 1, Installing and Upgrading Veeam, covers the installation and optimization of Veeam Backup & Replication, which you can leverage in this chapter. Additionally, you can reference the CDP section of the Veeam website here: https://helpcenter.veeam.com/docs/backup/vsphere/cdp_ replication.html?ver=110

Understanding CDP and what it is With the release of Veeam Backup & Replication version v11a, the ability for users to protect mission-critical workloads at a near-zero RPO (Recovery Point Objective) was also added. CDP can allow users to protect their most critical applications using replication technology, which creates VM replicas. Some examples of critical applications include the following: • Financial systems • Messaging systems • Security monitoring tools • Remote access applications The following diagram outlines the required components and architecture for CDP. I will explain each component and how it plays a role in the overall architecture for CDP to function and fail over your VMs:

Figure 3.1 – The Veeam CDP architecture

Understanding CDP and what it is

67

The components that make up CDP are as follows: 1. Veeam Backup & Replication Server: Veeam CDP Coordinator Service. 2. Source and target hosts with the I/O filter: The VAIO (vSphere API for I/O filtering) drivers that are installed on the ESXi hosts in both the source and target VMware clusters. 3. CDP proxy: This is the data mover that transfers data between the source and target hosts. 4. CDP policy: This defines what VMs to protect, where to store the replicas, and how often short-term and long-term restore points need to be created. Now that we have covered the components that make up CDP, we can look at each element a little further by starting with Veeam CDP Coordinator Service, which is installed on the Veeam Backup server.

The backup server – Veeam CDP Coordinator Service The Veeam Backup & Replication server is the main component of Veeam. It is the server that runs Veeam CDP Coordinator Service. The role of the service is to do the following: • Coordinate replication and data transfer tasks. • Control resource allocation for the CDP policy.

Source and target hosts with the I/O filter Typically, when performing the replication of VMs, there will be both a source cluster (the primary data center) and a target cluster (the disaster recovery data center). In each cluster, there are VMware ESXi host servers where the I/O filter driver gets installed, which uses VAIO. VAIO is a framework that enables third parties (partners) to develop filters that run in ESXi and can intercept any I/O requests from a guest operating system to a virtual disk. Additionally, I/O will not be issued or committed to disk without being processed by I/O filters created by third parties.

68

CDP – Continuous Data Protection

The following diagram depicts an overview of VAIO from a VMware perspective:

Figure 3.2 – VMware – VAIO architecture

Now we have seen the VAIO architecture. In the following diagram, we can view the coordination of all the components from the Veeam perspective:

Figure 3.3 – Overview of Veeam and CDP coordination

Determining the requirements and limitations of CDP

69

CDP proxies A CDP proxy works in a very similar way to the standard backup job proxies within Veeam, acting as the data mover to transfer information between the source and target hosts. Veeam recommends configuring one at the production site (the source proxy) and the recovery site (the target proxy). Both proxies perform the following tasks: • The source proxy prepares data for short-term restore points from data received from the source host and compresses and encrypts the data (if encryption is enabled in the network traffic rules). Then, it sends it to the target proxy. For further information regarding the network traffic rules, please refer to https://helpcenter.veeam. com/docs/backup/vsphere/internet_rule.html. • The target proxy receives the data, decompresses and decrypts it, and then sends it to the target host. Information about the CDP proxy is referenced in the following link: https://helpcenter.veeam.com/docs/backup/vsphere/cdp_proxy. html?ver=110

CDP policies A CDP policy is very similar to a backup job in that it defines which VMs to protect, where to store VM replicas, how often short-term and long-term restore points need to be created, and more. One CDP policy can process one or multiple VMs. As you can see, CDP comprises four components that work together to allow for nearzero RPOs (in seconds). You have the coordination service, the I/O filter driver, the CDP proxies, and the CDP policy. Similar to backup jobs, the CDP proxy works in conjunction with the CDP coordinator and I/O filter. As you can see, the components that make up CDP work together to ensure that the CDP policy gets met when replicating your VMs to the destination cluster. Next, we will take a look at the requirements and limitations of CDP.

Determining the requirements and limitations of CDP When using CDP, there are both requirements and limitations to bear in mind. The following sections include a small list of both requirements and limitations.

70

CDP – Continuous Data Protection

Requirements Some of the requirements of CDP include the following: • CDP is included in the new Veeam Universal License, but you will require Enterprise Plus if you are using the legacy socket-based license. • The VMware vSphere edition must be Standard or higher. Note that the VMware vSphere Essentials Kit editions are not supported. • All hosts in a cluster must be of the same major version – 7.x or 6.x (6.5 or 6.7 – a combination of both is supported). Additionally, clusters managed by the vCenter server must be of the same major version. • The target cluster must support the hardware version of the VMs from the source cluster. • VMs on the same cluster, when protected by CDP, must be by only one backup server and cannot be protected on a second backup server. • The backup server must have at least 16 GB of RAM.

Limitations Some of the limitations of CDP are as follows: • CDP will only work for powered-on VMs, but if the VM has an IDE hard drive, you must power it off for the initial synchronization. • Only one VM can be processed by one CDP policy. • Replicas on the target cluster can only be powered on using the failover operation as manual power-on is disabled. • On the target hosts, VMware vSphere Storage vMotion is not allowed; however, host vMotion is supported. • Any VMs with shared disks, physical RDM, or SCSI bus sharing is not supported. Note Any VM with vRDM (Virtual Raw Device Mapping) disks is supported.

• The maximum supported disks for one VM is 50. The maximum number of disks per ESXi host is 500. The complete list of requirements and limitations can be found here: https://helpcenter.veeam.com/docs/backup/vsphere/cdp_ requirements.html?ver=110

Setting up CDP – the I/O filter

71

As you can see, the list of requirements and limitations is relatively extensive and should be considered when planning out your CDP architecture. We will now explore the I/O filter drivers required on the source and target clusters for CDP to work with VMware.

Setting up CDP – the I/O filter To protect your workloads with CDP, you need to install the I/O filter on the cluster where the VMs reside. As we covered in the Understanding CDP and what it is section, the source host and target host. Important Note Should you have vSphere Lifecycle Management enabled, you need to follow the instructions to install the I/O filter, and then another Veeam KB, located at https://www.veeam.com/kb4096.

In order to install the CDP I/O filter, you need to navigate to the console on the Veeam Backup & Replication server under the Manage Servers tab. Here, you will see your vCenter server:

Figure 3.4 – The Managed Servers tab

72

CDP – Continuous Data Protection

Now, right-click on the vCenter server and select Manage I/O Filters... or use the button in the toolbar:

Figure 3.5 – Manage I/O Filters... – right-click on the toolbar button

A new wizard will open, called I/O Filter Management, as shown in the following screenshot:

Setting up CDP – the I/O filter

Figure 3.6 – The I/O Filter Management wizard

This window is where you pick the cluster to install the I/O filter driver. Select the checkbox next to your cluster and click on the Apply button to proceed:

Figure 3.7 – Selection of the cluster to install the I/O filter

73

74

CDP – Continuous Data Protection

You will be asked to confirm the installation of the I/O filter on the selected cluster after clicking on the Apply button. Click on the Yes button to proceed:

Figure 3.8 – The I/O filter installation confirmation

Setting up CDP – the I/O filter

After clicking on Yes, the installation process starts on your cluster and hosts. Once complete, you will see all green checkmarks. Click on the Next button to proceed:

Figure 3.9 – The completed I/O filter installation on the cluster

75

76

CDP – Continuous Data Protection

This process now completes the I/O filter installation process, as noted in the dialog box. You can click on Finish to exit back to the main console window:

Figure 3.10 – Summary of the I/O filter installation

Important Note Ensure that your Domain Name System (DNS) is functioning correctly. The backup server should resolve the vCenter and ESXi hosts by FQDN and vice versa; otherwise, the installation will not work correctly.

We have now completed the installation for the I/O filter driver in your cluster. Now, let's set up a CDP proxy to be used by the CDP policy when replicating the VMs.

Configuring CDP proxies and settings

77

Configuring CDP proxies and settings The CDP proxy is the component that performs the data movement and transfers data between the source and target hosts. It serves the following tasks: • It receives VM data from the production storage. • It aggregates the changed data. • It prepares data for short-term restore points. • It compresses and deduplicates data. • It encrypts and decrypts data. • It sends data to the storage in the disaster recovery site or another VMware CDP proxy. The following depicts a typical CDP proxy deployment on both a source and target cluster:

Figure 3.11 – A typical CDP proxy configuration

78

CDP – Continuous Data Protection

Veeam also recommends that you design your CDP environment so that the CDP proxy is only used as a source or target proxy, not both. A great example would be having cross-cluster or cross-host replication (from ESXi 1 to ESXi 2 and from ESXi 2 to ESXi 1). In this scenario, you would have four CDP proxy servers as follows:

Figure 3.12 – Cross-cluster or host replication – the CDP proxy configuration

Note If CDP proxies will be deployed on VMs, locating the source proxies on the source host and the target proxies on the target host is recommended.

Each CDP proxy server has specific services and components that also get installed with them: • Veeam CDP Proxy Service: This manages all CDP activity such as data aggregation, compression and decompression, data transfer, and more. • Veeam Installer Service: This is an auxiliary service that is installed to analyze the system and install and upgrade components or services depending on the role of the server. • Veeam Data Mover: This handles traffic sent/received during failback. Further to each of these installed services and components, the CDP proxy also has a cache to store data. Typically, the CDP proxy stores received data in RAM, but the cache stores data if the server becomes overloaded and memory runs out. The data within the RAM or cache gets removed only once the proxy receives a notification from the target host that it has successfully saved the data sent by the proxy.

Configuring CDP proxies and settings

79

The cache is a folder on a selected drive with an initial size chosen, and Veeam recommends allocating 1 GB of cache for every protected VM disk (if a VM has 5 disks, then the cache would need to be 5 GB). Further to the preceding details, there are a couple more things that are required for a VMware CDP proxy: • A VMware CDP proxy must be a Windows-managed virtual or physical server. • CDP proxies deployed on physical servers need to have a fast network between the hosts and the proxies themselves. Now, let's take a look at how to set up the VMware CDP proxy within the Veeam Backup & Replication v11a environment: 1. To begin, you need to create a CDP proxy, and this is done from the Backup Infrastructure tab, under the Backup Proxies section of the Veeam Backup & Replication console:

Figure 3.13 – The Backup Infrastructure tab and the Backup Proxies section of the console

80

CDP – Continuous Data Protection

2. From here, you can select the Add Proxy button to select Add VMware CDP Proxy..., or you can right-click and select the same option on the right-hand side of the screen:

Figure 3.14 – Add VMware CDP proxy... selection

Configuring CDP proxies and settings

3. This selection will launch the New VMware CDP Proxy wizard:

Figure 3.15 – The New VMware CDP Proxy wizard

4. You will need to click on the Add New button to add the required server as your proxy since you require one for the source cluster and one for the target cluster:

Figure 3.16 – Adding a new server to be the CDP proxy

81

82

CDP – Continuous Data Protection

5. In the New Window Server dialog, fill in DNS name or IP address, and click on Next to fill out Credentials. Then, click on Next again to review that the Transport service will get installed, and click on Apply to proceed. Finally, click on Next and then Finish to add the new server:

Figure 3.17 – The new Windows server added as a CDP proxy

6. Click on Next to continue, and specify the Cache settings:

Figure 3.18 – The CDP proxy cache settings

Configuring CDP proxies and settings

83

Reminder Remember that every VM disk (VMDK) that is protected requires 1 GB of cache, so size accordingly.

7. After the drive and folder have been selected and the cache sizing for the VM disks has been set, click on Next to navigate to the Traffic Rules part of the wizard:

Figure 3.19 – Traffic rules for the CDP proxy

84

CDP – Continuous Data Protection

8. If you have restrictions on your network about traffic, or there are security requirements, you can click on the Manage network traffic rules link and make the required adjustments, including setting Encryption, Throttling, and Time period:

Figure 3.20 – Editing the network traffic rules

Configuring CDP proxies and settings

9. Click on Next to proceed to the Review section of the wizard:

Figure 3.21 – The review section of the wizard for the CDP proxy

10. Here, you can see the server name, server type, cache size, and cache path. Additionally, the Veeam CDP component will be installed. Click on Apply to continue.

85

86

CDP – Continuous Data Protection

11. Veeam will now configure the CDP proxy with the settings selected and install the CDP proxy service. You will see all the steps once they have been completed:

Figure 3.22 – Configuring the CDP proxy

12. Click on Next to proceed, and then select Finish from the Summary screen. You will now see the new CDP proxy server in the Backup Infrastructure tab underneath Backup Proxies:

Configuring CDP proxies and settings

87

Figure 3.23 – The CDP proxy completed and ready for use

Repeat the process to add the required CDP proxies to your environment, as there should be at least two of them based on the configuration of one per source cluster and one per target cluster. We have now completed adding CDP proxies to your environment. Next, we will look at how to work with CDP policies and how they can be used to leverage the CDP proxies deployed.

88

CDP – Continuous Data Protection

Understanding CDP policies for replication We have gone through adding CDP proxies to Veeam Backup & Replication. Now we will look at the CDP policy for protection and how to work with them: 1. To create a CDP policy, you must be on the Home tab in the Veeam Backup & Replication console, underneath the Jobs section:

Figure 3.24 – The Home tab under Jobs to create a CDP policy

Understanding CDP policies for replication

2. You can either click on the CDP Policy button in the toolbar or right-click and select CDP policy..., as shown in Figure 3.24. 3. Once you do this, it will start the New CDP Policy wizard, as follows:

Figure 3.25 – The new CDP Policy wizard

4. Here, you will specify things such as the following: A.

Name: This is the name of the policy.

B.

Description: Enter a description that is relevant to the policy, which could contain SLA information.

C.

Select any of the advanced options such as replica seeding, network remapping, or replica re-IP.

89

90

CDP – Continuous Data Protection

5. Once you have selected the options, you will see them in the wizard on the left-hand side:

Figure 3.26 – Advanced options selected and shown in the wizard

6. Click on Next to proceed to the Virtual Machines selection. Here, you will choose the VMs that you wish to protect with this CDP policy:

Understanding CDP policies for replication

91

Figure 3.27 – VM selected for protection by the CDP policy

7. Click on Next to proceed to the Destination tab. You will choose your target cluster or host:

Figure 3.28 – Destination cluster or host for protected VMs

92

CDP – Continuous Data Protection Note Had you selected the advanced options for replica seeding, network remapping, or replica re-IP, you would now go through this part of the wizard. Since this is the more advanced setup, I will not be walking through the wizard components because my lab has only one cluster. Please refer to the following link for further information on these options: https://helpcenter.

veeam.com/docs/backup/vsphere/cdp_policy_create. html?ver=110.

8. Click on Next. Now we are presented with the Policy Settings section of the wizard. Here, you choose the Source and Target proxies, test the resources, and specify the Replica name suffix option and the Advanced settings, which are SNMP or email notifications:

Figure 3.29 – Policy settings for CDP

If you click on the Test button at this stage, as shown in Figure 3.29, you will get the following to indicate whether there are any problems with your configuration and setup:

Understanding CDP policies for replication

Figure 3.30 – Testing the resources configured for CDP

9. After clicking on Next in the Policy Settings section of the wizard, you are at Schedule, which is where you set up your RPO, Short-term retention, and Long-term retention settings:

Figure 3.31 – Schedule – RPO, Short-term retention, and Long-term retention

93

94

CDP – Continuous Data Protection

As you can see in Figure 3.31, the RPO setting can be set in Minutes or Seconds. The default is 15 seconds. You can also set the following: • Short-term retention: This allows point-in-time recovery for your RPO and can be in hours or minutes. • Long-term retention: This, as you can see in Figure 3.31, allows for additional restore points every X hours, and you can keep them for X days as well. Note For your RPO, the minimum setting is 2 seconds, but this might not be optimal should your CDP policy contain many VMs with high workloads. Veeam recommends the optimal setting for RPO of no less than 15 seconds with a maximum RPO of 60 minutes. Another thing to remember is that with short-term retention, the longer the window is set, the more storage that will get used on the target datastore for the I/O journal.

One more thing to note on the Schedule screen is that you can define the schedule for both RPO and short-term retention and Reporting. When you click on the Reporting button, you can set the following variables:

Figure 3.32 – The reporting settings for the CDP policy

Understanding CDP policies for replication

This setting will display both a warning and error in the Veeam console when these conditions are met: 1. Click on Next to proceed to the Guest Processing tab of the CDP policy wizard. Here, you can enable Application-aware processing for your VMs to ensure consistent backups, including log files:

Figure 3.33 – Application-aware processing options

95

96

CDP – Continuous Data Protection

2. Once all settings are complete, click on Apply to create the CDP policy. You will be shown the Summary screen where you can click on the Enable the policy when I click finish option. Turn this option on and then click on Finish to exit the wizard:

Figure 3.34 – Summary and enabling the CDP policy

Once you have clicked on Finish and enabled the job, you will see it start and begin the initial sync of data from your source cluster to the target cluster, as shown in the following screenshot:

Understanding CDP policies for replication

97

Figure 3.35 – The CDP policy enabled and starting the initial sync

Opening the CDP policy job, you can see the statistics of the replica and whether there are any issues or the RPO is being met. You do this by double-clicking on the CDP policy job to open the following dialog:

Figure 3.36 – CDP policy sync information

98

CDP – Continuous Data Protection

The last piece you would want to test is a failover of the CDP policy you created to ensure that the replica VM will come up correctly. While the failover is beyond the scope of this book, you can find all the required details here: https://helpcenter.veeam.com/docs/backup/vsphere/cdp_failover_ failback.html?ver=110

Summary This chapter reviewed CDP and what infrastructure components are required. We covered how to add CDP proxy servers for use in both the source and target VMware clusters. We took a look at how to install the I/O filter for your clusters Also, we covered how to create a CDP policy that runs to complete the replica of your protected VMs. While we did not touch on the failover process, a provided link describes the entire process. Hopefully, you will have a better idea of what CDP is all about and how it is set up with the required components. The next chapter, will take a deep dive into the more advanced feature of setting up immutable repositories.

Further reading • How CDP Works: https://helpcenter.veeam.com/docs/backup/ vsphere/cdp_hiw.html?ver=110 • Retention Policies: https://helpcenter.veeam.com/docs/backup/ vsphere/cdp_retention.html?ver=110 • Guaranteed Delivery: https://helpcenter.veeam.com/docs/backup/ vsphere/cdp_guaranteed_delivery.html?ver=110 • Replica Seeding and Mapping: https://helpcenter.veeam.com/docs/ backup/vsphere/cdp_seeding.html?ver=110

4

Immutability – Hardened Repositories Veeam Backup & Replication has a backup storage technology called hardened repositories, which is a backup target for jobs. You can also attach hardened repositories to a scale-out repository to further extend your backups and use multiple servers. This chapter will walk through what the hardened repository is and how best to use it. We will look at configuring hardened repositories for the performance tier of a scale-out repository. You will learn how to set up a hardened repository using the new single-use credentials. We will also look at how eliminating SSH protects your servers even further. Finally, we will configure backup jobs to use immutability with the newly created hardened repository. By the end of this chapter, you will know how to configure a hardened repository, add it to a scale-out repository, and set up backup jobs to take advantage of immutability within the hardened repository.

100

Immutability – Hardened Repositories

In this chapter, we're going to cover the following main topics: • Understanding hardened repositories • Learning how to configure hardened repositories in Veeam • Learning how eliminating SSH protects the server • Discovering how to configure backup jobs to use immutability with the hardened repositories

Technical requirements For this chapter, installing Veeam Backup & Replication will be required, as well as storage for creating repositories. Chapter 1, Installing and Upgrading Veeam, covered how to install/upgrade Veeam Backup & Replication, which you will leverage in this chapter. You can also reference the Hardened Repository section of the Veeam website here: https://helpcenter.veeam.com/docs/backup/vsphere/hardened_ repository.html?ver=110

Understanding hardened repositories What is a hardened repository, you might be asking? Well, with the new Veeam Backup & Replication v11a, you can use a Linux server as a repository, which allows you to back up files so that they're protected from loss resulting from malware activity or unplanned actions. This process can be accomplished with the following features: • Single-use credentials: These are credentials that are used only once to deploy the Veeam Data Mover service while adding the Linux server to the Veeam infrastructure. These credentials, after use, get discarded, and nothing gets stored in the backup infrastructure, which means backups will be safe, even if the Veeam Backup & Replication server is compromised. • Immutability: When you add a Linux repository, you can select the Make recent backups immutable for checkbox and specify a period for files to be immutable for. During this time, backup files that are stored in the repository cannot be deleted or modified:

Understanding hardened repositories

101

Figure 4.1 – Linux hardened repository – the Make recent backups immutable for: option

After turning on the immutability option for the Linux hardened repository, Veeam does the following: 1. Veeam creates a .veeam.N.lock file, which contains the immutability information for the time of each backup file in the active chain. These files get stored on a Linux host. 2. Any backup files that have been written to the hardened repository are immutable for the configured time (a minimum of 7 days to a maximum of 9999). The immutability period is only for the active backup chain. If there happen to be several chains, then Veeam will not extend the immutability for old backups within the chain. 3. Once the time expires, Veeam will mark the files as non-immutable again so that they can be modified or deleted.

102

Immutability – Hardened Repositories

The count of the immutability period that's indicated in the backup repository settings will start from the moment the last restore point in the active chain gets created. Let's look at an example: • The full backup file for an active chain gets created on January 12. The first incremental backup gets created on January 13. The second and last increments get created on January 14. • The immutability period that was indicated by the backup repository setting was 10 days. • The backup files will be immutable until January 24 – the date of the last restore point (January 14), plus 10 days. Now that you understand the immutability feature, which makes the Linux repository a hardened repository, we will look at the supported job types. The following backups are supported on the hardened repository: • VMware, Hyper-V VM backup jobs, and backup copy jobs created in Veeam Backup & Replication • Backup copy jobs created by Veeam Backup for Azure, Veeam Backup for AWS, and Veeam Backup for Google Cloud Platform • Physical machine backups created with Veeam Agent (Windows, Linux, Mac, Aix, and Solaris) • VMware Cloud Director VM backup jobs • VeeamZIP backups • Nutanix AHV VM backup jobs created by Veeam Backup for Nutanix AHV • RHV (RedHat Virtualization) VM backup jobs Important You can store backup files and backup copy files of NAS backup jobs, transaction log backup jobs, Recovery Manager/Systems Applications & Products, and High-Performance Analytical Appliance/Systems Applications & Products on Oracle backups in a hardened repository with immutability; however, these files will not be marked as immutable.

Learning how to configure hardened repositories in Veeam

103

You can learn more about these enhancements and many others on the Veeam Backup & Replication website: https://www.veeam.com/whats-new-availability-suite.html

We have now covered the hardened repository and explained how the immutability flag protects your backups. Now, let's look at how we can configure hardened repositories in Veeam Backup & Replication 11a.

Learning how to configure hardened repositories in Veeam The fundamental piece of the hardened repository is the Linux server, which gets built using Ubuntu 20.04. When you add the Linux server to the Veeam Backup & Replication server, you need to specify credentials that will be used once (single-use) and then discarded once the server has a connection:

Figure 4.2 – Adding a Linux server with single-use credentials

104

Immutability – Hardened Repositories

Once you have selected the Single-use credentials for the hardened repository option, you will see the following dialog, where you can type in your credentials:

Figure 4.3 – Single-use credentials entered for use

Now, you can proceed through the remainder of the wizard, including accepting the SSH fingerprint if prompted. After completing this wizard, the system will deploy the Veeam transport service, which will be used when you add the Linux server as a repository. When creating a standard repository, you will use the Linux server you added previously, which already has the XFS filesystem. These filesystems use a newer technology called Fast Clone, which increases the speed of synthetic backup creation and transformation, reduces disk space, and decreases the load on storage. Please refer to the Veeam Backup & Replication website for more information: https://helpcenter.veeam.com/docs/backup/vsphere/ backup_repository_block_cloning.html?zoom_ highlight=block+cloning&ver=110

Learning how to configure hardened repositories in Veeam

105

To create a standard repository, you need to set up your Linux server first using XFS for the drive that will contain the backup data. When you're setting up your repository server, you must follow these steps: 1. Consider using Ubuntu 20.04 as this has the latest kernel version, which Veeam recommends for use with repositories. Use the following command, replacing the /dev/sdb with the drive in your system to format the drive for data: mkfs.xfs -b size=4096 -m reflink=1,crc=1 /dev/sdb

2. After setting up your repository server, you must add it to Veeam Backup & Replication by starting the Add Backup Repository wizard:

Figure 4.4 – The Add Backup Repository wizard

106

Immutability – Hardened Repositories

3. Once the wizard launches, select the Direct Attached Storage option, where you can choose your Windows or Linux repository server:

Figure 4.5 – Direct Attached Storage selection for Windows or Linux

4. At this point, you will be presented with a New Backup Repository window, where you can fill in the Name and Description fields, then click Next:

Figure 4.6 – The New Backup Repository wizard

Learning how to configure hardened repositories in Veeam

107

5. After selecting Linux and clicking the Add New button, you will see the following window:

Figure 4.7 – Adding a new Linux repository server

Here, you must type in the DNS name or IP address property of your Linux server, fill in the Description field, and then click Next. As you can see, the title of each dialog is respective of which server type you chose to add – New Windows Server or New Linux Server.

108

Immutability – Hardened Repositories

6. Once you have gone through the Add New Server wizard, you will be brought back to the New Backup Repository wizard, where you can click the Populate button to show the drives on the server to select as the repository:

Figure 4.8 – Repository drive selection

As you can see, when you click the Populate button, the drives of the Linux server will appear. Choose the drive to be used for the repository and click Next. 7. You will be taken to the Repository section of the wizard, which is where you can set the various options:

Learning how to configure hardened repositories in Veeam

109

Figure 4.9 – Repository settings of the wizard

Set the following options in this Repository window: ‚ Path to folder: This is where you create a folder on the repository drive to store the backup job folders and files. ‚ Use fast cloning on XFS volumes: This is the Fast Clone option you will want to enable, which will allow for more rapid processing of synthetic full backups. ‚ Make recent backups immutable for X days: This is the part you turn on to make this a hardened repository. This setting will protect your backups for the duration selected. ‚ Load control: This contains some settings that control the number of concurrent tasks sent to the repository and the read and write data rate. These influence the load based on the type of repository you select and the backend storage system.

110

Immutability – Hardened Repositories

‚ Advanced: This is where you set things such as Align backup file data blocks and Use per-VM backup files:

Figure 4.10 – Advanced settings for a repository

Once all the options have been filled in, click Next. 8. After clicking Next, you will be taken to the Mount Server section of the wizard:

Learning how to configure hardened repositories in Veeam

111

Figure 4.11 – Mount Server settings

Here, we must select the following options: ‚ Mount server: The server that's used during the restore process that mounts the backup files. Note that for any Instant Recovery/vPower operations, you will require a Windows server; otherwise, these will be completed on the VBR server. ‚ Instant recovery write cache folder: When you choose to make an Instant VM Recovery, this folder mounts the files and typically gets placed on an SSD or other high-performance storage. ‚ Enable vPower NFS service on the mount server: This is typically installed on Mount Server and is for instantly recovering any backup (physical, virtual, or cloud) to VMware vSphere. This service is not used for Microsoft Hyper-V instant recovery options. Once you have selected all the required options, click Next.

112

Immutability – Hardened Repositories

9. At this point, you will be prompted with the Review screen:

Figure 4.12 – Additional options on the Review screen

There are a couple of options to note here: ‚ Search the repository for existing backups and import them automatically: When you choose a drive that may have been used previously as a repository, this option will search the drive and import the backups into the database. ‚ Import guest filesystem index data to the catalog: This option will import any guest filesystem indexes that may have existed on the repository drive previously. 10. Once you have reviewed everything, click the Apply button, then Next, and then Finish to complete the wizard.

Learning how to configure hardened repositories in Veeam

113

You should now see your hardened repository listed under the Backup Repositories section of the console:

Figure 4.13 – Hardened repository in the Veeam console

With that, you have added a standard hardened Linux repository to the Veeam Backup & Replication console using single-use credentials. We will use this in the Discovering how to configure backup jobs to use immutability with the hardened repositories section. But before we create a backup job, let's take a look at how, when using single-use credentials, to eliminate the SSH access to your Linux repository server.

114

Immutability – Hardened Repositories

Learning how eliminating SSH protects the server Secure Shell (SSH) is a method that's used to connect remotely to Linux servers. This service was required before Veeam Backup & Replication v11a for adding a Linux repository to the Veeam infrastructure. Now, with v11a, you can use single-use credentials to add a Linux repository. This ability eliminates the need to keep the SSH service running on your server, adding an extra layer of security. For further security and hardening guidelines, go to https://helpcenter.veeam. com/docs/backup/vsphere/hardened_repository_tips.html?ver=110. With v11a, the former SSH protocol usage gets encapsulated into the expanded transport protocol. This results in the SSH connectivity only being required at the initial deployment and when installing product updates. This change allows for secure SSH with interactive multi-factor authentication (MFA) and can even disable the SSH server completely to protect your repository. This will even protect it from future zero-day vulnerabilities. Now that we have learned how the hardened repository with single-use credentials allows SSH to be turned off or secured further, let's look at configuring a backup job with the hardened repository and enabling immutability.

Discovering how to configure backup jobs to use immutability with the hardened repositories Now that you have an idea of how to use single-use credentials and add a Linux repository to the Veeam infrastructure to allow immutability, let's learn how to configure a job with the required settings. Note that one of the key limitations of immutability is that it only supports the Forward Incremental job types and does not support the Reverse Incremental job type. Also, when you're using Linux hardened repositories with SOBR, keep the following in mind (https://helpcenter.veeam.com/docs/backup/vsphere/hardened_ repository_limitations.html?ver=110): "If you use the Capacity Tier option, keep in mind that having a hardened repository with immutability as a performance extent will affect the Capacity Tier's behavior. You will not be able to move immutable backup files because they cannot be deleted from the performance extent. Veeam Backup & Replication will copy such backup files to the Capacity Tier. When the immutability period is over, Veeam Backup & Replication will delete these files from the performance extent."

Discovering how to configure backup jobs to use immutability with the hardened repositories

115

Follow these steps to set up a job to use a hardened repository: 1. First, you need to be on the Home tab and under the Jobs section of the console. Right-click on the right-hand side or select the Backup Job button from the toolbar. Then, select Virtual machine:

Figure 4.14 – The Backup Job button and right-click options

116

Immutability – Hardened Repositories

2. The New Backup Job wizard will launch. Here, you must specify the Name and Description properties:

Figure 4.15 – The New Backup Job wizard

Discovering how to configure backup jobs to use immutability with the hardened repositories

117

3. Once you have typed in a Name and Description, click the Next button to proceed to the Virtual Machines tab, where you can select the servers to back up. Once you have added the servers you wish to back up, click the Add button in the Add Objects window:

Figure 4.16 – The Virtual Machines tab, where you can add servers to back up

118

Immutability – Hardened Repositories

4. At this point, you will be returned to the main wizard. Click Next to proceed to the Storage section, where you must choose the repository and retention period of your job, including the GFS settings if required:

Figure 4.17 – Storage settings, including hardened repository selection

Once you have selected your hardened repository and set any GFS settings, you can click Next to proceed.

Discovering how to configure backup jobs to use immutability with the hardened repositories

5. On the subsequent two screens, you must turn on Guest Processing and set a Schedule. Once you've done this, click the Apply button. At this point, you will have the option to run the job on the Summary screen before clicking Finish:

Figure 4.18 – Final summary and the option to run the job when clicking Finish

119

120

Immutability – Hardened Repositories

6. After creating a backup of your servers, you can test the hardened repository by deleting the backup files on the disk. It will tell you that you cannot delete them due to immutability. It will also show you when you can delete files based on the first available date, as set in the hardened repository:

Figure 4.19 – Choosing to delete the files with the immutability flag on the hardened repository

With that, you've learned how to set up a backup job that will utilize the hardened repository to keep the backups immutable for X days. This feature will ensure there is no tampering or that any of the files are deleted.

Summary This chapter reviewed the hardened repository and its components. We looked at how to add a Linux server to the Veeam console using single-use credentials for security. We also looked at how to use the Linux (XFS) server as a repository. We covered how using singleuse credentials allows you to secure your servers by turning off the SSH server or enabling MFA. Then, we learned how to create a backup job to use the hardened repository and learned how the system does not allow this when you're trying to delete files due to the immutability flag. Hopefully, you have a better idea of hardened repositories. The next chapter will look at how to make changes and enhancements within these areas in Veeam Backup & Replication v11a.

Further reading

121

Further reading To learn more about the topics that were covered in this chapter, take a look at the following resources: • Rick Vanover – Double-Play Immutability to beat Ransomeware: https:// community.veeam.com/blogs-and-podcasts-57/double-playimmutability-made-easy-to-beat-ransomware-with-veeam-1669 • Hardened Repository Veeam documentation: https://helpcenter.veeam. com/docs/backup/vsphere/hardened_repository.html?ver=110 • Hardened Linux Repository series by Didier Van Hoye: https://www. starwindsoftware.com/blog/veeam-hardened-linux-repositorypart-1#:~:text=%20Veeam%20hardened%20Linux%20repository%20 in%20v11%20provides,the%20XFS%20file%20system.%20So%2C%20grab...%20More%20 • Veeam Hardened Repository Compliance Testing Pass: https://www.veeam. com/blog/hardened-repository-passes-compliance.html • Veeam Best Practice on Hardened Repository: https://bp.veeam.com/vbr/ Security/hardening_backup_repository_linux.html

5

Backup Enhancements – Jobs, Copy Jobs, Restores, and More Veeam Backup & Replication v11a has some significant new enhancements to all aspects of the application, and in this chapter, we will take a look at some of the more critical changes. The first thing discussed will be the enhancements to the backup jobs and how Veeam has improved things overall. We discuss the new features for setting up backup copy jobs. You will learn about restoring and how Linux can now be a restore target and other expanded platform support. Lastly, we will look at Quick Migration jobs, file-level restores, and explorer enhancements. By the end of this chapter, you will understand what is new in version 11a. You will also understand how to leverage these new enhancements. And finally, you will have a better understanding of how the overall changes made help improve your backup environment.

124

Backup Enhancements – Jobs, Copy Jobs, Restores, and More

We're going to cover the following main topics in this chapter: • Understanding backup job enhancements and new features • Distinguishing the new features of backup copy jobs • Understanding restores with Linux target support and expanded platforms • Discovering other enhancements, including explorers

Technical requirements For this chapter, you should have Veeam Backup & Replication installed. If you have followed along through the book, Chapter 1, Installing and Upgrading Veeam, covered the installation and upgrading of Veeam Backup & Replication, which you can leverage in this chapter.

Understanding backup job enhancements and new features When installing the latest Veeam Backup & Replication v11a, you will see some new things enhanced and added to backup jobs. Backup jobs are one of the main things configured in the Veeam Backup & Replication console and infrastructure. They protect all of your servers, whether virtual or physical, and, as we will see, there have been some significant changes and enhancements around these types of jobs. While there are not many, they constitute significant improvements and additions: • High-priority jobs • Background Grandfather-Father-Son (GFS) retention • Orphaned GFS backup retention • Deleted VM retention improvements These are the new backup job enhancements, and they will be explained in further detail in the following sections.

Understanding backup job enhancements and new features

125

High-priority jobs Have you ever wanted to designate specific jobs as a higher priority than others? This feature has now become an option that got added to Veeam Backup & Replication v11a. Defining a backup job as a high priority might mean you require a specific Recovery Point Objective (RPO) or need to have your most vital systems backed up first. When you select to have jobs set as a high priority, they get placed in a dedicated resources scheduler queue that is offered to the backup infrastructure and takes precedence over the regular backup queue. It also allows jobs to be sensitive to when they need to start and ensures they begin when required. The high-priority job setting gets set when you create your backup job on the first screen.

Figure 5.1 – High-priority job option

This checkbox in the preceding screenshot would be the one you select to ensure that your job is placed in the high-priority scheduler queue. Now, let's take a look at the background GFS retention enhancement.

126

Backup Enhancements – Jobs, Copy Jobs, Restores, and More

Background GFS retention Before version 11a, full GFS backups were processed during the backup job execution but are now processed independently from the backup job execution as a background system activity on the Veeam repository. This feature will ensure that the expired full backups will not consume space on the repository disk if the primary backup job is disabled for an extended period.

Orphaned GFS backup retention Based on their last-known retention policy, the retention policies get applied to GFS backups that no longer have a job associated with them. This enhancement will remove the need to keep the no-longer-necessary jobs that protect a single machine.

Deleted VM retention improvements When you have a backup job fail, previously, the deleted VM retention would still get applied. Now, with v11a, this is no longer the case as the deleted VM retention will not get used if the backup jobs fail to build the processed machine list, which prevents deletions due to, or caused by, temporary infrastructure issues. Now that you understand the backup job enhancements and what has changed in v11a, we will look at the newest features of backup copy jobs.

Distinguishing the new features of backup copy jobs Backup copy jobs nowadays might be just as important as regular backup jobs. They provide a way to get your backups to another storage, send backups offsite, and help you achieve the 3-2-1-1-0 rule. A backup copy job takes files from your regular backup jobs and copies them to another storage repository-like block or S3. You can also use it to send data offsite to other block- or S3-compatible storage as well as to Veeam Cloud Connect. With the release of Veeam Backup & Replication v11a, improvements and enhancements were made to backup copy jobs: • Time-based GFS retention • GFS full creation time • No quarterly backups

Distinguishing the new features of backup copy jobs

127

• Repository as source • Daily retention Let's take a further look into each of these enhancements to see what each of them entails.

Time-based GFS retention When setting up GFS retention for backup copy jobs, they are now time-based instead of being based on the number of restore points for each generation. This ensures that backups get kept for the necessary amount of time, even in a manual GFS retention point creation. Here is an example of the new time-based GFS retention within a backup copy job:

Figure 5.2 – Time-based GFS retention settings

That was the premise of time-based retention; now, let's look at some of the other enhancements around GFS.

128

Backup Enhancements – Jobs, Copy Jobs, Restores, and More

GFS full creation time When you configure a backup copy job with GFS, the full backups that get created get sealed on the day scheduled instead of when the corresponding restore point becomes the oldest in the incremental chain. This will hopefully remove the confusion and concerns that many customers had around this process. As shown in Figure 5.2, when the weekly backup, scheduled for Sunday, gets created, Veeam seals the backup on that day, so it is a complete, full backup.

No quarterly backups One of the things that could be somewhat confusing and unnecessary was having four different types of GFS backups – Weekly, Monthly, Quarterly, and Yearly. With the release of v11a, Veeam has decided to remove the quarterly backups from the mix, allowing only Weekly, Monthly, and Yearly. The following is an example of previous versions of Veeam with the quarterly backups:

Figure 5.3 – Veeam v10 – Quarterly GFS option for a backup copy job

Distinguishing the new features of backup copy jobs

129

The preceding screenshot shows the dialog of a backup copy job from v10 with the Quarterly backup option present, and the following is the new dialog from v11a that has the Quarterly backup option removed:

Figure 5.4 – Veeam v11 – Quarterly GFS option removed for a backup copy job

Now that we have looked at the option of no quarterly backups, let's look at how you can use a repository as a source.

Repository as a source When you set up a backup copy job, you can select your repository as the source for the backup copy job upon selecting either immediate copy mode or periodic copy mode. This option allows the backup copy job to pull the source files from your repository instead of working through your server infrastructure to retrieve the data.

130

Backup Enhancements – Jobs, Copy Jobs, Restores, and More

You can configure this on the screen called Objects:

Figure 5.5 – Immediate copy mode to use the primary backup repository

As you can see, it uses the primary backup repository as one of the Objects to process. Now, let's take a look at the final enhancement of daily retention.

Daily retention When you created your backup copy jobs previously in v10, there was only the option to choose the retention as restore points. With v11a, they have added the option to select a new time-based retention based on the number of days for recent backups created with backup copy jobs. The following is an example of the restore points in v10 together with the newly added time-based retention:

Distinguishing the new features of backup copy jobs

Figure 5.6 – Veeam v10 – Restore-points-only option

The preceding screenshot shows the v10 backup copy dialog with Restore points to keep only, but here is the new v11a dialog that shows the restore points as well as the time-based retention option:

Figure 5.7 – Veeam v11a – New time-based retention option by days

131

132

Backup Enhancements – Jobs, Copy Jobs, Restores, and More

Now that we have taken a look at the many enhancements to backup copy jobs, let's take a look at how you can use Linux servers as a target and some other expanded platforms.

Understanding restores with Linux target support and expanded platforms In prior versions of Veeam, when conducting a restore, you were bound to using only Windows servers and could not use Linux servers; well, that has changed now with v11a. We will look at the enhancements made for Linux along with some of the other expanded platforms that can be used for restores. The following items will be covered: • Linux target support • Linux File-Level Restore (FLR) without a helper appliance • Linux FLR performance improvements • Expanded platform support Let's look now at the enhancements mentioned to see what is new or what has been enhanced.

Linux target support Before version 11a, the only way to complete a restore was to use a Windows server, and you could not mount any backups with Linux. Well, that has been enhanced in v11a with the Data Integration API (DIAPI), which now supports being able to mount backup content directly on a Linux server. This gets used when undertaking any FLR activity from a Linux backup. It will now mount directly back onto the Linux server and not require the mount server configured on the repository.

Linux FLR without a helper appliance Before v11a, when it came to restoring files from Linux, you required a helper appliance deployed on vSphere or Hyper-V. Well, now, this is not a requirement with the enhancements made to FLR. When you run an FLR with Linux, it can mount to any Linux server – dedicated, targeted, or the original server, which is always guaranteed to know how to restore the filesystem. These new enhancements also remove network complexities and security concerns around the appliance itself. This also allows customers to perform FLR restores directly within a cloud-based VMware infrastructure offering.

Understanding restores with Linux target support and expanded platforms

133

Linux FLR performance improvements Veeam increased the performance of FLR restores on Linux-based systems by up to 50%, irrespective of whether you were making a recovery with or without the helper appliance. As noted in the previous point, the helper appliance is not required now as well.

Expanded platform support With any new software release, new platforms are added that can get used with Veeam Backup & Replication v11a. With this release, some of the many new platforms are listed below with a description of each: • Microsoft Windows Server 2022 and Windows 10 21H1: These are now supported as a guest OS, Hyper-V host, for installing Veeam Backup & Replication components and for agent-based backup with the Veeam Agent for Microsoft Windows 5.0.1 (included in v11a). • Microsoft Windows 11: Support the same operating systems above, including the Veeam Agent for backups. • Microsoft Azure Stack HCI version 21H2: Support for the host-based Hyper-V VM backup. • RHEL/CentOS 8.4, Ubuntu 21.04, Debian 11, SLES 15 SP3d, OpenSUSE Leap 15.3, and Fedora 34: These Linux distributions are now supported as a guest OS, installing Veeam components as well as for agent-based backup with the Veeam Agent for Linux 5.0.1 (included in v11a). • VMware Cloud Directory 10.3: Allows you to deploy the self-service portal in environments with multiple cloud director servers. • VMware VMC 15: Includes the compatibility of VM restore operations with NSX-T 3.0 networks that use Virtual Distributed Switch (VDS) 7.0 instead of N-VDS (NSX Virtual Distributed Switch) switches. • VMware vSphere 7.0 U3: Compatibility with the latest release of vSphere 7.0 U3, including all components. Note that there have been a few releases and changes since vSphere 7.0 U3 (a, b, and so on) at the time of this publication; one release has even been redacted. For the latest Veeam support updates for a vSphere release platform, it's recommended to subscribe to the Veeam R&D Forums, where subscribers get a weekly newsletter with the latest information on matters such as this. You can subscribe here: https://forums.veeam.com/.

134

Backup Enhancements – Jobs, Copy Jobs, Restores, and More Warning If you are using Windows 2019 with the ReFS filesystem as backup repositories, it is highly recommended not to upgrade them to Windows 2022 or mount any 2019 volumes to Windows 2022 as this will cause a BSOD boot loop regression in the code. For further information, or to fix this issue, refer to the following Microsoft KB update and install it: https://support.microsoft.

com/en-us/topic/september-27-2021-kb5005619-osbuild-20348-261-preview-d5416d34-e4b7-4680-87477e995515c791. It is recommended to do a fresh install of Windows 2022 if you are going to use it for a repository with ReFS.

Further to these platform enhancements, there have been some cloud-native capabilities added for AWS, Microsoft Azure, Google Cloud Platform, Nutanix AHV, and Red Hat Virtualization (RHV) support readiness: • Native protection of additional services: Expanded native backup and recovery to Amazon Elastic File System (Amazon EFS) systems and Microsoft Azure SQL databases. • Lowest cost archive storage: Support for the new Amazon S3 Glacier and Glacier Deep Archive, Microsoft Azure Archive Storage, and Google Cloud Archive storage can cut costs by as much as 50X. • Increased security and control: This allows you to safeguard encrypted data against ransomware and cyber threats by integrating with AWS Key Management Service (KMS) and Azure Key Vault, as well as Role-Based Access Control (RBAC) for control and authorization. • Fully integrated Google Cloud Platform (GCP) support: GCP support is built directly into Veeam Backup & Replication console now. Furthermore, customers can now restore image-level backups created by any Veeam product directly to a Google Cloud Environment (GCE) VM for cloud disaster recovery. • Instant Recovery to Nutanix AHV: With the new Veeam Backup for Nutanix AHV v3 included in the v11a update, Veeam has increased its instant recovery capabilities to additional hypervisors. Image-level recovery from any Veeam products is now possible to a Nutanix AHV VM for instant disaster recovery with any workload – cloud, virtual, or physical. Requires Nutanix AHV 6.0 or later. • Red Hat Virtualization (RHV) support readiness: Support for this fourth hypervisor is currently in public beta release, and Veeam Backup & Replication v11a offers reliable integrated backup for RHV 4.4.8 or later. This allows customers to create reliable backups of RHV VMs using native change block tracking and the readiness for any disaster.

Discovering other enhancements, including explorers

135

These are some of the newest platform enhancements, but there is one other worth mentioning related to Kubernetes backups: Kasten K10 by Veeam. The upcoming Kasten K10 4.5 release will allow customers to integrate with the Veeam Backup & Replication v11a console to allow Kasten K10 by Veeam to write Kubernetes cluster backups directly to Veeam repositories. We have now covered the Linux target support and discussed some of the many new platforms. Now, let's look at our last topic regarding quick migration jobs and the new explorer enhancements.

Discovering other enhancements, including explorers Further to the changes and enhancements already covered in the previous sections, there are a few more noteworthy changes in v11a: • Improved health check performance: The storage-level corruption guard will now use the advanced data fetcher technology, which will improve performance significantly on enterprise-grade storage hardware. • Restore directly from the capacity tier: When a user initiates a restore from backups stored in the capacity tier, Veeam will not now read the matching data blocks located on the performance tier and use the data blocks only from the capacity tier. This is a great way to conduct restore tests that are non-disruptive to users. • Object storage compatibility: To help object storage devices with limited scalability, you can set jobs to use the 8 MB block size to reduce how many objects get created. To do this, you create a UIShowLegacyBlockSize (DWORD, 1) registry value under the HKLM\SOFTWARE\Veeam\Veeam Backup and Replication registry key. Do note that this will increase the size of your incremental backups and requires an active full backup to get activated on this change. This has been very much anticipated for organizations using on-premises object storage systems where egress and latency concerns are not the same as from an on-premises environment to the hyperscale cloud. • VMware vSAN enhancements: With Veeam 11a, the CDP policies now support vSAN. The Veeam task scheduler now uses a dedicated threshold of the maximum number of open VM snapshots per vSAN datastore, and the default is 32. This setting can be controlled from the registry with VSANMaxSnapshotsNum (DWORD) under HKLM\SOFTWARE\Veeam\Veeam Backup and Replication.

136

Backup Enhancements – Jobs, Copy Jobs, Restores, and More

Further to these, there are a couple of Veeam Explorer enhancements as well: • Veeam Explorer for Active Directory: You can now restore the Distributed File System (DFS) configuration within the system container. • Veeam Explorer for Microsoft Teams: You can now restore Microsoft Teams data directly from your image-based backups from Veeam Backup for Microsoft Office 365. This section completes our look at further enhancements within the Veeam Backup & Replication v11a system related to both storage and the Veeam Explorers. This brings us to the end of this chapter and a look back at all the topics covered.

Summary This chapter has reviewed many of the new backup enhancements that Veeam has added to v11a. We first examined the many new backup job features and improvements, including the new high priority option. We then looked at backup copy jobs and some interesting new features that could be set there, such as the new time-based retention. After that, we discussed the latest Linux and expanded platform enhancements, including no longer requiring the helper appliance. Lastly, we discussed many other enhancements, including changes to some Veeam Explorers, like the new Microsoft Teams explorer. After reading this chapter, you should have a better understanding of the multitude of new features within backup jobs, backup copy jobs, restores for Linux, and explorers. Hopefully, you will now have a better idea of how these improvements can better help you in your environment. The next chapter will look into object storage and the newest vendors that you can now choose from when setting them up.

Further reading Refer to the following resources for more information: • V11: NEW GFS retention is here!: https://www.veeam.com/blog/ v11-gfs-retention.html • Release information for Veeam Backup & Replication 11a: https://www. veeam.com/kb4215 • What's New in v11: https://www.veeam.com/whats-new-backupreplication.html • Kasten K10 Backup by Veeam: https://www.kasten.io/product/

6

Expanded Object Storage Support – Capacity and Archive Tiers Object storage is one of the many options for backup storage and repositories, including a few new additions for archiving data. This chapter will look at what object storage vendors are newly supported in Veeam Backup & Replication v11a. We will discuss how to set up capacity and archive storage within the environment. You will learn to configure a Scale-Out Backup Repository (SOBR) with the newly configured capacity and archive tiers. We will look at how immutability with Amazon S3 Glacier works, including policybased offloading. Finally, we will look at cost-optimized archiving and storage using the new archive tier. By the end of this chapter, you will understand what object storage vendors for capacity and archive tiers you can now use. You will also understand how this fits into your environment and use cases. Finally, you will have a better understanding of settings and configuration.

138

Expanded Object Storage Support – Capacity and Archive Tiers

In this chapter, we're going to cover the following main topics: • Understanding new object storage capacity and archive tiers • Understanding object storage configuring capacity and archive tiers • Discovering immutability with Amazon S3 Glacier and policy-based offloading • Working with an archive tier for cost-optimized archiving and storage

Technical requirements If you have followed along throughout the book, then you will know that Chapter 1, Installing and Upgrading Veeam, covered the installation and optimization of Veeam Backup & Replication, which you can leverage in this chapter. For this chapter, you should have Veeam Backup & Replication installed. If you have access to object storage with the newer vendors, that would be an added benefit but is not required.

Understanding new object storage capacity and archive tiers Object storage is a computer data storage architecture that manages and stores information as objects, unlike filesystems, which use a file hierarchy and block storage that stores data as blocks within sectors and tracks. When data gets stored within object storage, it includes the data itself, some amount of metadata, and a Globally Unique Identifier (GUID). You can create a namespace within object storage, spanning multiple physical hardware instances, such as a cluster. You can compare object storage to other forms to see the differences: • Object storage: This takes pieces of data and designates them as an object and stores the data along with associated metadata and a GUID. • File storage: This takes data and stores it in a hierarchy of folders to help organize it. This method is also called hierarchical storage, similar to how paper files are stored, and data access is via a folder path. • Block storage: Data is taken apart into singular data blocks and then stored as separate chunks within the storage. Each piece or block has a different address and, therefore, does not require a file structure.

Understanding new object storage capacity and archive tiers

139

Many will also refer to object storage as a bucket of storage, where you create a named bucket (namespace), and then when data gets sent to the object storage, it is stored in the bucket. A great example of this would be with Amazon S3, as shown in the following figure:

Figure 6.1 – Amazon S3 object storage as a bucket

When it comes to Veeam Backup & Replication, object storage plays a role within the backup infrastructure in the repository section, including attaching the repository to a SOBR, which gets leveraged in the capacity tier and the new archive tier now. As shown in the following figure, you instruct everything to go to the performance tier and then move to the capacity tier or archive tier, which is where object storage gets used:

Figure 6.2 – The capacity and archive tiers where object storage gets used

140

Expanded Object Storage Support – Capacity and Archive Tiers

In the preceding figure, you can see the different types of storage: • Amazon S3: This includes Standard and Glacier storage. • Microsoft Azure Blob: This is the Microsoft version of object storage. • IBM Cloud: This is IBM Cloud object storage. • S3-compatible: This can be cloud-based or on-premises with vendors such as Cloudian, Wasabi, and Backblaze. • Google Cloud Storage: This is the newest addition to the capacity tier, allowing you to send the object store to Google. • Amazon S3 Glacier Deep Archive: This is one of the new archive tiers for long-term archival, • Microsoft Azure Blob Storage: This is also another new archive tier for cold storage for long-term archival. Of all the vendors listed above, they are all cloud-based, where data is hosted, but if you use S3-compatible object storage, you can implement this on-premises. Veeam Backup & Replication v11a has made some significant enhancements around object storage, as follows: • Capacity tier: ‚ Google Cloud Storage: Using the proprietary Google Storage (GS) object storage API, Veeam can send capacity tier data to Google Cloud. Currently, however, Google Cloud Storage (GCS) does not support immutable backups due to the lack of object lock capabilities. • Archive tier: ‚ Amazon S3 Glacier Deep Archive and Microsoft Azure Blob Storage archive tier: Both of these solutions are now available with the new archive tier within Veeam Backup & Replication v11a. These types of storage get used as cold storage, where you need a long-term archival solution for write once read never use cases. You use Grandfather-Father-Son (GFS) backups to send data to the archive tier of a SOBR, ensuring cost-effective and seamless backup life cycle management. ‚ Immutable backups: Helping meet compliance requirements, Amazon S3 Glacier allows you to make your backups immutable for the entire duration of the backup retention policy.

Understanding new object storage capacity and archive tiers

141

‚ Policy-based offload: Just like the capacity tier, there are no offload jobs that require management. You just set your archive window high enough to ensure that only the restore points you are not likely to need access to get archived. SOBR is also clever in that it will take care of all data movement between all storage tiers. ‚ Cost-optimized archiving: Veeam helps save the high API costs of cold object storage by repackaging offloaded data blocks into large objects (up to 512 MB in size) using a helper appliance deployed in the cloud for the duration of the archiving instance. Veeam automatically skips archiving retention points under the used storage class's minimum required data storage duration to avoid the early deletion penalty. ‚ Flexible storage methods: To lower costs by default, the archive tier offload uses a forever-forward incremental approach that only takes delta from the previous restore point to upload. However, an option gets provided to store each GFS full backup as standalone for more extended retention policies. This avoids single incremental backup chains spanning decades and keeps overall costs reasonable by leveraging Amazon S3 Glacier Deep Archive storage classes. ‚ Self-sufficient archives: Archived backups are self-sufficient. They are not dependent on any external metadata, allowing them to get imported even if the on-premises backup server is lost. This also prevents vendor lock-in because archived backups can be imported from object storage at any time, even using the Veeam Backup & Replication Community Edition (free), which does not require a license. Veeam does not hold your data hostage! ‚ No extra costs: Unlike secondary storage appliance vendors who want to see your data stay, Veeam does not charge a per-TB subscription when archiving data to object storage. There is no cloud usage tax. Important Note The SOBR archive tier gets included in the Veeam Universal License (VUL). When using the legacy socket-based license, you will require the Enterprise Plus edition.

Now that we have taken a look at new object storage tiers and vendors that are new with Veeam Backup & Replication, we will now dive into the application to see how it is configured and used.

142

Expanded Object Storage Support – Capacity and Archive Tiers

Understanding object storage configuring capacity and archive tiers To use object storage in Veeam Backup & Replication, you add it as a standard repository. You then use it in the capacity tier and archive tier of the SOBR or as a target archive repository for Network Attached Storage (NAS) backup. Veeam Backup & Replication cannot currently write directly to object storage; however, Veeam continues to enhance its object storage capabilities. When using object storage with Veeam Backup & Replication, it is intended for long-term data storage and based on either a cloud solution or an S3-compatible storage solution that can be on-premises. When used as the capacity tier or archive tier for a SOBR, it has a few useful features: • Storage space: If your SOBR extents are starting to run out of space, added object storage to the capacity tier or archive tier allows you to tier off data to free up space in the performance tier. • Backup policies: If your organization has policies or Service-Level Agreements (SLAs) that require specific amounts of data to be stored on the performance extent and outdated or older data archived out into the capacity or archive tier this is where backup policies play a role. • 3-2-1-1-0 rule: Using the capacity tier with object storage in the cloud or other sites allows you to meet the 3-2-1-1-0 rule and allow for disaster recovery more easily. The capacity and archive tiers of storage get added to the Veeam Backup & Replication console just like other repositories under the Backup Infrastructure tab and Backup Repositories section. Once added here, you can then work to add them to your SOBRs for use. The instructions for adding the following archive tier will be the same for Google Cloud Storage with the capacity tier, except in Figure 6.6, you would select Google Cloud Storage.

Understanding object storage configuring capacity and archive tiers

143

The following diagram shows the capacity tier added to Google Cloud Storage after going through the wizard:

Figure 6.3 – Google Cloud Storage repository added

144

Expanded Object Storage Support – Capacity and Archive Tiers

As we can see, adding Google Cloud Storage is relatively easy, but when adding the archive tier using Amazon S3 Glacier, you can set some other options. Follow these instructions to add your archive tier: 1. Navigate to the Backup Infrastructure tab. Under the Backup Repositories section, click the Add Repository button or right-click on the right side and select Add backup repository to launch the wizard:

Figure 6.4 – Add backup repository options

2. After selecting one of the options for adding a repository, you will be prompted with a selection list. Click on Object storage:

Understanding object storage configuring capacity and archive tiers

145

Figure 6.5 – Object storage selection for adding a backup repository

3. Once you select Object storage, you will be prompted with which type to choose. We're choosing Amazon S3 for our example, but you can also select Microsoft Azure Storage for the archive tier:

Figure 6.6 – Amazon S3 or Microsoft Azure Storage selections

146

Expanded Object Storage Support – Capacity and Archive Tiers

4. After selecting Amazon S3, you will need to choose which one, and in our case, we will choose Amazon S3 Glacier:

Figure 6.7 – Selecting Amazon S3 Glacier for the archive tier

5. This selection now launches the New Object Storage Repository wizard, and here you will start by typing in the Name and Description fields:

Figure 6.8 – New Object Storage Repository wizard – Name and Description

6. Click Next to proceed to the Account tab, where you will click the Add… button to enter your login details for your Amazon S3 account – Access key and Secret key:

Understanding object storage configuring capacity and archive tiers

147

Figure 6.9 – Adding credentials for the Access key and Secret key fields

7. Once you have typed in your credentials, click the OK button to return to the Account page. Select Global for the region and then click Next to proceed to the Bucket tab:

Figure 6.10 – Credentials and AWS region selected

148

Expanded Object Storage Support – Capacity and Archive Tiers

8. On the Bucket tab, you will be able to select your Data center region, your bucket set up in Amazon S3, and select or create a folder. You will also want to ensure that Use the Deep Archive storage class gets selected with a checkmark. Once you have completed this, click Next to move to the Proxy Appliance tab:

Figure 6.11 – Selecting the options for the archive tier

Important Note You also have the option to turn on immutability, but you will want to make sure your Amazon S3 Glacier bucket gets created with the Object Lock feature.

Understanding object storage configuring capacity and archive tiers

149

9. The next screen in the wizard is the Proxy Appliance section, and it is here where Veeam will deploy an appliance to help move the data to the archive tier. You are also able to customize the network settings using the Customize button:

Figure 6.12 – Proxy Appliance and customizations

Important Note The customization settings will deploy an EC2 instance with a Virtual Private Connection (VPC) within Amazon once you apply the settings to deploy your archive tier for storage. Keep in mind that there will be costs involved with this setup on top of the storage costs. It is recommended to leave the Create new option for all the drop-down lists so that Veeam will create the VPC and settings for you.

150

Expanded Object Storage Support – Capacity and Archive Tiers

10. Once you have Proxy Appliance Settings configured, click the Apply button to move to the Summary tab for review. The settings selected during the wizard will get shown. Then, click Finish to complete the wizard:

Figure 6.13 – The Summary tab of all the settings for the archive tier

These steps complete the wizard to add your archive tier, and you will now see this listed in the console under the Backup Repositories tab, as shown in the following screenshot:

Understanding object storage configuring capacity and archive tiers

Figure 6.14 – The Amazon S3 Glacier repository

Important Note To use Amazon S3 Glacier for the archive tier in your SOBR, you need to have a capacity tier already set up within your repository list and either already added to the SOBR or selected when creating a new SOBR.

151

152

Expanded Object Storage Support – Capacity and Archive Tiers

To demonstrate this, the following is a picture of the Capacity Tier page for an existing SOBR. Once Amazon S3 gets selected as the capacity tier, then the Archive Tier tab becomes available:

Figure 6.15 – Selecting the Amazon S3 capacity tier to enable the archive tier

As noted in Figure 6.15, once you select the capacity tier as Amazon S3 with the required options, you then click Next, and the page will display the Archive Tier tab with options, as shown in the following screenshot:

Discovering immutability with Amazon S3 Glacier and policy-based offloading

153

Figure 6.16 – Archive Tier with configuration settings

As you can see, setting up Google Cloud Storage for use with the capacity tier or Amazon S3 Glacier for the archive tier is pretty straightforward. Now, let's look at how you can leverage immutability with the archive tier, as with hardened repositories or the capacity tier.

Discovering immutability with Amazon S3 Glacier and policy-based offloading When you decide to deploy object storage for use with Veeam Backup & Replication, an excellent option to look into is immutability. When you turn this feature on within your object storage by selecting the Object Lock option, it prohibits objects from being changed or deleted throughout the storage lifetime or retention period. A storage lifetime is the time between successful object creation (upload) and successful object deletion. This feature pertains to both the capacity tier as well as the archive tier when using Amazon S3 Glacier.

154

Expanded Object Storage Support – Capacity and Archive Tiers

The following diagram shows Object Lock and Versioning getting turned on, whether in the capacity tier or archive tier object storage, which must be done on bucket creation, as it cannot be done after the bucket is created or turned off either:

Figure 6.17 – Enabling immutability, including the Object Lock feature

As you can see, turning on Object Lock and Versioning is a requirement for Veeam Backup & Replication v11a to use this feature. Veeam Backup & Replication uses the object lock technology that Amazon and other S3-compatible providers already have. Once this gets enabled in your object storage, it prevents the deletion of data from the capacity or archive extent of your SOBR until the immutability expiration date passes. When it comes to the immutability feature for Veeam Backup & Replication, some limitations are as follows: • When enabling Object Lock on the S3 bucket, be sure to select the None option for configuration mode. If you do not, you will not be able to register the bucket with Veeam Backup & Replication. Also, note that Veeam Backup & Replication uses Compliance object lock mode for each object it uploads. • Immutability pertains to both the capacity tier and archive tier of backups and does not support NAS backups.

Working with the archive tier for cost-optimized archiving and storage

155

• Immutable data will get preserved based on Block Generation, which adds an extra period of up to 10 days by default to the expiration date chosen. For example, if you configure your immutability period to 30 days, then an additional 10 days get added, making the total immutability period 40 days. For further information on Block Generation, please see the following web page: https://helpcenter.veeam.com/docs/backup/vsphere/block_gen. html?ver=110. Another feature besides immutability is the process of policy-based offloading in Veeam Backup & Replication v11a. Similar to the capacity tier, there are no offload jobs that require management within the application. You need to set your archive window high enough to ensure that restore points you will not access again will get archived. The technology built into SOBR will take care of data movement across all of your tiers to ensure the backups get sent to the right ones based on your policies. You need to check the SOBR status report emails to ensure that everything shows as green. Now that we have looked at the immutability feature available within the archive tier object storage and policy-based offloading, let's look at the last section of this chapter on how the archive tier can save on archiving and storage.

Working with the archive tier for costoptimized archiving and storage One of the benefits of using the archive tier is that you now have cost-optimized storage for your archiving. Because API costs for cold storage are high, when Veeam offloads data blocks, they are repackaged into larger objects of up to 512 MB in size, using the helper appliance that gets automatically provisioned in the public cloud during the archiving session. Larger object sizes save on the amount of storage used, and, in the end, it will save the customer money. Also, to avoid any deletion penalties, Veeam will automatically skip archiving of restore points, with retention remaining under the minimum required data storage duration of the storage class used in the archive tier. In addition to cost savings, there is now a flexible way to store your backups that Veeam will use to lower costs. By default, the offloading for the archive tier uses foreverincremental backups with only a delta from the previous restore point uploaded. However, Veeam provides a method to store each GFS restore point as a full standalone backup for extended retention periods. This avoids a single incremental chain spanning long periods and keeps overall costs reasonable. As you can see, using the archive tier does have cost benefits in storing your backups.

156

Expanded Object Storage Support – Capacity and Archive Tiers

Summary This chapter has reviewed object storage and the newest capacity tier supported by storage vendors. We took a look at the new archive tier that is now available within Veeam Backup & Replication v11a. We reviewed configuring and setting up the new capacity and archive tiers within the Veeam Backup & Replication console, including adding them to a SOBR for archiving. We then took a look at immutability within Amazon S3 Glacier and the new policy-based offloading. Finally, we looked at how the archive tier can be used for costoptimized archiving and storage. After reading this chapter, you should now have a much deeper understanding of the new object storage capacity and archive tiers. You should also now understand how to configure them within Veeam Backup & Replication. Lastly, you know how to use immutability with Amazon S3 Glacier, how the policy-based offload engine works, and how the archive tier is optimized for cost savings. Hopefully, you will now have a better idea of the new object storage tiers. The next chapter will take a look at what Veeam has done in v11a to enhance using Linux with a persistent agent and better security with single-use credentials.

Further reading • The capacity tier – object storage: https://helpcenter.veeam.com/docs/ backup/vsphere/capacity_tier.html?ver=110 • The archive tier – object storage: https://helpcenter.veeam.com/docs/ backup/vsphere/archive_tier.html?ver=110 • The archive tier for Amazon S3 Glacier – EC2 instance types for Proxy Appliance: https://aws.amazon.com/ec2/instance-types/ • Adding Amazon S3 Glacier Storage: https://helpcenter.veeam.com/ docs/backup/vsphere/osr_amazon_glacier_adding.html?ver=110 • Adding Google Cloud Object Storage: https://helpcenter.veeam.com/ docs/backup/vsphere/adding_google_cloud_object_storage. html?ver=110

Section 3: Linux Proxy Enhancements, Instant Recovery, Veeam ONE, and Orchestrator This section aims to teach you about the new Linux proxy enhancements in Veeam Backup & Replication v11a. We will dive into Instant VM Recovery and the changes/ improvements made. We will look at the enhancements made to Veeam ONE and look into the orchestrator (Veeam Disaster Recovery Orchestrator). You will better understand the new proxy enhancements and when to use them. You will see what has changed in Veeam ONE and how it will help your organization. You will also get a first glance into Veeam Disaster Recovery Orchestrator and see how you can use it within your organization for orchestrating disaster recovery with multiple types of Veeam jobs. This section contains the following chapters: • Chapter 7, Linux Proxy Enhancements • Chapter 8, Understanding Instant Recovery • Chapter 9, Introducing Veeam ONE v11a • Chapter 10, Introducing Veeam Disaster Recovery Orchestrator

7

Linux Proxy Enhancements At the heart of Veeam Backup & Replication are the workhorses – proxies. This chapter will look at proxy servers and what's new in v11a, including Linux proxy enhancements. We'll discuss how these new enhancements will help security, among other things, in your environment. You will learn about the persistent data mover, which also contains enhanced security. Finally, we will dive into how credentials are a thing of the past – machine certificates are the future. By the end of this chapter, you will understand what proxy enhancements are new in v11a. You will also know how they fit into your environment and use cases. Finally, you will have a better understanding of job settings and configuration best practices. In this chapter, we're going to cover the following main topics: • Understanding Linux proxy enhancements and what's new in v11a • Understanding how the latest enhancements can help your organization • Discovering the persistent data mover with enhanced security • Discovering how credentials are the past and certificates are the future • Special section by Rick Vanover from Veeam – future Linux capabilities and industry direction

160

Linux Proxy Enhancements

Technical requirements For this chapter, you should have Veeam Backup & Replication installed. If you followed along through the book, then Chapter 1, Installing and Upgrading Veeam, covered the installation and optimization of Veeam Backup & Replication, which you can use in this chapter. If you have access to an Ubuntu Linux 20.04 server, it will help reinforce many of the concepts covered in this chapter.

Understanding Linux proxy enhancements and what's new in v11a Within the Veeam Backup & Replication system, you have the backup server, which is the one that handles administering tasks, and the proxy servers sit between it and the rest of the backup infrastructure components. The proxy servers are the ones that process jobs and deliver the backup traffic to the rest of the infrastructure; you could say they are the workhorse of all components. Based on the following diagram, you can see that the proxy server performs many tasks before finally sending data to the backup repository:

Figure 7.1 – Backup infrastructure with proxy server

The proxy servers will perform many tasks during a backup job, including the following: • Retrieving virtual machine (VM) data from within the production storage • Compressing the data – during transit to the repository • Deduplicating the data – deduplicate the data before sending it to the repository

Understanding Linux proxy enhancements and what's new in v11a

161

• Encryption of the data – encrypt data in transit to the repository • Sending of data to the backup repository (backup job) or possibly another proxy server (replication job) • Performing restores In a typical small deployment scenario, the proxy server is deployed on the backup server and is helpful for low-traffic loads. When it comes to larger enterprise installations, a distributed structure is better at deploying proxy servers separately.

Figure 7.2 – Veeam components with a distributed architecture

This diagram shows an enterprise environment infrastructure where the proxy servers are deployed separately on the network. Note that a proxy does not explicitly need a dedicated system, but this becomes a natural choice for larger environments. Within the new Veeam Backup & Replication v11a, some significant enhancements put the Linux proxy on par with the Windows proxy capabilities. Some of those changes are as follows: • A Linux proxy server can be physical or virtual. • More transport modes – NBD, Direct SAN, and Hot-Add. With the Hot-Add transport mode, Veeam now uses the enhanced data fetcher technology, which was only used in Windows previously. • Backup from storage snapshot (iSCSI, FC).

162

Linux Proxy Enhancements

• Allows quick rollback/CBT restore. • Persistent data movers are now deployed when Linux servers are added the first time and are not to be redeployed during backups. • Enhanced security with the data mover process. • Certificate-based authentication instead of saved Linux credentials. • New elliptic curve (EC) cryptography – adds EC-based SSH key pairs such as Ed25519 or ECDSA Now, with enhancements, there also come some limitations, which are as follows: • Linux cannot be used as a guest interaction proxy. • Linux cannot be used with VMware Cloud on AWS. • The Open-iSCSI initiator must be enabled for Direct SAN access. • The NFS protocol is not supported for integration with storage systems. • The VM copy scenario is not supported when Hot-Add transport mode is used. Now that you understand the proxy server enhancements and what has changed in v11a, we will now look at how these can help you in your environment.

Understanding how the latest enhancements can help your organization With all the newest enhancements, you may be wondering how these can help you in your backup environment. The following sections will look at the improvements from the previous section, Understanding Linux proxy enhancements and what's new in v11a.

A Linux proxy server can be physical or virtual With the proxy transport modes changing, you can now have the Linux proxy server as either a physical server or a VM within your virtual infrastructure. By deploying a Linux proxy in your virtual infrastructure, you will save the cost of physical hardware, maintenance, and support. Instead, it becomes part of your virtual environment, allowing for easier maintenance, updating, and so on. However, if you choose a physical server, this allows for storage integration with iSCSI or Fiber Channel and faster network backups when using a 10 GB network or higher. There is added cost for physical hardware to replace failed parts, support, and so on, and should a critical component fail, this might take the server out of commission until fixed.

Understanding how the latest enhancements can help your organization

163

More transport modes – NBD, Direct SAN, and Hot-Add Initially, when the Linux proxy server was introduced in Veeam Backup & Replication v10, you had to run it in appliance mode (Hot-Add). This, at the time, effectively required the server to be a VMware VM to run the proxy role. Veeam Backup & Replication v11a has made the transport modes equal to the Windows proxy servers by adding both NBD and Direct SAN. Network Block Device (NBD) allows you to take advantage of a fast network such as 10 GB or higher and works well when using a physical Linux proxy server. Do note that the network mode will operate over the management VM kernel network configured on your hosts. Direct SAN allows you to use something such as iSCSI to connect to the datastores where the VM files reside and back up directly from there, avoiding most of the virtualization layer. Direct SAN is one of the faster backup modes. When adding a Linux proxy server, you must add the Linux server itself to the Veeam console under the Backup Infrastructure tab in the Managed Servers section.

Figure 7.3 – Managed servers adding Linux server to be a proxy server

164

Linux Proxy Enhancements

Once you have the Linux server added, you can go under the Backup Proxies section to add it as a proxy server.

Figure 7.4 – Adding a Linux proxy server

Understanding how the latest enhancements can help your organization

165

Selecting Add VMware backup proxy will start the New VMware Proxy wizard, as shown in Figure 7.5. You have the option to choose the Transport mode setting, at the first step of the wizard, using the Choose… button:

Figure 7.5 – Transport mode selection of Linux proxy

After completing the wizard, the new Linux proxy will be shown and ready to use within your backup jobs.

Backup from storage snapshot (iSCSI, FC) The Linux proxy can now integrate and complete backups from storage snapshots in your storage infrastructure. This mode is known as Direct SAN access mode, and the performance is very good, with less traffic placed on your other infrastructure, primarily if virtual.

166

Linux Proxy Enhancements

Allow quick rollback/CBT restore Previously, the quick rollback feature with Changed Blocks (CBT) restore could only be accomplished with the Windows proxy, but now you can do this with your Linux proxy.

Figure 7.6 – Using quick rollback with CBT

It allows you to perform the quick rollback feature of Veeam Backup & Replication, which takes a server to the desired restore point. It also uses CBT to be restored, allowing you to get your server operational much quicker.

Persistent data mover deployed When you install your Linux server to get used as a proxy, the transport components get deployed persistently when registered in Veeam. This process will improve performance and scalability, as data movers are not required to get pushed to the server at each task start. Veeam also automatically creates the rules needed for the built-in Linux firewall for the duration of the backup jobs.

Discovering the persistent data mover with enhanced security

167

Enhanced data mover security When using the single-use credentials, the persistent data mover will run as a limited user from the credentials set it was deployed with. This security prevents vulnerabilities by not allowing hackers to use the API to overtake the operating system.

Certificate-based authentication instead of saved Linux credentials When setting up a Linux proxy server using credentials, those will now not get saved, and Veeam will use the public key infrastructure (PKI) technology for authentication instead. The backup server and transport components used during backup tasks will communicate using key pairs generated during transport deployment.

New elliptic curve (EC) cryptography – adds EC-based SSH key pairs such as Ed25519 or ECDSA Within v11a now, Veeam has achieved an unprecedented level of security by using EC-based SSH key pairs, such as Ed25519 or ECDSA, when communicating with the Linux servers. Think of it this way, if cracking a 228-bit RSA key requires less energy than boiling a teaspoon of water, a 228-bit EC key takes enough energy to boil all the water on Earth! This security provides the equivalent of a 2,380-bit RSA key! Now that we have covered the proxy server enhancements for Linux, let's look directly at the persistent data mover with enhanced security.

Discovering the persistent data mover with enhanced security When you deploy a proxy server, two components get installed on the server: • Veeam Installer Service: This is an auxiliary service installed and started on any Windows server once added to the managed servers within the Veeam Backup & Replication console. It analyzes the system and installs or upgrades components and services dependent on role selection. • Veeam Data Mover: This is the heart of the proxy server and is the component that performs the data processing of tasks on behalf of the backup server.

168

Linux Proxy Enhancements

When it comes to the data mover on the Linux proxy server, this component is now persistent during the deployment in v11a. Previously in v10, when using a Linux proxy, the data mover component was deployed each time the proxy was used for backup jobs, which would degrade the performance somewhat. Now, in v11a, the data mover gets deployed to the Linux proxy server when first added to the console and does not require redeployment at each backup task run when used. This saves time and also increases the performance since deployment is not needed. Important Note For Linux hosts not yet supporting the persistent data mover, such as storage appliances with Veeam Data Mover integration, v11a will continue using the runtime data mover.

Further to this, Veeam has been able, as noted previously, to achieve an extremely high level of security for the data mover using the EC-based SSH key pairs. An explanation of each is as follows: • ECDSA – Elliptic Curve Digital Signature Algorithm • Ed25519 – Edwards-curve Digital Signature Algorithm Now that we have looked at the persistent data mover and enhanced security, let's see how Veeam uses certificates instead of credentials.

Discovering how credentials are the past and certificates are the future When adding servers to the Veeam Backup & Replication v11a environment using Linux, you will need to provide credentials to be used. This method was and still is used with most products, including Veeam. However, Veeam will discard those credentials once the server connects and use the PKI environment certificates for all communications. When adding a Linux server, you will also use the single-use credentials used when adding to the Veeam console and then discarded for certificates. So, you might be asking yourself – how does this help me or add security to my environment? Credentials get stored in the Veeam database and configuration backups. So, if your Veeam server is compromised and the hacker gets hold of your configuration backups, they can retrieve your passwords only if they know the encryption password! This is an excellent reminder to set the encryption password for your configuration backups to add an extra layer of security.

Special section by Rick Vanover from Veeam – future Linux capabilities and industry direction 169

The following is the Credentials dialog within the Veeam console:

Figure 7.7 – Credentials dialog with certificates for Linux

We have now covered the section on credentials and certificates. The following section is a guest spot from Rick Vanover at Veeam with his take on future Linux capabilities before we wrap this chapter up with our summary.

Special section by Rick Vanover from Veeam – future Linux capabilities and industry direction Veeam has been on a journey with Linux. One of the most significant positive movements for Linux was the addition of the Linux proxy, but this was one of many moves. Everything from the XFS block cloning (a storage efficiency) for backup repositories, NFS repositories, the Veeam Agent for Linux, and the certificate enhancements explained earlier; it is relatively straightforward that Linux is a priority at Veeam.

170

Linux Proxy Enhancements

Additionally, Veeam's three newest products are based on Linux (Veeam Backup for AWS, Microsoft Azure, and GCP). The upcoming Veeam Salesforce backup product will also be based on Linux. New products for Nutanix AHV and Red Hat Virtualization also provide a special proxy based on Linux. While this book is focused on actionable information for the administrator for deployments now with v11a, it is reasonable to expect more Linux capabilities from Veeam across the spectrum.

Summary This chapter has reviewed the Linux servers as proxies. We took a look at what was new within v11a of Veeam Backup & Replication. We reviewed the enhancements made for the unique features of the Linux proxy. We then took a look at how these latest enhancements can play a significant role in your backup infrastructure. We discussed the persistent data mover used now on a Linux proxy, along with the enhanced security for this. Also discussed was how credentials get replaced with certificates for communication between the backup server and Linux proxy. After reading this chapter, you should now have a much deeper understanding of the proxy enhancements and what's new in v11a. It would help if you also understood how many of these new features could help benefit your environment, from security to performance. Hopefully, you will now have a better idea of Linux proxies. The next chapter will look at the newest enhancements for the recovery of SQL Server and Oracle databases. Also, we will cover instant publishing of NAS backups and recovery of anything to Microsoft Hyper-V.

Further reading • Linux backup proxy requirements: https://helpcenter.veeam.com/docs/ backup/vsphere/backup_proxy_requirements.html?ver=110 • EC cryptography explanation: https://xilinx.github.io/Vitis_ Libraries/security/2021.2/guide_L1/internals/ecc.html

8

Understanding Instant Recovery Veeam Backup & Replication has several options regarding restoring a Virtual Machine (VM) using the Instant Recovery feature. This chapter will look at Instant Recovery and how to use it. We'll discuss what Instant Recovery is when it comes to restoration. You will learn the prerequisites and requirements for conducting an Instant Recovery. We'll then look at starting and completing an Instant Recovery. We will dive into how you commit your Instant Recovery by migrating it to your environment or canceling the recovery process. Finally, we will look at everything new in Veeam Backup & Replication v11a. By the end of this chapter, you will be able to explain Instant Recovery. You will have discovered what you need to complete the recovery process. You will be able to define the steps of an Instant Recovery from start to finish. You will also be able to explain the new features of v11a. And finally, you will have learned how to migrate your servers to your production environment or cancel the recovery process.

172

Understanding Instant Recovery

In this chapter, we're going to cover the following main topics: • Discovering the requirements and prerequisites for Instant Recovery • Exploring Instant Recovery – what is it? • Investigating and understanding the Instant Recovery process and steps • Exploring the migration or cancellation steps for recovery • Discovering what is new in Veeam Backup & Replication v11a

Technical requirements For this chapter, you should have Veeam Backup & Replication installed. If you have followed along through the book, then Chapter 1, Installing and Upgrading Veeam, covered the installation and optimization of Veeam Backup & Replication, which you can leverage in sections of this chapter.

Discovering the requirements and prerequisites for Instant Recovery Now that you understand the Instant Recovery process better, we will look at the required components and prerequisites. There are a few components from Veeam Backup & Replication that are necessary and there is storage space to consider as well: • vPower NFS Service – This is the service installed on a Windows server that allows it to act as an NFS server to mount the backup files for the Instant Recovery process. • Disk space for the cache folder – Instant Recovery requires additional free space for the cache folder (non-persistent data – at least 10 GB is recommended). • Production Storage – If you are going to use Storage vMotion or Quick Migration, then you will need enough storage for the VM to restore based on the size of the VMDK files. Instant VM Recovery's main component is the Veeam vPower NFS Service, as it performs the bulk of the workload during the entire process. As noted previously, this is the Windows service installed on any server to act as an NFS server to mount the VM files from the backup files.

Discovering the requirements and prerequisites for Instant Recovery

173

Veeam vPower technology enables the following features: • Recovery verification • Instant Recovery • Instant VM Disk Recovery • Staged restore • Universal Application-Item Recovery (U-AIR) • Multi-OS File-Level Restore The system designated as the vPower NFS Server creates a particular directory called the vPower NFS datastore. When you start a VM or VM disk from backup, Veeam Backup & Replication publishes the VMDK files of the VM from backup on the vPower NFS datastore. The VMDK files are emulated (pointers get created) on the vPower NFS datastore, but the actual VMDK files remain on the backup repository. Once the vPower NFS datastore creates the pointers to the VMDK files on the backup repository, a mount point gets created on the ESXi host. The backed-up VM images within the vPower NFS datastore can then be accessed by the ESXi host and used as regular VMDK files. The process of emulating VMDK files within the vPower NFS datastore allows them to function as pointers to the actual VMDK files in the backup repository. Important When using Veeam vPower NFS datastores, only vPower operations are allowed. Using them as regular VMware vSphere datastores is not allowed. As an example, files of replicated VMs cannot be placed on such datastores.

When determining the vPower NFS Server service location, it is strongly recommended to enable it on the server acting as your Windows repository. If your repository server is Linux, you will need a Windows server to install the service. Installing it directly on the repository server allows Veeam Backup & Replication to connect the backup repository and ESXi to which the vPower NFS datastore is mounted. When the vPower NFS Server service is not running on the repository server, it can affect recovery verification performance. This is due to the connection between the ESXi host and backup repository getting split into two parts: • From the ESXi host to the vPower NFS server • From the vPower NFS server to the backup repository

174

Understanding Instant Recovery

The final thing to note for the vPower service is to ensure proper network interface configuration gets set up on the ESXi host and vPower NFS Server. The ESXi host must access vPower NFS Server; otherwise, it cannot mount the datastore properly, if at all. The ESXi host uses the VMkernel interface to mount the vPower NFS datastore, so it must be present; otherwise, the vPower NFS datastore will fail to mount. Note IP address authorization is used to restrict access to vPower NFS Server. Only the ESXi host that provisioned the vPower NFS datastore is able to gain access.

An example of how instant recovery works:

Figure 8.1 – Instant recovery overview

You should now understand the Instant Recovery requirements, including the vPower NFS Service, which does the mounting and communication to the repository server and backup files. We will now dive into how the process works and how to run Instant Recovery.

Exploring Instant Recovery – what is It?

175

Exploring Instant Recovery – what is It? Within Veeam Backup & Replication, there is your typical backup and restore operations, but what happens when you need to recover an entire VM with corrupted files or accidentally deleted files? This problem is where the Instant Recovery option allows you to immediately restore different workloads as VMware vSphere VMs by running them directly from your backup files. The supported backup file types are as follows: • Veeam Backup & Replication backups: ‚ VMware vSphere ‚ vCloud Directory ‚ Microsoft Hyper-V • Agent backups: ‚ Windows agent ‚ Linux agent • Nutanix AHV backups ‚ Veeam Backup for Nutanix AHV • Cloud backups: ‚ Amazon EC2 ‚ Microsoft Azure As you can see, there are many options for restoring workloads using Instant Recovery and backups from various sources. With Instant Recovery, you can help improve Recovery Time Objectives (RTOs) and minimize the disruption and downtime of production workloads. Using Instant Recovery is like having a temporary spare for your workload. Users remain productive instead of allocating unestimated amounts of time to troubleshooting issues with the failed workload. When performing an Instant Recovery, Veeam Backup & Replication uses the Veeam vPower technology to directly mount the image on an ESXi host from the compressed and deduplicated backup file for the VM. Since no extraction is necessary from the backup file, this allows you to select any restore point for a quick restore in a matter of minutes.

176

Understanding Instant Recovery

When you select a restore point for Instant Recovery, the image remains in a read-only state to avoid unexpected modifications. Instead, all changes to the virtual disks are logged in an auxiliary redo log file using vPower NFS. These recorded changes are either discarded when the restored VM is removed or merged with the original VM data if recovery is finalized and moved to production. I/O performance for a restored VM is improved when redirected to a specific datastore during the Instant Recovery process. This allows Veeam Backup & Replication to trigger a snapshot rather than using redo logging. The Veeam IR directory is placed on the selected datastore, where the VM's changes are held in metadata files. To finalize the Instant Recovery, you have three options: 1. Storage vMotion – Allows you to quickly migrate the restored VM to production storage with no downtime. Data gets pulled from the NFS datastore to production storage, and changes are consolidated with the VM still running. Important Note Storage vMotion can only be used if you select to keep the VM changes on the NFS datastore without redirecting them, as noted previously for I/O performance. Storage vMotion is also only available with select VMware licenses.

2. Replication or VM Copy – Allows you to create a copy of the VM and fail it over during a maintenance window or the next available opportunity. Unlike Storage vMotion, this option requires downtime to clone or replicate the VM, power it off, and then power on the cloned copy or replica. 3. Quick migration – This is a two-stage migration process that Veeam Backup & Replication will perform. The VM will get restored from the backup file located on the production server instead of pulling data from the vPower NFS datastore. Then all changes are moved and consolidated with the VM data. Please refer to the Further reading section at the end of the chapter – it has a link for more information on this topic.

Exploring Instant Recovery – what is It?

177

The overall process looks similar to this:

Figure 8.2 – Instant Recovery overall steps

There is also another option other than Instant Recovery, which is Instant VM Disk Recovery. What is the difference, you ask? Rather than recovering the entire VM, you can use Instant VM Disk Recovery to recover a single disk from a VM. Why would you want to do this? Well, there are two good reasons: 1. Recover a VM disk, not the entire VM. If you need the whole VM, then you use Instant Recovery. 2. Recover a VM disk and keep the target VM (to which you want to attach the disk) powered on. However, if the VM can be powered off, you would use the Virtual Disks Restore option. The Further reading section has a link to this option. Now that we have taken a look at what Instant Recovery is and how it works, we will investigate the requirements and prerequisites for completing this process.

178

Understanding Instant Recovery

Investigating and understanding the Instant Recovery process and steps When it comes to conducting Instant Recovery, four main steps take place in the background: • Initialization Phase – This is the initial step in the process, and performs the following: A. The Veeam Backup Manager process gets started on the Veeam backup server. B. Veeam Backup Service validates whether the necessary backup infrastructure resources are available for Instant Recovery. C. The transport service on the backup repository starts Veeam Data Mover. • NFS Mapping – An empty NFS datastore is mapped to the selected ESXi host using the vPower NFS Service after Veeam prepares the infrastructure resources. Included in the resources is a cache file where changes are written instead of the actual backup repository. • Registering and starting the VM – The VM will run from the Veeam NFS datastore, which gets treated as any regular datastore in VMware vSphere attached to the ESXi host. For this reason, all actions in vCenter Server/ESXi can get performed for regular VMs. • Migrating guest to production datastore – Once you have confirmed the VM is working as expected, you can migrate VM disk data to a production datastore, using one of Storage vMotion or Veeam Quick Migration. There are also a couple of performance concerns to note regarding the Instant Recovery process with the read pattern and write redirections: • Read pattern – The performance of Instant Recovery is very read-intensive and is directly related to the performance of the underlying repository. Deduplication appliances should be given careful consideration while standard drive repositories can achieve good results and are preferred. Performance can be impacted by deduplication appliances and more than one instant recovery being launched.

Investigating and understanding the Instant Recovery process and steps

179

• Write redirections – After booting the guest VM, reads of existing blocks will come from the backup storage and then write/re-read new blocks on the configured storage. This happens whether it is a datastore or a temporary file on the vPower NFS Server local drive, which by default is located in the folder %ALLUSERSPROFILE%\Veeam\Backup\NfsDatastore. Veeam recommends redirecting the writes of the restored guest on a production datastore, which will ensure consistent performance for this process. To start Instant Recovery, you need to consider the following: • You can restore a workload from a backup with at least one successfully created restore point. • If you restore a workload to the production network, ensure that the original workload is powered off. • If you want to scan restored VM data for viruses, check the secure restore requirements and limitations (see Further reading). • You must provide enough free disk space in the vPower NFS datastore. The minimum amount of free space must equal the RAM capacity of the recovered VM plus 200 MB. For example, if the restored VM has 32 GB of virtual RAM, 32.2 GB of free space is required. • By default, the vPower NFS datastore is located in the IRCache folder on a volume with the maximum free space. This location is not used when you redirect virtual disk updates to a VMware vSphere datastore during the job configuration. • Veeam Quick Migration with Smart Switch – You need to provide more disk space in the vPower NFS datastore for this, with the minimum equal to the RAM capacity of the VM. • Nutanix AHV VMs – Instant restored VMs will have default virtual hardware of 2 CPU cores, 4 GB of RAM, and one network adapter.

180

Understanding Instant Recovery

Now let's go through the process to start Instant Recovery. You need to complete the following steps: 1. Launch the Instant Recovery wizard by clicking Backups on the Home tab and clicking the Restore button to select VMware vSphere:

Figure 8.3 – Restore button to launch the wizard

2. Once you click the VMware vSphere option, you are presented with a Restore dialog asking if you want to Restore from backup or Restore from replica:

Investigating and understanding the Instant Recovery process and steps

Figure 8.4 – Restore option for backup or replica

3. Click Restore from backup, and then you are presented with the Restore from Backup wizard, where you will select the Entire VM restore option:

Figure 8.5 – Entire VM restore selection

181

182

Understanding Instant Recovery

4. After clicking Entire VM restore, you get presented with the option to select Instant VM recovery, which launches the Instant Recovery wizard:

Figure 8.6 – Instant recovery option to launch the wizard

5. Once you click the Instant VM recovery option, this will launch the Instant Recovery wizard titled – Instant Recovery to VMware:

Investigating and understanding the Instant Recovery process and steps

Figure 8.7 – Instant Recovery to VMware wizard

6. In this dialog box, you can type in a VM name to search for it, or click the Add button to select a VM from backup:

Figure 8.8 – Quick search by typing the VM name

183

184

Understanding Instant Recovery

And you can also click Add to select your VM from infrastructure or backup:

Figure 8.9 – Add button to select from infrastructure or backup

7. Once you select your VM, you click Next to proceed to the Restore Mode section of the wizard:

Figure 8.10 – Restore Mode selection

Investigating and understanding the Instant Recovery process and steps

185

8. You now select Restore to the original location or Restore to a new location, or with different settings. Selecting the first option restores without any user input, and it takes you directly to the Reason section, whereas the second option allows you to choose Destination, Datastore, and Secure Restore. You can also select to restore the VM tags with the Restore VM tags checkbox:

Figure 8.11 – Restore to a new location or with different settings

186

Understanding Instant Recovery

9. Click Next to proceed to the Destination section of the wizard to specify things such as Restore VM Name, Host, VM folder, Resource pool, and customize the UUID of the virtual machine with the Advanced button:

Figure 8.12 – Destination options and UUID

10. Once all the fields are set, click Next to proceed to the Datastore selection:

Figure 8.13 – Datastore section of the wizard for Redirect write cache

Investigating and understanding the Instant Recovery process and steps

187

11. At this step, you can check Redirect write cache to use a datastore instead of the vPower NFS cache folder on the server acting as the vPower NFS server. As noted in Figure 8.12, this can be for capacity or performance reasons. Once selected, click Next to proceed to the Secure Restore section:

Figure 8.14 – Secure Restore options for virus scan of VM during the restore process

188

Understanding Instant Recovery

12. At this step, you check Scan machine for virus threats prior performing recovery and then choose to proceed or abort if anything gets found. You can also select Scan entire VM for virus threats, which will take longer to restore and ensures there are no server infections. Once the options you prefer are enabled, click Next to proceed to the wizard's Reason section:

Figure 8.15 – Reason section for description and optional checkbox

13. After you enter a description for the recovery in the Restore reason section, you will have the option to not show this page again by checking the checkbox if so desired. Click Next to move to the Summary page and then Finish to begin the Instant Recovery job:

Investigating and understanding the Instant Recovery process and steps

Figure 8.16 – Summary section and options for network and power

Information You can select two options: Connect VM to network and Power on target VM after restoring. Note that you may or may not want to connect the network at first to avoid conflict with the original VM, but if you select to power on the VM, there is a warning to ensure the original VM is powered off, as noted in the preceding screenshot.

189

190

Understanding Instant Recovery

Also, note that during the restore process, as pointed out earlier in the chapter – in the section Discovering the requirements and prerequisites for Instant Recovery section, we discussed the vPower NFS server and how it mounts a datastore to the host, which you select to restore to in the wizard. Shown here is the datastore mounted to the host – home-esxi02.home.lab – for the Instant Recovery process:

Figure 8.17 – vPower NFS mounted datastore for Instant Recovery

Remember, during the wizard, the datastore named VM-Datastore2 was selected for the write cache change metadata. You will now monitor the restoration process and watch your virtual environment to see the VM recreated in the infrastructure. This section completes the Instant Recovery section of the chapter. We will now explore what you can do to place the VM into production or cancel/delete the restored VM in the next section.

Exploring the migration and cancellation steps for recovery Now that we have gone through the Instant Recovery wizard to begin the recovery process, we can see the job is running and showing a status of Mounted. At this point, we can choose what to do with the VM regarding keeping it in production or canceling the restore to remove it:

Exploring the migration and cancellation steps for recovery

191

Figure 8.18 – Instant Recovery job in the running state

When you select the job in the right pane, the toolbar changes to give you four options: • Migrate to Production – This will launch a wizard to start Quick Migration to move the VM to production. • Open VM Console – This launches the VM console for you to log in to the VM and check things before migrating to production. This option will prompt for your vCenter credentials. • Stop Publishing – Does just that by unmounting the datastore, removing the VM, and stopping the Instant Recovery job to cancel everything. • Properties – This shows the properties of the Instant Recovery job.

192

Understanding Instant Recovery

The following screenshot shows these properties:

Figure 8.19 – Options in the console

The following steps outline the Migrate to Production option when selected: 1. Click on the Migrate to Production button, or right-click on the job to select the same option:

Exploring the migration and cancellation steps for recovery

193

Figure 8.20 – Migrate to Production button or right-click menu

2. You can then see the Quick Migration wizard. Input the Destination options for Host or cluster, Resource pool, VM folder, and Datastore:

Figure 8.21 – Destination selection for Quick Migration

194

Understanding Instant Recovery

3. Once you have your selections made, click Next to proceed to the Transfer section of the wizard:

Figure 8.22 – Transfer options for Source/Target proxy and Veeam transport

4. Here, you can select specific Source proxy/Target proxy servers to use and then check the checkbox for Force Veeam transport usage. This option works well if you had a license for VMware vSphere that did not have Storage vMotion to ensure the VM gets transferred by Veeam Backup & Replication to your infrastructure. Otherwise, it is best to let VMware handle the vMotion of the VM (unchecked). Click Next to proceed to the Ready section and Finish to begin the migration of your VM to production. The Quick Migration wizard will run, and VMware vSphere will conduct a Storage vMotion on your VM to the datastore selected and then register it on a host if the cluster is chosen or on the actual host specified in the wizard. If you select the Open VM Console button, it'll launch the console to the VM within the vCenter environment. You'll get prompted for your vCenter credentials to log in, and then the console window will open for you to log in to the VM to validate it before migration to production or canceling.

Exploring the migration and cancellation steps for recovery

195

If you do not wish to migrate the VM to production, click the Stop Publishing button in the toolbar. This option will remove the VM from your inventory and dismount the NFS datastore on the host. The job then gets canceled:

Figure 8.23 – Stop Publishing option to cancel the restore

After you click Yes, it goes through the dismount of the VM and datastore and then shows completion:

Figure 8.24 – Dismounting of the VM and datastore – Stop Publishing

196

Understanding Instant Recovery

When you click the Properties button, the restore job details are brought up to show that it is In progress, as shown in the following figure:

Figure 8.25 – Properties for Instant Recovery job

This section now wraps up the entire Instant Recovery process, and we will now take a look at the enhancements made to v11a for Instant Recovery and a few other things.

Discovering what is new in Veeam Backup & Replication v11a With the latest release of Veeam Backup & Replication v11a, there have been some excellent additions for the Instant Recovery section of the application. The following new workloads got added: • Instant recovery of Microsoft SQL Server and Oracle databases • Instant publishing of NAS backups • Instant recovery of anything to Microsoft Hyper-V Now let's take a look at these in detail to explain how they work in v11a.

Discovering what is new in Veeam Backup & Replication v11a

197

Instant Recovery of Microsoft SQL Server and Oracle databases What would you do if your database would not start or your developers accidentally dropped a table from the database? The typical best practice for database administrators is to set up backup jobs within SQL, but what if you did not have them? Well, Veeam to the rescue! Veeam allows you to recover your database to the latest state or a point in time back to the original location or to any database server or cluster in your production environment regardless of size. Veeam makes your database available to production applications and database clients instantly. Modifications can take place normally with all changes preserved in the cache, while never changing the backup. Veeam will restore the database to production storage and then keep it in sync with the actual (modified) database state located in the same or different production storage. Finalizing your recovery means switching the database to running from the production storage. This gets done with minimal downtime and is equivalent to restarting the database. When it comes to making the switch over to the recovered database, it can be done manually or scheduled to happen automatically. Either of these options can get done as soon as the synchronization catches up or during a maintenance window. This database recovery method uses a service-based architecture not dependent on the Veeam Explorer user interface running. Now, what happens should any component in the backup infrastructure reboot due to maintenance or some other unforeseen issue? The instant recovery conveyor will automatically recover the job once all components come back online. Should there be an extended outage of an hour or more, manual intervention to start the recovery using the Veeam Explorer UI is required. For further information on how the Microsoft SQL Server restore works, please refer to this page: https://helpcenter.veeam.com/docs/backup/explorers/ vesql_instant_hiw.html?ver=110 Important Instant database recovery is included in the Veeam Universal License. When using the legacy Socket-based license, you will require the Enterprise edition or higher.

198

Understanding Instant Recovery

The following are some screen captures of the options for the instant recovery of Microsoft SQL Server:

Figure 8.26 – Launching the Microsoft SQL Server instant recovery

After launching the wizard and completing the steps to select the restore point to be used, you get taken into Microsoft SQL Explorer, where you choose the database to restore:

Figure 8.27 – Veeam Explorer for Microsoft SQL Server – instant recovery selection

Discovering what is new in Veeam Backup & Replication v11a

199

You then go through the wizard, selecting the target server, filenames and locations, and the switchover type:

Figure 8.28 – Target SQL Server for instant recovery

And then the file location and names:

Figure 8.29 – Filenames and location on target SQL server

200

Understanding Instant Recovery

Finally, the switchover type:

Figure 8.30 – Database switchover type

Instant file share recovery What would happen if you lost your NAS or file server or deleted a file share accidentally? If you were not using Veeam then you would need to use other tools to try and retrieve your data. Veeam now has the ability to publish SMB file shares from backup to the latest restore point or to an earlier restore point on your selected mount server. With this feature, users can instantly access their data in this temporary location while you are fixing or restoring data back to your NAS.

Discovering what is new in Veeam Backup & Replication v11a

201

Beta testers discovered other use cases that enable third-party applications and scripts for instant data access for data mining, and other data reuse scenarios that avoid locked files and impact the production environment—offloading this activity to the backup storage hardware, which typically remains idle during production hours. Note When planning to do a file share recovery, be aware that it is only supported on SMB file shares and when recovered they are in read-only format with no changes allowed.

The following are some screenshots of the instant publishing of the NAS backups:

Figure 8.31 – Instant recovery of NAS backup

202

Understanding Instant Recovery

After the wizard starts, you choose the restore point and then get prompted with which mount server to use:

Figure 8.32 – Mount server selection – automatic or manual

You have the option to allow Veeam to use the backup server as the mount server, or you can click Manual selection and the Edit button to choose. Once you have selected the mount server, you are prompted with Access Permissions, where you must select an owner:

Discovering what is new in Veeam Backup & Replication v11a

203

Figure 8.33 – Access permissions and owner selection

You then click Next to enter a reason, then review the summary and click Finish to launch the mount operation, at which point there is a link (Open file share) you click on to see the restore point mounted on the mount server:

Figure 8.34 – Mount completed and opened for browsing

204

Understanding Instant Recovery

You can see Instant Recovery also showing in the Veeam console on the Home page:

Figure 8.35 – Home page showing restore running with options

Once complete, click the Stop Publishing button to stop the recovery process and unmount the restore point from the mount server. Now that we have taken a look at how NAS instant recovery is accomplished, let's follow this up with recovering anything to Microsoft Hyper-V.

Instant recovery of anything to Microsoft Hyper-V With Veeam v11a, recovery and portability are available for any physical server, workstation, VM, or cloud instance backups to a Microsoft Hyper-V VM, regardless of which Veeam product created the backup. The recovery works thanks to the built-in P2V/V2V conversion logic – enabling restores and migrations with speed and flexibility, making hybrid-cloud DR a reality and with nothing new to learn. Also, with Veeam running on Microsoft Windows, the Hyper-V host is readily available and built directly into the host for use with recovery. Even Windows 10 Hyper-V is supported as a target for restores allowing managed service providers (MSPs) to create all-in-one DR appliances built on Windows 10 for clients. The following screenshots show some of the screens for restoring a VM to Microsoft Hyper-V:

Discovering what is new in Veeam Backup & Replication v11a

Figure 8.36 – VM selection and Instant Recovery button – Microsoft Hyper-V

Once you select the option for Microsoft Hyper-V, you then start the instant recovery wizard. You are shown the VM set and can choose a restore point. After you proceed, you then select your Hyper-V host:

Figure 8.37 – Selection of Hyper-V host

205

206

Understanding Instant Recovery

You will then see the Datastore selection, which will inherit the settings from your Hyper-V host for the file locations:

Figure 8.38 – Datastore location for VM files

Discovering what is new in Veeam Backup & Replication v11a

Then you select Network, where you have the option to have it in a Disconnect state:

Figure 8.39 – Selecting a network or disconnecting

207

208

Understanding Instant Recovery

After this, you choose Name for the restored VM and whether to generate a new System UUID:

Figure 8.40 – Name and System UUID selections

Note You may want to choose to create a new System UUID so there will be less chance of conflicts between the restored virtual machine and the original one.

You then proceed through the rest of the wizard, including Secure Restore options for virus scanning, the Reason for the restore, and the Summary tab, where you click Finish to complete the restore. We have now taken a look at the newest features and enhancements for instant recovery, and we will now conclude the chapter by summarizing what we have covered and learned.

Summary

209

Summary In this chapter, we looked at Instant Recovery and what backups you can use for this process. We reviewed the requirements and prerequisites for conducting an Instant Recovery and how the vPower NFS Service plays a crucial role in performing the tasks. We also discussed and looked at the entire Instant Recovery process using the wizard. We touched on how you conduct a quick migration to move the VM into your production environment or stop publishing to cancel the restore overall, dismounting the VM and datastore. Finally, we took a look at the new features and enhancements of v11a to see what other instant recovery options are now available. After reading this chapter, you should now have a much deeper understanding of Instant Recovery and what it is. You should also understand the requirements and prerequisites for doing a recovery, including the vPower NFS Service. And finally, you should understand how to migrate your VM to production or cancel and dismount both the VM and datastore. Hopefully, you will now have a better idea of how Instant Recovery works and how easy it is to move your VM into production or simply cancel the restore. Finally, you learned about the newest features in v11a and how they can apply to your environment. The next chapter will dive into Veeam's monitoring and reporting tool to keep track of both your backup and virtual infrastructure and what is new in the latest release.

Further reading • Quick Migration: https://helpcenter.veeam.com/docs/backup/ vsphere/quick_migration.html?ver=110 • Virtual Disk Restore: https://helpcenter.veeam.com/docs/backup/ vsphere/virtual_drive_recovery.html?ver=110 • (VIDEO) How to perform Instant Recovery: https://www.veeam.com/ instant-vm-recovery.html • Secure Restore Requirements and Limitations: https://helpcenter.veeam. com/docs/backup/vsphere/av_scan_about.html?ver=110 • vPower NFS Information: https://helpcenter.veeam.com/docs/ backup/vsphere/vpower_nfs_service.html?ver=110 • Best Practice for Instant Recovery: https://bp.veeam.com/vbr/Support/S_ Vmware/instant_vm_recovery.html#:~:text=%20Instant%20VM%20 Recovery%20%28IVMR%29%20%201%20Link%0AWrite,...%20%203%20 Link%0ANetwork%20ports.%20%20More%20 • Instant Recovery to Hyper-V: https://helpcenter.veeam.com/docs/ backup/hyperv/instant_recovery_to_hv.html?ver=110

9

Introducing Veeam ONE v11a Veeam Backup & Replication has a companion application that can monitor your virtual infrastructure and backup servers called Veeam ONE. This chapter will take a look at Veeam ONE and how to use it. We'll discuss installation requirements and steps to complete the setup of the program. You will learn about the monitoring of different environments, such as vSphere, vCloud, and Veeam. We'll also look at the reporting features of Veeam ONE. We will dive into how you can use Veeam ONE to troubleshoot things in your environment. Finally, we'll look at the enhancements that have been made to Veeam ONE v11a. By the end of this chapter, you will be able to explain what Veeam ONE is and how to install and configure it. You will discover how to use it to monitor your virtual infrastructure and your Veeam environment. You will explore the different kinds of reporting from Veeam ONE. You will learn how Veeam ONE can troubleshoot your environment. And finally, you will learn about everything new in Veeam ONE v11a. In this chapter, we're going to cover the following main topics: • Exploring Veeam ONE – an overview • Understanding Veeam ONE – installation and configuration • Discovering monitoring – vSphere, vCloud, and Veeam • Investigating and understanding reporting

212

Introducing Veeam ONE v11a

• Exploring Veeam ONE for troubleshooting • Investigating what is new in Veeam ONE v11a

Technical requirements For this chapter, you should have Veeam Backup & Replication installed. If you have followed along through the book, then Chapter 1, Installation – Best Practices and Optimizations, covered the installation and optimization of Veeam Backup & Replication, which you can leverage in sections of this chapter. You will also require the ISO file for Veeam ONE to go through the installation process to get the application installed for use. You can obtain this from the Veeam website in the downloads section.

Exploring Veeam ONE – an overview Veeam ONE is part of Veeam Availability Suite and provides comprehensive monitoring and analytics for your backups and virtual and physical environments. Veeam ONE uses Veeam Backup & Replication, Veeam Agents, and plugins and backups for Nutanix AHV along with VMware vSphere and Microsoft Hyper-V to deliver intelligent monitoring, reporting, and automation of your environments. It uses interactive tools and intelligent learning to identify and resolve problems before they become a real issue in your environment. Some of the critical capabilities of Veeam ONE include the following: • Built-in intelligence – Allows you to identify and resolve common infrastructure and software misconfiguration problems before they impact your operations. • Governance and compliance – Allows you to monitor and report on Service-Level Agreement (SLA) compliance for backups and data protection. • Intelligent automation – Using machine learning diagnostics and remediation actions to allow you to resolve issues faster before problems occur. • Forecasting and planning – Allows you to forecast both the costs and utilization of resources to determine future resource requirements. Further to the capabilities above, Veeam ONE also offers many other features, including the following: • Proactive alerting – You can proactively mitigate potential threats before they become a real problem. • Chargeback and billing – Allows you to calculate both compute and storage costs per user/group for customer billing.

Exploring Veeam ONE – an overview

213

• Monitoring and reporting – Monitor backup, physical, and virtual environments 24x7, including email alerts and actions. • Capacity planning and forecasting – Forecast infrastructure requirements for planning future purchases. With Veeam ONE, many environments are supported within the application, such as the following: • Veeam Backup & Replication – Monitor your backup environment. • VMware – Monitor vCenter, hosts, vCloud, and storage. • Hyper-V – Monitor your hosts and storage. • Nutanix AHV – Monitor AHV backups by Veeam. • Microsoft Windows – Monitor Veeam Windows Agents. • Linux – Monitor Veeam Linux Agents. • IBM AIX and Oracle Solaris – Monitor Veeam Unix Agents. • AWS and Azure – Monitor cloud resources, backups, and Agents. Veeam ONE, when installed, is comprised of two main components that work together to provide monitoring and reporting: • Veeam ONE Monitor is the primary tool used to monitor your virtual or physical environment and Veeam Backup & Replication infrastructure. Within the console, you can manage, view, and interact with alarms or monitoring data. You can also analyze the virtual and backup infrastructure components' performance, including tracking, troubleshooting issues, generating reports, and administering monitoring settings. • Veeam ONE Reporter provides dashboards and reports for your entire environment. It allows you to verify configuration problems, optimize resources, track implemented changes, plan capacity growth, and ensure mission-critical workloads are protected. These components get installed from the ISO file for Veeam ONE in a single solution. They can also be used in a distributed solution where components are separated, including the SQL Server requirement. The following sections outline the install as one server solution (typical deployment) or the distributed method (advanced deployment) with features residing on different systems.

214

Introducing Veeam ONE v11a

Single-server architecture – typical deployment Here is a list of things you typically will see with a single-server deployment: • Smaller environment – Veeam ONE Server, Web UI, and the Monitor client all installed on a single system (installed on a separate server from Veeam Backup & Replication). • SQL Server Express used on the same server, saving licensing costs due to the smaller environment (SQL Server Express 2016 included). • The virtual environment has less than 1,000 virtual machines to monitor. • The ability to install the Veeam ONE Monitor client on multiple machines for multi-user access. The following diagram shows a single-server architecture:

Figure 9.1 – Veeam ONE single-server solution – typical deployment

Next, let's take a look at advanced deployment.

Distributed server architecture – advanced deployment Here is a list of things you will typically see with an advanced server deployment: • An enterprise environment with servers distributed across multiple sites or data centers. • Components are separated – Veeam ONE Server and Web UI components installed on separate servers.

Exploring Veeam ONE – an overview

215

• The database is typically SQL Server Standard/Enterprise on a separate server – you can also enable SQL Server Reporting Services (SSRS) and leverage this within Veeam ONE to help in report creation. • Typically an environment with 1,000+ virtual machines to monitor. • Also, you can install the Veeam ONE Monitor client on multiple systems for multi-user access. The following diagram shows an advanced architecture:

Figure 9.2 – Veeam ONE distributed architecture – advanced deployment

Important Note It is recommended for larger-scale deployments (1,000+ VMs) to use a remote SQL Server installation. Veeam also recommends running Veeam ONE services on a dedicated server. Using this type of distributed structure will improve the performance of Veeam ONE services.

It is also worth noting that the advanced installation relies on a client-server model for communication and data collection: • The server components collect data from virtual infrastructure servers, vCloud Director servers, and Veeam Backup & Replication servers and store this data in the SQL database. • The Web UI component (Veeam ONE Reporter) communicates with the SQL database to allow users to pull data for creating reports. It also communicates with Veeam ONE Server to determine what data is displayed based on license type. • The Monitor client communicates with Veeam ONE Server to obtain real-time virtual and backup performance data and protection statistics.

216

Introducing Veeam ONE v11a Important Note To have a successful Veeam ONE deployment, you must ensure the client components are aware of Veeam ONE Server and the database's location to connect and retrieve/process data.

Another thing to consider when you decide to deploy Veeam ONE is licensing. If you do not deploy a license during or after the installation, Veeam ONE operates in Community Edition (Free) mode. If you need to obtain a license, it will be either Per Socket Licensing or Per Instance Licensing. An explanation of each license type follows. Also, the Further reading section contains a link to the Veeam website on licensing: • Per Socket Licensing: This licensing type is based on the number of CPU sockets that are managed by your VMware vSphere or Microsoft Hyper-V hosts. A license for each socket that the hypervisor can see is required. This doesn't permit Agent backups (Linux, Windows, Unix, or Mac) or cloud backups. • Per Instance Licensing: This licensing type is based on an instance, a unit (or token) assigned to a single object to make it manageable by Veeam ONE. This is Veeam's direction for product licensing with the expanded product portfolio. Furthermore, licensing is also different when monitoring Veeam Backup & Replication and Veeam Cloud Connect. Since these operate differently, there is also a license for each of these with Veeam ONE. Also, note that they cannot get installed on the same server, so if you need to monitor both Veeam Backup & Replication and Veeam Cloud Connect, you need to have two separate Veeam ONE Server instances. Keep this in mind when planning your deployment! Lastly, there are a few other deployment planning and preparation things to consider regarding supported virtualization platforms, integration with vCloud Director, integration with Veeam Backup & Replication, limitations, and so on. Please see the link in the Further reading section at the end of the chapter for more details. Important Note The following components cannot be installed on a domain controller: Veeam ONE Server, Veeam ONE Web UI, Veeam ONE Database, and Veeam ONE Agent. Also, any network configurations that use IPv6 addressing are not supported.

Understanding Veeam ONE – installation and configuration

217

We have now covered what Veeam ONE is, what components make up the infrastructure, and other architectural information. Now let's take a look at how to install and configure Veeam ONE in the next section.

Understanding Veeam ONE – installation and configuration The installation of Veeam ONE is a pretty straightforward process, and you are required to have the ISO file, as noted in the Technical requirements section at the beginning of the chapter. Also, before installing, you need to check the following prerequisites: • Check the platform and system requirements – Ensure that your virtual platform is supported and the machine you are installing Veeam ONE on meets the hardware and software requirements. If using an advanced deployment with components on different servers, ensure they meet the needs too. • Check account permissions – Make sure the user account you will be using for the installation of Veeam ONE has sufficient rights. • Check ports – Make sure all required ports for communication between Veeam ONE components, virtual infrastructure servers, vCloud Director servers, and Veeam Backup & Replication servers are allowed. • [Optional] Precreate the Veeam ONE database – Typically, the installation process for Veeam ONE will automatically create the SQL database for you; however, there could be times when it is necessary to create the database ahead of time. You can use the SQL script included within the Veeam ONE installation image. Please also see the link in the Further reading section for Deployment Planning and Preparation. The installation I will be using to demonstrate how you set up Veeam ONE will be a Typical deployment due to my lab environment. As discussed earlier, Advanced deployment is used when splitting the Veeam ONE components into different servers and is dependent on your environment and infrastructure. For most businesses' scalable deployments, Veeam ONE would function as a server application. Smaller environments can run Veeam ONE on Windows 7 SP1, Windows 8.1 (Professional and Enterprise editions), and Windows 10 (Professional and Enterprise editions).

218

Introducing Veeam ONE v11a

Installation of Veeam ONE v11a Before installing Veeam ONE, you need to ensure that you have a server deployed, either Windows 2016, 2019, or 2022, with enough disk space for the installation. The disk layout should be similar to the following: • OS drive: This is where your operating system resides and should be used only for this purpose. • Application drive: This will be your application installation drive for Veeam ONE and all its components. • Database drive: Veeam ONE uses a SQL database to store its information, so the installation of the database files to a separate drive is advisable. • Performance cache drive: Veeam ONE, when collecting performance data from the virtual infrastructure, stores that in a cache folder. Once your server is ready, and you have downloaded the ISO file and mounted it, complete the following steps for installation: 1. Run the setup.exe file on the mounted ISO drive.

Figure 9.3 – Veeam ONE installation window

2. Click the Install button in the Veeam ONE 11a section on the left or select the individual component used in an advanced deployment by clicking Install under Veeam ONE Server.

Understanding Veeam ONE – installation and configuration

Figure 9.4 – License Agreement screen

3. The first screen is the License Agreement screen, so check both boxes and click Next to continue the wizard. The next screen is the type of deployment, Typical or Advanced, with a link at the bottom of the wizard to open the website to explain each one further, in addition to what we covered in the previous Exploring Veeam ONE – An Overview section.

Figure 9.5 – Typical or Advanced deployment type selection

219

220

Introducing Veeam ONE v11a

4. Once the correct deployment type is selected, click the Next button. We are using Typical for this particular installation due to lab limitations. You are now at the System Configuration Check section of the wizard. Like the Veeam Backup & Replication installation, you can click the Install button to deploy the missing features.

Figure 9.6 – System Configuration Check – deploy missing components

5. You click the Install button to have the installation wizard deploy the missing components. Once completed, click the Next button to proceed to the Installation Path screen, where you will choose your server's application drive, then click Next to proceed.

Figure 9.7 – Installation Path selection

Understanding Veeam ONE – installation and configuration

221

6. You get asked for the Service Account Credentials to use for Veeam ONE's installation on the next screen. The account permissions are discussed above. Once you have typed in the account or used Browse, type the Password, then click Next to proceed.

Figure 9.8 – Service Account Credentials selection and Password field

7. The next screen is SQL Server Instance, where you can install either SQL Express locally or direct the installer to a remote SQL Server instance. The default database name is VeeamONE, as shown, but can be changed. You will also need to select the authentication method for SQL, that being either Windows or SQL Server authentication. Once you have the options set, click Next to proceed.

Figure 9.9 – SQL Server Instance selection

222

Introducing Veeam ONE v11a

8. The next screen is Provide License, where you specify your license or select Community Edition mode. There is a link on this screen that indicates the limitations of the Community Edition. Once the correct licensing is selected, click Next to proceed.

Figure 9.10 – Veeam ONE licensing

9. You are now at the wizard's Connection Information, displaying the default ports to use for Reporter web site port and Veeam ONE agent port. Also noted is the certificate to be used, which defaults to self-signed or you can choose one that is installed on the server with the drop-down list and the View certificate button. Click the Next button to proceed.

Understanding Veeam ONE – installation and configuration

223

Figure 9.11 – Port and certificate settings

10. You will now be on the Performance Data Caching screen, where you select the folder to store performance data collected from the virtual infrastructure. Typically, as noted at the beginning of this section, that is a separate drive in the server. Click Next once the folder is correctly entered.

Figure 9.12 – Performance Data Caching directory

224

Introducing Veeam ONE v11a

11. You are now at the Virtual Infrastructure Type section, and at this point, you can specify your VMware vCenter Server or Microsoft Hyper-V Host, Failover Cluster or SCVMM server host settings. You can also click the Skip virtual infrastructure configuration option and complete this later, which we will do. Click Next once selected to proceed.

Figure 9.13 – Virtual Infrastructure Type selection during install

12. You will now choose the Data Collection Mode based on the installation type you have, Typical or Advanced. If you are not monitoring your virtual infrastructure, you can select the third option – Backup Data Only, which will monitor only Veeam Backup & Replication servers. Click Next to proceed after the correct selection is chosen.

Understanding Veeam ONE – installation and configuration

225

Figure 9.14 – Data Collection Mode selection

13. The Ready to Install part of the wizard shows the chosen Veeam ONE configuration settings. There is a checkbox, Check for updates once the product is installed and periodically, selected, which will do a check for updates occasionally. Click the Install button to begin installing Veeam ONE.

Figure 9.15 – Ready to Install – configuration review

226

Introducing Veeam ONE v11a

This section now completes the installation of the Veeam ONE software. In the next section, we will look at how to configure monitoring for VMware and Veeam Backup & Replication.

Discovering monitoring – vSphere, vCloud, and Veeam To launch the Veeam ONE programs after installation, you use the icons on the desktop:

Figure 9.16 – Veeam ONE icons

The icons launch the respective programs installed with Veeam ONE: • Veeam ONE Monitor – Launches the Monitor console where you configure and monitor your virtual infrastructure, vCloud Director, Veeam Backup & Replication, and configure alarms. • Veeam ONE Reporter – This launches your web browser and takes you to the dashboards, workspace, and configurations. When you first launch the Veeam ONE Monitor client, a small wizard comes up asking for both SMTP (email) and SNMP settings. The following is the initial screen showing the different tabs you can fill out to complete this wizard or you can click Cancel to skip this. You can configure the email and SNMP settings later in the console.

Discovering monitoring – vSphere, vCloud, and Veeam

227

Figure 9.17 – Configuration Wizard on the first launch of the program – SMTP and SNMP settings

When the client opens Veeam ONE Monitor, you get presented with the central console view of Veeam ONE. Here you can launch the notification wizard shown in Figure 9.17 using the Notifications button:

Figure 9.18 – Veeam ONE Monitor console

228

Introducing Veeam ONE v11a

There are four tabs within the console: • Infrastructure View – This will show either your VMware, vCloud Director, or Hyper-V environment once you add the servers to Veeam ONE. • Business View – This shows your virtual infrastructure from a business perspective – based on your company needs and priorities. You can group your virtual infrastructure objects by things such as business unit, department, purpose, SLA, and so forth. • Data Protection View – This will show the view for your backup servers that get connected to the console by either Veeam Backup & Replication or Veeam Cloud Connect. • Alarm Management – This tab allows you to manage all the default alarms that come with Veeam ONE as well as to add your own custom alarms. To get started with monitoring your environment, you need to click on the Add Server option on the screen or the Add Server button in the toolbar. You can add any server from any screen as they are not related when doing this:

Figure 9.19 – Add Server options in the console

Discovering monitoring – vSphere, vCloud, and Veeam

229

Now that we have looked at the console, let's take a look at how to add a server for monitoring: 1. Once you click on either option, you are then presented with the Add Server Wizard where you can add VMWARE SERVER, VMWARE VCLOUD DIRECTOR, HYPER-V SERVER, or VEEAM BACKUP & REPLICATION SERVER:

Figure 9.20 – Add Server Wizard

As an example, we will add both VMWARE SERVER and VEEAM BACKUP & REPLICATION SERVER to see the process.

230

Introducing Veeam ONE v11a

2. So first click on the VMWARE SERVER option in the Add Server Wizard shown in Figure 9.20. You will be presented with the Add Server Wizard.

Figure 9.21 – Add Server Wizard – VMware Server

3. From this screen, enter the server's DNS or IP address and select whether it is vCenter Server or ESX(i) host. Click Next to proceed. 4. You will then get prompted for the Credentials of either vCenter Server or the ESXi host. Enter the credentials and then click Next to continue.

Figure 9.22 – Credentials for VMware Server

Discovering monitoring – vSphere, vCloud, and Veeam

231

5. The final screen is the Summary showing the server name and credentials used to connect. Click Finish to complete the wizard and add the server to the console screen under the Infrastructure View section.

Figure 9.23 – vCenter Server added to Infrastructure View

232

Introducing Veeam ONE v11a

Now follow the same Add Server Wizard but select VEEAM BACKUP & REPLICATION Server as shown in Figure 9.20. Enter in the server name or IP address, add the credentials, and finish the wizard to add your backup server to the console's Data Protection View.

Figure 9.24 – Veeam Backup & Replication server added to Data Protection View

This screen shows the Veeam ONE Agent tab to confirm the installation completed correctly during the server's addition to Veeam ONE. Once added and connected, you will then see the Summary screen showing details once data starts being collected.

Investigating and understanding reporting

233

Figure 9.25 – Veeam Backup & Replication Server Summary

This section completes the process to add both your virtual servers and Veeam Backup & Replication servers to Veeam ONE. In the next section, we look at reporting using both the Veeam ONE Monitor client and Veeam ONE reporting.

Investigating and understanding reporting One of the advantages of using Veeam ONE is the reporting ability that it has. You can get reports on all types of environments that you add, both virtual infrastructure and backups. Veeam ONE comes with many canned reports out of the box that suit most requirements. The reports will also change depending on whether you add VMware, Hyper-V, or Veeam Backup & Replication to the environment.

234

Introducing Veeam ONE v11a

Some of the predefined report groupings are shown in the following figure:

Figure 9.26 – Default report groups for Veeam ONE

Investigating and understanding reporting

There are two ways to access reports within the Veeam ONE environment: 1. Veeam ONE Monitor – You can open the monitoring console and access reports from there by highlighting something within the Infrastructure View and Data Protection View in the console and selecting the Reports button in the toolbar. The following screenshot shows the Infrastructure View:

Figure 9.27 – Report menu for Infrastructure View

235

236

Introducing Veeam ONE v11a

The following screenshot shows the Data Protection View:

Figure 9.28 – Report menu for Data Protection View

Note Depending on which view you are in, the Reports menu options change concerning virtual infrastructure or backups.

2. The other way to access the reporting is using the Veeam ONE Reporter icon, which launches a web browser interface. In the Reports tab, you will find a hierarchy of reports similar to the Veeam ONE Monitor console.

Investigating and understanding reporting

Figure 9.29 – Veeam ONE Reporter – Reports tab

237

238

Introducing Veeam ONE v11a

To view the details of any report, click the link to the report name, enter your required parameters, and then you have the option to Preview or Save to create your custom report with the already entered parameters. Reports get saved into the My Reports folder, and you can create subfolders to organize reports. Following is an example of the Backup Infrastructure Audit report:

Figure 9.30 – Backup Infrastructure Audit report example

We have now covered the basic reporting capabilities of Veeam ONE. For our second-tolast topic, let's look at how Veeam ONE can help with your environment's troubleshooting issues.

Exploring Veeam ONE for troubleshooting When it comes to troubleshooting your environment, whether it be virtual infrastructure or backups, this is where Veeam ONE shines along with the reporting. Veeam ONE uses Signatures, which relate to specific issues in their knowledge base, along with Alarms to alert you to potential problems, referred to as Veeam Intelligent Diagnostics. Alarms are grouped into VMware, Hyper-V, and Backup & Replication in the Alarm Management tab:

Exploring Veeam ONE for troubleshooting

Figure 9.31 – Alarm Management tab – alarm groupings

239

240

Introducing Veeam ONE v11a

Alarms are triggered based on events and can alert you in various ways such as email (SMTP), SNMP, or by running a script. You can also turn on automation so that Veeam ONE can fix the issue for you based on the rules you create. An example of this would be under the VMware | Virtual Machine section for alarms, where there is an alarm called VM with no backup. This alarm checks all virtual machines in your infrastructure, and if it finds that the backup process has not run within, say, 24 hours, it can automatically add it to a backup job:

Figure 9.32 – VM with no backup alarm

The following screenshot shows the properties of the alarm to automate backup jobs:

Figure 9.33 – Add VM to backup job action

Exploring Veeam ONE for troubleshooting

241

Along with adding to a backup job, there are multiple other Action options, which are shown in the following screenshot:

Figure 9.34 – Action options for a VM with no backup

With the examples in Figure 9.33 and Figure 9.34, let's look at how we can see this right from within the Veeam ONE Monitor console. If you go to the Infrastructure View tab and highlight your server, you will see on the right-hand side the VM with no backup alarm present in your lab environment.

Figure 9.35 – Alarm present on virtual infrastructure vCenter Server

242

Introducing Veeam ONE v11a

We have now covered how you can use Veeam ONE to help troubleshoot and remediate your environment. Let's now look at the last section, on enhancements to Veeam ONE v11a, to see what is new with this update and what you can use in your environment.

Investigating what is new in Veeam ONE v11a With the recent release of Veeam ONE v11a, there are major new features, enhanced Veeam Backup & Replication support, and other enhancements. Let's take a look at each of these.

Major new features The following list shows some of the more enhanced changes made within the new Veeam ONE v11a: • Continuous Data Protection (CDP) ‚ New monitoring and alerting to notify you if any CDP policies are not in compliance to allow for remediation. ‚ Reporting: new reports for monitoring the SLAs of your CDP policies are now available in the VM CDP SLA compliance report. • Veeam Agent for MAC support ‚ Monitoring and alerting to ensure your workloads protected by the Veeam Mac Agent are being protected and ensure backups are running correctly. ‚ Reporting: you can now identify which macOS machines are protected on time and which ones are not and determine whether the RPO requirements are being met. You can also analyze whether the Veeam Mac Agents meet the 3-2-1-1-0 rule. • New user interface ‚ The new Veeam ONE web client has been redesigned for ease of use, simplified navigation, and one-click access to deployment projects and configuration settings. There are also customization options. ‚ The enhanced Veeam ONE Client has been redesigned to enhance and simplify daily operations.

Investigating what is new in Veeam ONE v11a

243

Enhanced Veeam Backup & Replication support With the changes to Veeam Backup & Replication v11a, Veeam ONE v11a has introduced extended support for new and existing backup and recovery capabilities in the program: • VMware Cloud Director (vCD) replication support – Monitoring, alerting, and reporting • Veeam Agents managed by Veeam Backup & Replication support enhancements – Database log backup alerting and reporting, job settings reporting and change auditing, GFS backup file report enhancements, backup file growth report enhancements, a predefined Business View category for physical machines, visibility of physical machine backups stored on a repository, and visibility of Veeam Agent versions. • Scale-out backup repository (SOBR) enhancements – SOBR summary report enhancements and configuration report enhancements. • UI – Visibility of Veeam Backup for Nutanix AHV snapshot-only jobs, visibility of Veeam Backup & Replication server patch levels, enhanced VM protection status, and an enhanced tape server summary tab. • Alarms – These cover computers with no backups, unusual job durations, job state alarm enhancements, and many others. • Reports – A tenant compatibility report, protected VMs report, and a new report bundle (Starter Kit) that allows organizations to access the most common core reports for Veeam Backup & Replication. This covers the added enhancements for Veeam Backup & Replication, so now let's take a look at the many other enhancements that got added.

Other enhancements Some of the other notable enhancements that got updated in Veeam ONE v11a are as follows: • Platform support – VMware vSphere 7 Update 1, VMware Cloud Director 10.2, Microsoft Windows 10 version 20H2, and Microsoft Server version 20H2 • RESTful APIs – License information, license management, and usage reporting • UI – Enhanced credentials management, enhanced license usage views, and enhanced alarm history • Alarms – Multiple improvements in alarm names and knowledge-base (KB) articles

244

Introducing Veeam ONE v11a

• Notifications – Enhanced email notifications • Reports – Uptime reports and license usage report • Database – Enhanced support for Microsoft SQL Server Failover Cluster • Setup – Simplified SSH connections to the VMs and enhanced security for remote console connections • Data collection – Performance enhancements in backup data collection, the product UI, and backup reports • Other – Support for the flex allocation model of VMware Cloud Director As you can see, the list here is quite extensive, but there is much more. For a complete list of all the Veeam ONE v11a enhancements and what is new, please see the following link: https://www.veeam.com/veeam_one_11_0_whats_new_wn.pdf.

Veeam ONE community resources Be sure to follow the Veeam ONE Catch of the Day on Twitter under #VeeamONECOTD. This is a great way to learn about the practical usage of Veeam ONE and other discoveries in Veeam ONE: https://twitter.com/search?q=%23VeeamONECOTD&src=typed_ query&f=live

The Veeam Product Strategy Team has some dynamic resources available for you to do more with Veeam Backup & Replication, Veeam ONE, and other Veeam products. Be sure to follow #DRTestTuesday on Twitter to learn more about how Veeam Disaster Recovery Orchestrator simplifies your disaster recovery testing, planning, and documentation: https://twitter.com/search?q=%23DRTestTuesday&src=typeahead_ click&f=live

Summary This chapter looked at Veeam ONE, a monitoring and reporting tool for Veeam Backup & Replication. We looked at an overview of Veeam ONE and its capabilities. We reviewed the components that make up Veeam ONE and walked through its installation using the Typical deployment scenario. We also discussed and showed the addition of VMware and Veeam Backup & Replication to the Veeam ONE console to be monitored. We discussed the reporting aspect of Veeam ONE and the many default reports that get installed based on what servers you can add to Veeam ONE Monitor. We looked at how you can use Veeam ONE to assist in troubleshooting and remedying your environments.

Further reading

245

We finally touched on many new features and enhancements to Veeam ONE v11a. After reading this chapter, you should now have a much deeper understanding of Veeam ONE and what it is. You should also understand how to install and set up servers for monitoring and reporting. And finally, you should be able to utilize Veeam ONE to assist with your environment's triage. You will now better understand how Veeam ONE can fit into your environment. Hopefully, you will see how the many new features and enhancements to Veeam ONE can be used to help manage and monitor your environment for backup success! The next and final chapter of the book will go into detail and discuss another product by Veeam, called Veeam Disaster Recovery Orchestrator.

Further reading • Deployment Scenarios: https://helpcenter.veeam.com/docs/one/ deployment/deployment_scenarios.html?ver=110 • Veeam ONE Licensing: https://helpcenter.veeam.com/docs/one/ deployment/licensing.html?ver=110 • Deployment Planning and Preparation: https://helpcenter.veeam. com/docs/one/deployment/deployment_planning_preparation. html?ver=110 • Veeam ONE Client User Guide: https://helpcenter.veeam.com/docs/ one/monitor/about.html?ver=110 • Veeam ONE Web Client User Guide: https://helpcenter.veeam.com/ docs/one/reporter/about.html?ver=110 • Working with Alarms: https://helpcenter.veeam.com/docs/one/ alarms/about.html?ver=110 • Multi-Tenant Monitoring and Reporting: https://helpcenter.veeam.com/ docs/one/multitenant/about.html?ver=110 • Predefined Veeam ONE Reports: https://helpcenter.veeam.com/docs/ one/reporter/predefined_reports.html?ver=110

10

Introducing Veeam Disaster Recovery Orchestrator Veeam Backup & Replication has a companion application that can orchestrate disaster recovery failovers and testing called Veeam Disaster Recovery Orchestrator (also known as Orchestrator). This chapter will look at Veeam Disaster Recovery Orchestrator and its use. We discuss the prerequisites regarding installation and the steps to complete the program's setup. You will learn about configuring and setting up Orchestrator to get up and running. We look at orchestration plans for conducting disaster recovery (DR) tests and failovers. Finally, we will dive into scripts, reports, and dashboards available in Orchestrator. By the end of this chapter, you will be able to explain Veeam Disaster Recovery Orchestrator as well as install and configure it. You will discover how to configure the application for use in your Veeam environment. You will explore working with orchestration plans for conducting DR. And finally, you will look into scripts, reports, and dashboards.

248

Introducing Veeam Disaster Recovery Orchestrator

In this chapter, we're going to cover the following main topics: • Veeam Disaster Recovery Orchestrator – What is it? • Prerequisites for Veeam Disaster Recovery Orchestrator • Configuring Veeam Disaster Recovery Orchestrator • Working with orchestration plans for DR • Investigating scripts, reports, and dashboards

Technical requirements For this chapter, you should have Veeam Backup & Replication installed. If you have followed along through the book, then Chapter 1, Installing and Upgrading Veeam, covered the installation and optimization of Veeam Backup & Replication, which you can leverage in sections of this chapter. You will also require the ISO file for Veeam Disaster Recovery Orchestrator to go through the installation process to get the application installed for use. You can obtain this from the Veeam website in the downloads section: https://www.veeam.com/disaster-recovery-orchestrator-download. html?ad=downloads.

Veeam Disaster Recovery Orchestrator – What is it? Veeam Disaster Recovery Orchestrator is a separate program from the Veeam Availability Suite (the combination of Veeam Backup & Replication and Veeam ONE). It provides comprehensive DR orchestration using Veeam Backup & Replication. Veeam Disaster Recovery Orchestrator allows automation of your DR processes to ensure that your mission-critical workloads are recoverable with near-zero Recovery Point Objectives (RPOs). Some of the critical capabilities of Veeam Disaster Recovery Orchestrator include the following: • Automating DR testing: Allows you to create orchestration plans for DR testing to ensure recoverability. • Dynamically generating documentation: Allows the generation and creation of DR documents, ensuring readiness and compliance.

Veeam Disaster Recovery Orchestrator – What is it?

249

• Avoiding RPO and RTO violations: By testing your DR plans, you can ensure that you will stay in compliance with company policy for RPO/RTO. • Resiliency with one-click recovery: You can test or perform your disaster recovery with as little as one click. Further to the preceding capabilities, Veeam Disaster Recovery Orchestrator also offers many other features, including the following: • Application verification: When testing your DR strategy, you can also test your applications to ensure functioning. • Instant test lab: You can use any DR resources for patch testing without impacting your production environment. • Secure Role-Based Access Control: You are in control and can set up access for only those that require it, such as application owners or operational teams. • Wizard-driven planning: Using the built-in wizard, you will step through to ensure your DR plans are comprehensive, automatically updated, and verified. With Veeam Disaster Recovery Orchestrator, many environments are supported within the application, such as the following: • Veeam Backup & Replication: The primary application used for DR orchestration from backup, replication jobs, and CDP • VMware: vCenter integration • Hewlett Packard Enterprise, NetApp, Lenovo: Storage integration for orchestration • Microsoft Exchange, SQL Server, SharePoint & Active Directory: The orchestration and testing of applications Veeam Disaster Recovery Orchestrator, when installed, comprises five main components that work together: • Veeam Orchestrator Service: This is the primary service installed and manages orchestration plans and is used for administering user roles and permissions. • Veeam Orchestrator Web UI: This is the primary access method for the Orchestrator user interface and is web-based. • Veeam Backup & Replication Server (embedded): This is included with Orchestrator, supplies the Veeam PowerShell libraries, and allows support for specific DR scenarios.

250

Introducing Veeam Disaster Recovery Orchestrator

• Veeam ONE Server (embedded): This uses Business View to garner the VM inventory and is a custom edition of Veeam ONE, which should not be used for monitoring or inventory. • SQL Server: This contains the primary database for Orchestrator with the host configurations, VM inventory, and DR plan definitions. The version included is Microsoft SQL Server Express 2016 SP2; however, it is recommended to have SQL Server Enterprise edition on a remote server for the best performance and scalability. These components can be installed together on the same Windows-based physical or virtual machine. Important Note If you have a server already running Veeam Backup & Replication and Veeam ONE, the installation of Orchestrator is not supported on the same server, and it is best to create a separate server for Orchestrator.

The following diagram shows the Orchestrator components:

Figure 10.1 – Orchestrator components installed

These components get installed from the ISO file for Veeam Disaster Recovery Orchestrator in a single solution.

Veeam Disaster Recovery Orchestrator – What is it?

251

Note Suppose you already have Veeam Backup & Replication servers running in your environment. In that case, Veeam recommends deploying the Orchestrator agent on each server, which will allow all protected VMs to orchestrate recovery using DR plans. Further to this, another best practice is to have a Veeam Backup & Replication server running in your DR site to allow recovery if your production site has an outage.

Along with the Orchestrator components installed, deployment scenarios are supported as well. The following are the four typical scenarios used: • Orchestrating failover based on Replication jobs: Orchestrator uses replicas created by Veeam Backup & Replication to conduct your DR plan.

Figure 10.2 – Orchestration based on Recovery jobs

252

Introducing Veeam Disaster Recovery Orchestrator

• Orchestrating a Restore operation: Orchestrator will orchestrate your recovery based on VM backups generated in Veeam Backup & Replication.

Figure 10.3 – Orchestration based on a Restore operation

• Orchestrating using Storage Failover: Orchestrator can use storage snapshots created by the supported vendors to complete your failover DR plan.

Figure 10.4 – Orchestration based on Storage Snapshot

Veeam Disaster Recovery Orchestrator – What is it?

253

• Mixed protection: This is used when you need to orchestrate both backup and replication VMs created by Veeam Backup & Replication.

Figure 10.5 – Mixed orchestration based on Backup & Replication

Please refer to the Further reading section at the end of this chapter for further information on the different scenarios. Another thing to consider when you decide to deploy Veeam Disaster Recovery Orchestrator is licensing. Suppose you do not deploy a license during or after installation. In that case, Veeam Disaster Recovery Orchestrator operates in Evaluation mode. You can also obtain a Not For Resale (NFR) license for demonstration training and educational purposes. You can obtain a license (paid), either using a Rental License or Subscription License. An explanation of each license type can be found here. Also, the Further reading section contains a link to the Orchestrator website on licensing: • Rental License: This licensing type is intended mainly for service providers only and not a typical client/customer. This license is a contract-based license with an expiration date typically on the last day of the month plus one month from the contract start date. For example, if the contract started on August 22, the license would expire on September 30 of the following year. • Subscription License: This licensing type is a full license intended for Enterprise customers. This license has a term associated with it and is typically 1-5 years from the issue date.

254

Introducing Veeam Disaster Recovery Orchestrator

Furthermore, licensing is based on objects managed by Orchestrator, VMs, Orchestrator agents, Veeam Backup & Replication, and Veeam ONE. If you use the embedded Veeam Backup & Replication for backup and replication jobs, you will have the option to install a license in the console. The Veeam ONE embedded version does not require a license. Keep this in mind when planning your deployment! Lastly, there are a few other deployment planning and preparation things to consider regarding supported virtualization platforms, integration with vCloud Director, integration to Veeam Backup & Replication, Limitations, and so on. Please refer to the Further reading section link at the end of the chapter for more details. We have now covered what Veeam Disaster Recovery Orchestrator is, what components make up the infrastructure, and other architectural information. Now, let's look at the prerequisites and installation and configuration of the Veeam Disaster Recovery Orchestrator in the next section.

Prerequisites for Veeam Disaster Recovery Orchestrator The installation of Veeam Disaster Recovery Orchestrator is a pretty straightforward process. You must have the ISO file as noted in the Technical requirements section at the beginning of the chapter. Also, before installing, you need to check the following prerequisites: • Check platform and system requirements: Ensure that your virtual platform is supported and that the machine on which you are installing Veeam Disaster Recovery Orchestrator meets the hardware and software requirements. If using an external Microsoft SQL Server, ensure that this also satisfies requirements. • Check account permissions: Ensure that the user account under which Veeam Disaster Recovery Orchestrator will be installed has sufficient rights. • Check ports: Ensure that all the required ports are open for communication between Veeam Disaster Recovery Orchestrator components, virtual infrastructure servers, and Veeam Backup & Replication servers. • Roles: Plan out your role assignments for the required users of the system.

Prerequisites for Veeam Disaster Recovery Orchestrator

Another consideration when you are deploying Orchestrator is to consider the number of virtualization hosts that you will connect. The following chart shows the CPU and memory requirements based on the number of hosts:

Figure 10.6 – Number of Virtualization hosts and server sizing

Please see the Further reading section link for Deployment planning and preparation. We have now covered the prerequisites for Orchestrator, so now, let's walk through the installation of the application. I have a single virtual machine that will be used for this installation and have all the Orchestrator components installed, including Microsoft SQL Express.

255

256

Introducing Veeam Disaster Recovery Orchestrator

Installation of Veeam Disaster Recovery Orchestrator Before installing Veeam Disaster Recovery Orchestrator, we need to ensure that you have a server deployed, either Windows 2016 or 2019, with enough disk space for the installation. The disk layout should be similar to the following: • OS drive: This is where your OS resides and should be used only for this purpose. • Application drive: This will be your application installation drive for Veeam Disaster Recovery Orchestrator and all its components. • Database drive: Veeam Disaster Recovery Orchestrator uses a SQL database to store its information, so installation of the database files on a separate drive is advisable Once your server is ready, and you have downloaded the ISO file and mounted it, complete the following steps for installation: 1. Run the setup.exe file on the mounted ISO drive. Click the Install button under the Orchestrator logo on the left:

Figure 10.7 – Veeam Disaster Recovery Orchestrator 5 installation window

Prerequisites for Veeam Disaster Recovery Orchestrator

257

2. After clicking the Install button, you may be prompted to install a prerequisite for Microsoft Visual C++ 2019. Click the OK button to proceed:

Figure 10.8 – Prerequisite install for Visual C++

3. Once the installation is complete, the installation wizard will continue. Following the Microsoft Visual C++ 2019 install, the first screen is the License Agreement screen, so check both boxes and click Next to continue the wizard:

Figure 10.9 – License Agreement screen

258

Introducing Veeam Disaster Recovery Orchestrator

4. The next screen is the components that will be installed for Orchestrator:

Figure 10.10 – Orchestrator components to install

5. To proceed, click the Next button, and you are then prompted for the Orchestrator license file, where you can click the Browse button to select your license file:

Figure 10.11 – Orchestrator license file

Prerequisites for Veeam Disaster Recovery Orchestrator

6. After selecting your license file, click the Next button to proceed to the System Configuration Check screen. You will see any missing prerequisites and install them using the Install button, and then click Next to proceed.

Figure 10.12 – Enabling missing Windows features required

7. You are then presented with the Service Account credentials page for Veeam Disaster Recovery Orchestrator installation. Once you have typed in the account or used Browse, type the password and then click Next:

Figure 10.13 – Service Account credentials selection and password

259

260

Introducing Veeam Disaster Recovery Orchestrator

8. The next screen is Default Configuration, where you can review the installation, and if good with the defaults, click the Install button. If you prefer to change settings, check the box next to Let me specify different settings, and then click Next to proceed:

Figure 10.14 – Default Configuration and change settings option

9. The next screen when selecting to change the settings is SQL Server Instance. You specify a new instance of SQL Express or select an existing instance of SQL Server, possibly Enterprise edition, on a separate server. Also, you can select the type of authentication to be used with SQL Server. Once the correct settings are selected, click Next to proceed:

Prerequisites for Veeam Disaster Recovery Orchestrator

261

Figure 10.15 – SQL Server Instance details

10. You are now at the SQL Server Database informational window, which displays the default names to use for each database. You can click in the name field to change the defaults or leave them as-is. Click the Next button to proceed:

Figure 10.16 – SQL Server Database naming

262

Introducing Veeam Disaster Recovery Orchestrator

11. You will now be at the Ports Configuration screen, where you can change any of the ports to be used by the Orchestrator application. Typically, the default ports will suffice. Click Next to proceed:

Figure 10.17 – Ports Configuration screen

12. You are now at the Certificate Selection screen, and at this point, you can only use the Generate new self-signed certificate option. Click Next to proceed:

Figure 10.18 – Certificate Selection

Prerequisites for Veeam Disaster Recovery Orchestrator

263

13. You will now choose the data locations for the components related to Veeam Backup & Replication and Veeam ONE that are installed, as discussed in the Veeam Disaster Recovery Orchestrator – What is it? section. Click Next to proceed after making any required adjustments to the paths:

Figure 10.19 – Data Locations for component installation

14. The Ready to Install part of the wizard with the Veeam Disaster Recovery Orchestrator configuration settings are chosen and displayed. Click the Install button to begin installing Veeam Disaster Recovery Orchestrator:

Figure 10.20 – Ready to Install – configuration review

264

Introducing Veeam Disaster Recovery Orchestrator

This section now completes the installation of the Veeam Disaster Recovery Orchestrator software. In the next section, we will look at how to configure Orchestrator.

Configuring Veeam Disaster Recovery Orchestrator To launch the Veeam Disaster Recovery Orchestrator after installation, you use the icons on the desktop:

Figure 10.21 – Veeam Disaster Recovery Orchestrator icons

The icons launch the respective programs installed with Veeam Disaster Recovery Orchestrator: • Veeam Backup & Replication Console: This launches the embedded version of VBR that gets used with Orchestrator. • Veeam ONE Client: This launches the other embedded application that gets used with Orchestrator. • Veeam Disaster Recovery Orchestrator: This launches the primary program for Orchestrator, which you will work with. When you first launch the Veeam Disaster Recovery Orchestrator, the web browser prompts you to log in, as seen here:

Configuring Veeam Disaster Recovery Orchestrator

265

Figure 10.22 – Orchestrator website and login

Type in your username and password and then click the Log in button. When the Veeam Disaster Recovery Orchestrator client opens, you are presented with the Initial Configuration Wizard of Orchestrator:

Figure 10.23 – Orchestrator Initial Configuration Wizard

266

Introducing Veeam Disaster Recovery Orchestrator

There are seven tabs within the initial configuration that represent the following: • Server Details Info: This is where you enter the details about the server, including its name and a description, along with the contact details. These details will be shown in reports. • Choose Administrators: This allows you to select Users or Groups that will administer the Orchestrator server. If you don't have any users, you can add the current user running the application. • Deploy Orchestrator Agent: This will ask you for your Veeam Backup & Replication server or Veeam Backup Enterprise Manager server to deploy the Orchestrator agent. • Credentials: These are the credentials used for the agent and server access. • Synchronize Credentials: This option will retrieve managed credentials stored on the VBR server to use with Orchestration DR plans for application verification. • VMware vCenter Server: You will enter your vCenter details here, including FQDN and credentials to be used. • Summary: This screen displays a summary list of each of the details from the previous screens minus credentials. Once you have reviewed all the details in the Summary screen, you can click on the Finish button to complete the Initial Configuration Wizard screen.

Figure 10.24 – Initial Configuration Wizard summary screen

Working with orchestration plans for DR

267

After the Initial Configuration Wizard completes saving the details you have entered, you will then see the Orchestrator Dashboard tab:

Figure 10.25 – Veeam Disaster Recovery Orchestrator dashboard

This section completes the initial configuration process of Orchestrator. In the next section, we work with orchestration plans to conduct DR testing and failover.

Working with orchestration plans for DR When it comes to orchestrating failovers and recovery, there are four main plans that Orchestrator uses: • Replica plans: These use replication jobs to conduct failovers. • CDP replica plans: When you configure a CDP job in Veeam Backup & Replication, this can be used to create a failover plan.

268

Introducing Veeam Disaster Recovery Orchestrator

• Restore plans: These work with backup jobs and allow you to conduct a restore to either the original location or an alternate location for VMs. • Storage plans: These allow for storage snapshot orchestration and failover. To create orchestration plans, the embedded Veeam ONE application creates VM groups from the collection and categorization of data. As you can see with the icons in the preceding Figure 10.25, there is Veeam ONE Client. The VM groups created from Veeam ONE are categorized based on either vCenter Server tags (vSphere Tags) or custom Veeam ONE categories. Now let's walk through setting up a CDP replica plan that will use a current CDP job to orchestrate a failover to the replica created by the CDP job: 1. You will first need to launch the Orchestrator dashboard by using the icon on the desktop and then logging in to the web page. Once in here, click on Orchestration Plans on the left and then the Manage drop-down list to select New:

Figure 10.26 – Orchestration Plans within the dashboard

Working with orchestration plans for DR

269

2. Once you click New, you are presented with the New Orchestration Plan wizard, which you will step through and complete all the required information. At this screen, please fill out the required details, including Plan Name, Description, and contact details, and then click Next to proceed to the Plan Type screen:

Figure 10.27 – New Orchestration Plan wizard

270

Introducing Veeam Disaster Recovery Orchestrator

3. Here you select the plan type and, in our case, CDP Replica:

Figure 10.28 – Plan type selection – CDP Replica

Working with orchestration plans for DR

271

4. After clicking Next, you will be taken to the VM Groups tab where you should see your CDP Backup job listed and add this to the policy using the Add button in the middle of the screen, as noted. Once it's added, click Next to proceed:

Figure 10.29 – Adding a CDP job to the replica plan

272

Introducing Veeam Disaster Recovery Orchestrator

5. The following screen, VM Recovery Options, allows you to choose what happens when an error gets encountered, how to process the VM groups, whether In parallel or In sequence, and the number of simultaneous VMs. Click Next to proceed and to leave the remaining default options:

Figure 10.30 – VM Recovery Options for the recovery plan

Working with orchestration plans for DR

273

6. The next screen is the VM Steps screen, which allows you to select the required steps for the plan to be considered successful. Depending on what you are testing, there are various options to choose from depending on what your orchestration plan will be testing, including applications. For this example, we leave the two default options and click Next to proceed to the RTO & RPO screen:

Figure 10.31 – VM Steps for the execution of an orchestration plan

274

Introducing Veeam Disaster Recovery Orchestrator

7. The next screen defines your target RTO and RPO for the failover plan. I have left the default RTO of 1 hour and the default RPO of 15 seconds, but ensure that the RPO set here matches the CDP job you have configured within Veeam Backup & Replication. Click Next to proceed:

Figure 10.32 – RTO and RPO for the orchestration plan

Working with orchestration plans for DR

8. The next screen is where you choose your report template to use, along with the format you wish to see, either PDF file or Word document (.DOCX). You will initially want to clone the Veeam default template as noted to create your customized report, but we are using this one along with PDF format for this example. Click Next to proceed:

Figure 10.33 – Report template selection

275

276

Introducing Veeam Disaster Recovery Orchestrator

9. After selecting your report, you can then schedule automatic reporting for your orchestration plan at set times. These are not required to be turned on but are by default. Click Next to proceed:

Figure 10.34 – Report scheduling – automatic plan reporting

Working with orchestration plans for DR

277

10. The next screen is Readiness Check, which allows Orchestrator to check your orchestration plan to ensure that it is ready to execute. Click Next to proceed, leaving this checkbox selected:

Figure 10.35 – Readiness check for the orchestration plan

11. The last screen is the Summary screen, which shows your orchestration plan details. Click Finish to create your plan.

278

Introducing Veeam Disaster Recovery Orchestrator

This process will create your CDP Replica plan, note that it is disabled, and run the readiness check once it has been created.

Figure 10.36 – Orchestration plan created and readiness check running

To enable your orchestration plan, you need to right-click on it, select Manage, and then Enable.

Figure 10.37 – Enabling the orchestration plan

Investigating scripts, reports, and dashboards

279

After you have enabled your orchestration plan, you can then run Verify on it, which should show up successfully provided the settings in your plan match the CDP settings of the job within the Veeam Backup & Replication server. For example, with the default of 15 seconds for the RPO, this does not match my CDP job in VBR of 15 minutes, so I get a warning when the check runs. After modifying the orchestration policy to an RPO of 15 minutes, it now shows successful verification to match my CDP job:

Figure 10.38 – Verified orchestration plan

The final step would be to test and run the orchestration plan; however, this will not be covered in this book. This is for a good reason; it gets very specific rather quickly. The practical advice is for you to take one application in your organization and set up a plan with Orchestrator. Build a successful model with one relatively simple application, and then build on that internally. Take another application; and then take one after that, which may be more complex. Build the successes in small steps with Orchestrator. This section completes our look at orchestration plans for DR. The final section will look at scripts, reports, and dashboards.

Investigating scripts, reports, and dashboards With Veeam Disaster Recovery Orchestrator, other options can be explored with your orchestration plans using scripts, generating reports, and reviewing the different dashboards to get an overall state of your environment readiness. Let's briefly look at each of these added features within Orchestrator.

280

Introducing Veeam Disaster Recovery Orchestrator

Scripts Orchestrator allows you to add customized scripts that run with your orchestration plan to test your recovery process. To accomplish this, the script must be uploaded to the Orchestrator console, and it can then be selected as a step, as noted in the preceding Figure 10.39. The custom script that you want to use has some requirements for ORCHESTRATOR: • The script must be in PowerShell only as this is what Veeam Disaster Recovery Orchestrator supports. • If running the script inside a VM guest OS, then you will need to ensure that it has PowerShell 3.0 and .NET Framework 4.0 installed before the script will run correctly. • Running the script on the Veeam Backup & Replication server requires no additional software as PowerShell gets installed. To upload any script, you must be in the Administration dashboard and under the Plan Steps section to add the script as shown here. For more information on scripts, please refer to the Further reading section that follows.

Figure 10.39 – Adding a custom script for use in orchestration plans

Investigating scripts, reports, and dashboards

281

Now that we have taken a look at custom scripts, let's explore the reporting aspect of Veeam Disaster Recovery Orchestrator.

Reports Veeam Disaster Recovery Orchestrator allows for various reporting depending on your orchestration plan selected. There are default report templates that you can clone to create your custom reporting template; however, this requires having Microsoft Word installed for editing. When reports get sent through the Orchestrator system, PDF or DOCX files are attached to report notification emails. Several of the reports allow for reporting on the following: • Gathering summary information on your recovery process when you run the orchestration plan • Validating your plan configuration before running it to ensure that no errors are detected • Seeing the results of your orchestration plan testing and execution There are three places within the Orchestrator console where you set up the reporting options, manage templates, and view your reports. Generating reports is completed from the Orchestration Plans tab by right-clicking on your orchestration plan and then selecting the Reports option:

Figure 10.40 – Report settings within the Administration dashboard

282

Introducing Veeam Disaster Recovery Orchestrator

The preceding screenshot shows the report settings level; here is the Report Templates section, where you can clone the default Veeam report and create your custom one.

Figure 10.41 – Report templates for cloning

The following screenshot shows the Reports section of the console, where you can view the reports generated by the system:

Figure 10.42 – Reports section of the console for viewing generated reports

Investigating scripts, reports, and dashboards

283

And lastly, the following screenshot is how you can generate reports from your orchestration plan to view in the reports tab. For more information on reporting, please refer to the Further reading section.

Figure 10.43 – Generating reports for the orchestration plan

We have now covered some reporting within the Veeam Disaster Recovery Orchestration system, so let's look at one final topic: dashboards.

Dashboards Within the Orchestrator console, two dashboards allow you to see both the overall configuration of the system and the readiness of the disaster recovery operations. These two dashboards are as follows: • Administration dashboard: Shows and tracks the health of the Veeam Disaster Recovery Orchestrator infrastructure to show you any potential issues. • Home page dashboard: This is the main dashboard you see when logging in to the system, and it will analyze the readiness of your environment for disaster recovery operations.

284

Introducing Veeam Disaster Recovery Orchestrator

Following are some screenshots of the two different dashboards showing the overall health:

Figure 10.44 – Administration console dashboard

The preceding screenshot is the administration dashboard, and here is the main console dashboard:

Figure 10.45 – Main console dashboard

Summary

285

This section completes our look at scripts, reports, and dashboards and brings us to the end of this chapter. I will now summarize what we have looked at and learned.

Summary This chapter looked at Veeam Disaster Recovery Orchestrator, a disaster recovery testing and execution tool for failovers and recoveries of Veeam Backup & Replication jobs, including backup, replication, and CDP. We looked at an overview of Veeam Disaster Recovery Orchestrator and its capabilities. We reviewed the components of Veeam Disaster Recovery Orchestrator and walked through its installation. We also demonstrated and discussed the configuration of Veeam Disaster Recovery Orchestrator. We discussed the creation of orchestration plans for testing and executing DR failover and recovery. Finally, we touched on using custom scripts, reporting, and built-in dashboards to review overall system health. After reading this chapter, you should now have a much deeper understanding of Veeam Disaster Recovery Orchestrator and what it is. You should also understand how to install and set up orchestration plans. And finally, you should be able to utilize Veeam Disaster Recovery Orchestrator to conduct DR testing for failover and recovery scenarios. Hopefully, you will have a better understanding of how Veeam Disaster Recovery Orchestrator can fit into your environment. This chapter concludes the second edition of the Mastering Veeam Backup & Replication v11a book, and I want to thank you for reading it. I hope this book's content will benefit you and help you configure your environment using the topics covered, including many of the newest enhancements and features added to the Veeam products.

Further reading • Veeam Edition comparison: https://www.veeam.com/productsedition-comparison.html • Deployment scenarios: https://helpcenter.veeam.com/docs/vdro/ userguide/deployment_scenarios.html?ver=50 • Veeam Disaster Recovery Orchestrator licensing: https://helpcenter. veeam.com/docs/vdro/userguide/licensing.html?ver=50 • Deployment planning and preparation: https://helpcenter.veeam.com/ docs/vdro/userguide/system_requirements.html?ver=50 • Veeam Disaster Recovery Orchestrator user guide: https://helpcenter. veeam.com/docs/vdro/userguide/welcome.html?ver=50

286

Introducing Veeam Disaster Recovery Orchestrator

• Veeam Disaster Recovery Orchestrator UI: https://helpcenter.veeam. com/docs/vdro/userguide/accessing_vdro_ui.html?ver=50 • Configuring Veeam Disaster Recovery Orchestrator: https://helpcenter. veeam.com/docs/vdro/userguide/configuring_vdro.html?ver=50 • Working with orchestration plans: https://helpcenter.veeam.com/ docs/vdro/userguide/working_with_orchestration_plans. html?ver=50 • Using custom scripts: https://helpcenter.veeam.com/docs/vdro/ userguide/adding_custom_scripts.html?ver=50 • Generating reports: https://helpcenter.veeam.com/docs/vdro/ userguide/generating_reports.html?ver=50 • Reviewing dashboards: https://helpcenter.veeam.com/docs/vdro/ userguide/reviewing_dashboards.html?ver=50

Index Symbols 3-2-1-1-0 rule about 40, 41, 142 applying 42 applying, when setting up backup jobs 42-46 best practices 46 implementing, with Veeam 40 significance 41, 42 3-2-1 rule for ransomware protection reference link 25

A air-gapped media 50 Amazon Elastic File System (Amazon EFS) 134 Amazon S3 140 Amazon S3 capacity tier selecting, to enable archive tier 152, 153 Amazon S3 Glacier archive tier, adding 144-150 immutability, discovering 153, 154 Amazon S3 Glacier Deep Archive 140 application drive 5, 256

archive tier about 139 adding, with Amazon S3 Glacier 144-150 enabling, by selecting Amazon S3 capacity tier 152, 153 archive tier, for cost-optimized archiving and storage working with 155

B Backblaze 140 backup copy jobs daily retention 130-132 features, distinguishing 126 GFS full creation time 128 no quarterly backups 128, 129 repository, as source 129, 130 time-based GFS retention 127 backup data management 40 backup job about 124 background GFS retention 126 configuring, to use immutability 114-120

288

Index

configuring, with hardened repository 114-120 deleted VM retention, improvements 126 enhancements 124 features 124 high priority jobs 125 orphaned GFS backup retention 126 backup placement reference link 24 backups, with 3-2-1-1-0 rule scenarios 47-60 Block Generation about 155 reference link 155 block storage 138 bucket of storage 139

C Capacity Tier about 45, 139 in Google Cloud Storage 143 reference link 25 capacity tier or archive tier, for SOBR 3-2-1-1-0 rule 142 backup policies 142 storage space 142 Catalog drive 5 CDP Coordinator Service 67 CDP Policy about 69 for replication 88-97 reporting settings 94 CDP Proxy about 69 configuration 78 functionalities 77

reference link 69 Source Proxy 69 Target Proxy 69 CDP replica plans 267 CDP requirements and limitations reference link 70 certificates discovering 168 Cloudian 56 140 Compliance object lock mode 154 Continuous Data Protection (CDP) about 65, 66, 242 limitations 70 requirements 70 setting up 71-76 credentials discovering 168 critical applications examples 66

D dashboards about 283 administration dashboard 283 home page dashboard 283 investigating 283-285 database drive 256 Data Integration API (DIAPI) 132 Direct SAN 163 Direct Storage access 15 Disaster Recovery as a Service (DRaaS) 52 disaster recovery(DR) orchestration plans, working with 267-279 Distributed File System (DFS) 136 distributed server architecture 214-217 Domain Name System (DNS) 76

Index 289

E EC-based SSH key pairs 167 elliptic curve (EC) 162 enhanced Veeam Backup & Replication 243 Evaluation mode 253 expanded platform support 133-135 explorer enhancements discovering 135

F Fast Clone 104 file storage 138 filesystems 138

G Globally Unique Identifier (GUID) 138 Google Cloud Environment (GCE) 134 Google Cloud Platform (GCP) 134 Google Cloud Storage (GCS) 140 Google Storage (GS) object storage API 140 Grandfather-Father-Son (GFS) about 140 configuring 41, 42

H hardened repositories about 99-101 configuring, in Veeam 103-108, 113 supporting, backups 102 hardened repository used, for configuring backup job 114-120

hardened repository, enhanced security tips reference link 114 hardened repository, limitations and considerations reference link 114 hierarchical storage 138 Hot-Add 163

I IBM Cloud 140 immutability about 153 discovering, with Amazon S3 Glacier 153, 154 discovering, with policy-based offloading 153, 154 using, to configure backup job 114-120 immutability feature, Veeam Backup & Replication limitations 154 immutability option 100 Instant file share recovery 200-204 Instant Recovery of Microsoft SQL Server 197-199 Instant Recovery of Oracle databases 197-199 Instant recovery to Microsoft Hyper-V 204-208 Instant VM Disk Recovery 177 Instant VM Recovery backup file types 175 exploring 175-179 migration and cancellation steps, exploring 190-196 prerequisites 172, 174 requisites 172, 174

290

Index

Instant VM Recovery, options Quick migration 176 Replication or VM Copy 176 Storage vMotion 176 Instant VM Recovery, process about 178-190 read pattern 178 write redirections 179 Instant VM Recovery, steps about 178 guest migration, to production datastore 178 initialization phase 178 NFS mapping 178 VM registration 178 I/ O filter installing 71-76 ISO file 256

K Key Management Service (KMS) 134

L Linux capabilities from Veeam 169 Linux File Level Restore (FLR) performance improvements 133 without helper appliance 132 Linux proxy enhancement about 160, 162 certificate-based authentication 167 Changed Blocks (CBT) restore 166 elliptic curve (EC) cryptography 167 enhanced data mover security 167 limitations 162 persistent data mover 166

proxy transport modes 162-165 quick rollback 166 storage snapshot backup 165 Linux target support 132 long-term retention 94

M managed service provider 54 managed service providers (MSPs) 204 media types, for Veeam Backup & Replication BaaS/DraaS 47 Cloud 47 deduplication appliances 47 disk media 46 tape media 46 Microsoft Azure Blob 140 Microsoft Azure Blob Storage 140 Microsoft Azure Blob Storage archive tier 140 Microsoft Azure Stack HCI version 21H2 133 Microsoft Hyper-V 212 Microsoft SQL Server restoration reference link 197 Microsoft Windows 11 133 Microsoft Windows Server 2022 133 Mount Server settings 111 multi-factor authentication (MFA) 114

N NetApp storage 51 Network 15 Network Attached Storage (NAS) 48, 142 Network Block Device (NBD) 163

Index 291

network traffic rules reference link 69 Not For Resale (NFR) license 253

proxy sizing 16 tasks 160, 161 public key infrastructure (PKI) 167

O

R

objects 138 object storage about 138 archive tier, configuring 142 capacity tier, configuring 142 orchestration plans CDP replica plans 267 replica plans 267 restore plans 268 storage plans 268 working with, for disaster recovery (DR) 267-279 OS drive 5, 256

RAID level 54 read pattern 178 Recovery Point Objective (RPO) 45, 66, 125 Recovery Point Objectives (RPOs) 248 Recovery Time Objectives (RTOs) 45, 65, 175 Red Hat Virtualization (RHV) 134 Rental License 253 replica plans 267 reports investigating 281-283 Repository Servers about 19 setting up 19, 20 Repository window settings 109 required permissions reference link 9 restore plans 268 Review screen options 112 RHV (Redhat Virtualization) VM backup jobs 102 Role-Based Access Control (RBAC) 134

P performance tier about 139 reference link 24 Per Instance Licensing 216 persistent data mover discovering, with enhanced security 167, 168 Per Socket Licensing 216 policy-based offloading about 155 immutability, discovering 153, 154 proxy servers configuring 15-17 operating system 16 optimizing 15-17 proxy placement 16

S S3-compatible storage 140 scale-out backup repository (SOBR) about 21-29, 45, 139 limitations 23

292

Index

reference link 29 scale-out backup repository (SOBR), tiers archive tier 23 capacity tier 23 performance tier 23 scripts investigating 280, 281 Sealed Mode 29 Secure Shell (SSH) about 114 eliminating, protect servers 114 Service-Level Agreements (SLAs) 142 short-term retention 94 single-server architecture 214 single-use credentials 100 SOBR management reference link 29 SQL Server Reporting Services (SSRS) 215 Storage Area Network (SAN) 48 storage lifetime 153 storage plans 268 storage snapshots 51 storage systems, integration reference link 16 Subscription License 253

T tape backup job 49 task limits reference link 20 transport mode 15

U Ubuntu 20.04 103, 105 user interface 242

V Veeam guest perspective 40 hardened repositories, configuring 103-108, 113 Linux capabilities 170 URL 133 Veeam Agent for MAC support 242 Veeam Availability Suite 212 Veeam Backup for AWS 102 Veeam Backup for Azure 102 Veeam Backup for Google Cloud Platform 102 Veeam Backup for Nutanix AHV 102 Veeam Backup & Replication about 40 media types, using 46 reference link, for storage integration 52 upgrading, to v11a 30-38 Veeam Backup & Replication, components disk space for cache folder 172 Production Storage 172 Veeam Data Mover 15 Veeam Installer Service 15 vPower NFS Service 172 Veeam Backup & Replication Server 67 Veeam Backup & Replication v11a about 4, 51, 160 discovering 196 installing 4-14 Instant file share recovery 200-204 Instant Recovery of Microsoft SQL Server 197-200 Instant Recovery of Oracle databases 197-200 Instant recovery to Microsoft Hyper-V 204-208

Index 293

reference link 103 Windows proxy capabilities 161 Veeam Backup & Replication v11a object storage, archive tier Amazon S3 Glacier Deep Archive 140 cost-optimized archiving 141 flexible storage methods 141 immutable backups 140 Microsoft Azure Blob Storage archive tier 140 no extra costs 141 policy-based offload 141 self-sufficient archives 141 Veeam Backup & Replication v11a object storage, capacity tier Google Cloud Storage 140 Veeam CDP architecture about 66 backup server 67 CDP Policy 67, 69 CDP Proxy 67, 69 source and target hosts, with I/O filter 67 Veeam CDP Proxy Service 78 Veeam Cloud Connect 52, 56, 57 Veeam Data Mover 78, 167 Veeam Disaster Recovery Orchestrator about 53, 248 capabilities 248 components 249, 250 configuring 264-267 deployment, scenarios 251-253 features 249 installation 256-264 prerequisites 254 Veeam Enterprise Manager 30

Veeam Explorer enhancements 136 Veeam installation best practices 4 optimizations 4 Veeam Installer Service 78, 167 Veeam Intelligent Diagnostics 238 Veeam ONE capabilities 212 distributed server architecture 214-217 environments 213 exploring 212, 213 features 212, 213 installation 217 prerequisites 217 single-server architecture 214 Veeam ONE community resources about 244 reference link 244 Veeam ONE components Veeam ONE Monitor 213 Veeam ONE Reporter 213 Veeam ONE Database 216 Veeam ONE for troubleshooting exploring 238-242 Veeam ONE Monitor about 213 console 228 discovering 226, 227 server, adding 229-233 Veeam ONE Reporter about 213 discovering 233 reports, accessing 235-238 Veeam ONE v11a about 242 backup and recovery capabilities 243

294

Index

enhanced Veeam Backup & Replication 243 enhancements 243, 244 installation 218-226 Veeam ONE v11a enhancements reference link 244 Veeam ONE v11a, features about 242 Continuous Data Protection (CDP) 242 user interface 242 Veeam Agent for MAC support 242 Veeam ONE Web UI 216 Veeam Readiness program reference link 28 Veeam Universal License (VUL) 141 Veeam vPower technology 175 features 173 Virtual Appliance 15 Virtual Distributed Switch (VDS) 133 virtual machine (VM) 160 Virtual Private Connection (VPC) 149 VM Replication 53 VMware CDP proxy setting up, within Veeam Backup & Replication v11a environment 79-86

VMware Cloud Directory 10.3 133 VMware VMC 15 133 VMware vSphere 175, 212 VMware vSphere 7.0 U3 133 VMware vStorage APIs for Data Protection (VADP) 16 vPower NFS datastore 173 vRDM (Virtual Raw Device Mapping) disks 70 vSphere API for I/O Filtering (VAIO) about 67 from VMware perspective 68

W Wasabi 140 Windows 10 21H1 133 write redirections 179 vSphere API for I/O Filtering (VAIO) about 67 from VMware perspective 68

X XFS filesystem 104

Packt.com

Subscribe to our online digital library for full access to over 7,000 books and videos, as well as industry leading tools to help you plan your personal development and advance your career. For more information, please visit our website.

Why subscribe? • Spend less time learning and more time coding with practical eBooks and Videos from over 4,000 industry professionals • Improve your learning with Skill Plans built especially for you • Get a free eBook or video every month • Fully searchable for easy access to vital information • Copy and paste, print, and bookmark content Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at packt.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at [email protected] for more details. At www.packt.com, you can also read a collection of free technical articles, sign up for a range of free newsletters, and receive exclusive discounts and offers on Packt books and eBooks.

296

Other Books You May Enjoy

Other Books You May Enjoy If you enjoyed this book, you may be interested in these other books by Packt:

Mastering VMware vSphere 6.7 - Second Edition Martin Gavanda, Andrea Mauro, Paolo Valsecchi, Karel Novak ISBN: 978-1-78961-337-7 • • • •

Explore the immense functionality of vSphere 6.7 Design, manage and administer a virtualization environment Get tips for the VCP6-DCV and VCIX6-DCV exams Understand how to implement different migration techniques across different environments • Explore vSphere 6.7s powerful capabilities for patching, upgrading and managing the configuration of virtual environments. • Understand core vSphere components • Master resource management, disaster recovery, troubleshooting, monitoring and security

Other Books You May Enjoy

Mastering KVM Virtualization - Second Edition Vedran Dakic, Humble Devassy Chirammal, Prasad Mukhedkar, Anil Vettathu ISBN: 978-1-83882-871-4 • Implement KVM virtualization using libvirt and oVirt • Delve into KVM storage and network • Understand snapshots, templates, and live migration features • Get to grips with managing, scaling, and optimizing the KVM ecosystem • Discover how to tune and optimize KVM virtualization hosts • Adopt best practices for KVM platform troubleshooting

297

298

Packt is searching for authors like you If you're interested in becoming an author for Packt, please visit authors.packtpub. com and apply today. We have worked with thousands of developers and tech professionals, just like you, to help them share their insight with the global tech community. You can make a general application, apply for a specific hot topic that we are recruiting an author for, or submit your own idea.

Share Your Thoughts Now you've finished Mastering Veeam Backup Replication Second Edition, we'd love to hear your thoughts! If you purchased the book from Amazon, please click here to go straight to the Amazon review page for this book and share your feedback or leave a review on the site that you purchased it from. Your review is important to us and the tech community and will help us make sure we're delivering excellent quality content.