Vmce95-textbook-20180914.pdf

  • Uploaded by: Ivo Mayer
  • 0
  • 0
  • April 2020
  • PDF

This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA


Overview

Download & View Vmce95-textbook-20180914.pdf as PDF for free.

More details

  • Words: 98,663
  • Pages: 281
ib ut e tr is D

D

o

N

ot

D

Textbook

up

lic

at

e

or

Veeam Certified Engineer v9.5

Licensed to: Ivo Mayer - [email protected]

ib ut e tr is D or e at lic up D ot N

© 2019 Veeam Software

o

All rights reserved. All trademarks are the property of their respective owners.

D

No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form by any means, without written permission from Veeam Software Inc (Veeam). The information contained in this document represents the current view of Veeam on the issue discussed as of the date of publication and is subject to change without notice. Veeam shall not be liable for technical or editorial errors or omissions contained herein. Veeam makes no warranties, express or implied, in this document. Veeam may have patents, patent applications, trademark, copyright, or other intellectual property rights covering the subject matter of this document. All other trademarks mentioned herein are the property of their respective owners. Except as expressly provided in any written license agreement from Veeam, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property. Important! Please read the End User Software License Agreement before using the accompanying software program(s). Using any part of the software indicates that you accept the terms of the End User Software License Agreement. Revision: 20190101

Licensed to: Ivo Mayer - [email protected]

Table of Contents

Contents

D

o

N

ot

D

up

lic

at

e

or

D

is

tr

ib ut e

1. Overview .................................................................................................................................. 1 1.1. Veeam Products .................................................................................................................. 1 1.1.1. Veeam Availability Suite Capabilities .......................................................................... 1 1.1.2. Veeam Backup & Replication ...................................................................................... 2 1.1.3. Veeam ONE ................................................................................................................ 2 1.1.4. Veeam Management Pack for System Center ............................................................ 2 1.1.5. The Veeam Backup & Replication Add-on for Kaseya ................................................ 3 1.1.6. Veeam Backup & Replication Plug-in for LabTech ..................................................... 3 1.2. Key Concepts ....................................................................................................................... 3 1.2.1. Key Concepts .............................................................................................................. 4 1.3. Course Overview ................................................................................................................. 4 2. Deployment ............................................................................................................................. 7 2.1. Core Components and Their Interaction ........................................................................... 7 2.1.1. Veeam Backup Server ................................................................................................ 7 2.1.2. Veeam Backup Proxy (VMware) ................................................................................. 8 2.1.3. Veeam Backup Proxy (Hyper-V) ............................................................................... 16 2.1.4. Backup Repository .................................................................................................... 23 2.2. Optional Components ....................................................................................................... 34 2.2.1. Veeam Backup Enterprise Manager ......................................................................... 34 2.2.2. U-AIR Wizard ............................................................................................................ 34 2.2.3. Veeam Backup Search .............................................................................................. 35 2.3. Deployment Scenarios ...................................................................................................... 35 2.3.1. Simple Deployment ................................................................................................... 35 2.3.2. Advanced Deployment .............................................................................................. 37 2.3.3. Distributed Deployment ............................................................................................. 40 2.3.4. Distributed Architecture ............................................................................................. 41 2.4. Prerequisites & System Requirements ........................................................................... 43 2.4.1. Requirements ............................................................................................................ 43 2.4.2. Platform Support ....................................................................................................... 43 2.4.3. System Requirements ............................................................................................... 47 2.4.4. Required Permissions ............................................................................................... 58 2.5. Upgrading Veeam Backup & Replication ........................................................................ 59 2.5.1. Before You Upgrade .................................................................................................. 59 2.5.2. After You Upgrade ..................................................................................................... 59 Labs for Module 2: Deployment .............................................................................................. 61 3. Initial Configuration .............................................................................................................. 63 3.1. Adding Servers .................................................................................................................. 63 3.1.1. Adding a VMware Backup Proxy ............................................................................... 64 3.1.2. Adding Backup Repositories ..................................................................................... 64 3.2. Data location tagging ........................................................................................................ 65 3.2.1. Locations ................................................................................................................... 65 3.2.2. Creating and Assigning Locations ............................................................................. 67 3.2.3. Editing Locations ....................................................................................................... 67 3.2.4. Deleting Locations ..................................................................................................... 67 3.2.5. Exporting and Importing Locations List ..................................................................... 68 3.3. Performing Configuration Backup and Restore ............................................................. 68

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

i

Table of Contents

D

o

N

ot

D

up

lic

at

e

or

D

is

tr

ib ut e

3.3.1. Creating Configuration Backups ................................................................................ 68 3.3.2. Restoring Configuration Data .................................................................................... 69 3.3.3. Encrypted Configuration Backups ............................................................................. 70 3.4. Managing Network Traffic ................................................................................................. 71 3.4.1. Setting Network Traffic Throttling Rules .................................................................... 71 3.4.2. Managing Data Transfer Connections ....................................................................... 71 3.4.3. Preferred Networks ................................................................................................... 72 3.4.4. Network Traffic Encryption ........................................................................................ 73 3.5. General options ................................................................................................................. 73 3.5.1. Backup I/O control ..................................................................................................... 73 3.5.2. Global Notification Settings ....................................................................................... 74 3.6. Getting to Know User Interface ........................................................................................ 75 3.6.1. Main Menu ................................................................................................................. 75 3.6.2. Navigation Pane ........................................................................................................ 75 3.6.3. Ribbon and Tabs ....................................................................................................... 76 3.6.4. Views ......................................................................................................................... 76 3.6.5. Working Area ............................................................................................................. 78 Labs for Module 3: Initial Configuration ................................................................................. 79 4. Protect ................................................................................................................................... 81 4.1. 3-2-1 rule ............................................................................................................................. 81 4.2. Creating Backup Jobs ....................................................................................................... 81 4.2.1. Before You Begin ...................................................................................................... 82 4.2.2. Backup Methods ........................................................................................................ 83 4.2.3. Changed Block Tracking (CBT) ................................................................................. 93 4.2.4. Data size optimization ............................................................................................... 96 4.2.5. Data Encryption ......................................................................................................... 99 4.2.6. Transaction Consistency ......................................................................................... 100 4.2.7. Scheduling ............................................................................................................... 106 4.3. Creating Restore Points with VeeamZIP and Quick Backup ....................................... 108 4.3.1. VeeamZIP ............................................................................................................... 108 4.3.2. Quick Backup .......................................................................................................... 108 4.4. Backup Copy .................................................................................................................... 109 4.4.1. Backup Copy Job .................................................................................................... 110 4.5. Replication ....................................................................................................................... 115 4.5.1. Insight into replication .............................................................................................. 115 4.5.2. Reducing Amount of Transferred Data .................................................................... 117 4.5.3. Resume on Disconnect ........................................................................................... 118 4.6. Creating VM/File Copy Jobs ........................................................................................... 119 4.6.1. VM copy .................................................................................................................. 119 4.6.2. File Copy ................................................................................................................. 119 Labs for Module 4: Protect .................................................................................................... 121 Labs for Module P: Preparation for day 2 ............................................................................ 123 5. Entire VM Recovery ............................................................................................................ 125 5.1. Recovery from a Backup ................................................................................................ 125 5.1.1. Instant VM Recovery ............................................................................................... 125 5.1.2. Full VM Recovery .................................................................................................... 128 5.1.3. VM File Recovery .................................................................................................... 129 5.1.4. Restore to Microsoft Azure ...................................................................................... 129 5.2. Extract Utility ................................................................................................................... 131 ii

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Table of Contents

D

o

N

ot

D

up

lic

at

e

or

D

is

tr

ib ut e

5.3. Recovery from a Replica ................................................................................................. 132 5.3.1. Failover .................................................................................................................... 132 5.3.2. Failback ................................................................................................................... 133 5.3.3. Failover Plan ........................................................................................................... 134 5.3.4. Planned Failover ..................................................................................................... 135 Labs for Module 5: Entire VM Recovery ............................................................................... 137 6. Objects Recovery ............................................................................................................... 139 6.1. Application-Item Recovery ............................................................................................. 139 6.1.1. Veeam Explorer for Microsoft Exchange ................................................................. 139 6.1.2. Veeam Explorer for Microsoft SharePoint ............................................................... 140 6.1.3. Veeam Explorer for Microsoft Active Directory ........................................................ 142 6.1.4. Veeam Explorer for Microsoft SQL Server .............................................................. 143 6.1.5. Veeam Explorer for Oracle ...................................................................................... 145 6.2. Universal Application-Item Recovery (U-AIR) ............................................................... 147 6.3. Guest OS File Recovery .................................................................................................. 150 6.3.1. Guest OS File Recovery .......................................................................................... 150 6.3.2. Windows File-Level Recovery ................................................................................. 150 6.3.3. Multi-OS File-Level Recovery .................................................................................. 151 6.3.4. File-Level Recovery for Any File System ................................................................ 152 Labs for Module 6: Objects Recovery .................................................................................. 153 7. Verification .......................................................................................................................... 155 7.1. SureBackup Recovery Verification ................................................................................ 155 7.1.1. How It Works ........................................................................................................... 155 7.1.2. Recovery Verification Tests ..................................................................................... 157 7.1.3. Backup File Validation ............................................................................................. 158 7.1.4. Application Group .................................................................................................... 159 7.1.5. Virtual Lab ............................................................................................................... 160 7.1.6. SureBackup Job ...................................................................................................... 169 7.1.7. Manual Recovery Verification .................................................................................. 172 7.2. SureReplica Recovery Verification ................................................................................ 172 7.3. On-Demand Sandbox ...................................................................................................... 174 Labs for Module 7: Verification ............................................................................................. 177 8. Introduction to Agents ....................................................................................................... 179 8.1. Why agents? .................................................................................................................... 179 8.2. Veeam Agents for Microsoft Windows .......................................................................... 179 8.3. Veeam Agents for Linux ................................................................................................. 180 8.4. Veeam Agent Management ............................................................................................. 180 8.5. Protection Groups ........................................................................................................... 181 8.5.1. Creating Protection Groups ..................................................................................... 181 8.5.2. Protection Group Types .......................................................................................... 181 8.5.3. Protection Scope ..................................................................................................... 182 8.5.4. Discovery and Deployment Options ........................................................................ 183 8.6. Agent Jobs ....................................................................................................................... 184 8.6.1. Agent for Windows Job Modes ................................................................................ 184 8.6.2. Agent for Linux Job Modes ...................................................................................... 186 8.7. Administrative tasks ....................................................................................................... 188 8.7.1. Enabling and Disabling Veeam Agent Backup Jobs ............................................... 188 8.7.2. Deleting Veeam Agent Backup Jobs ....................................................................... 188 8.7.3. Viewing Veeam Agent Backup Job Statistics .......................................................... 188 Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

iii

Table of Contents

D

o

N

ot

D

up

lic

at

e

or

D

is

tr

ib ut e

8.7.4. Removing Veeam Agent Backups ........................................................................... 189 8.7.5. Viewing Veeam Agent Backup Statistics ................................................................. 190 8.7.6. Configuring Global Settings ..................................................................................... 190 Labs for Module 8: Introduction to Agents .......................................................................... 191 9. Advanced Data Protection ................................................................................................. 193 9.1. WAN Acceleration ........................................................................................................... 193 9.2. Tape Device Support ....................................................................................................... 194 9.2.1. Tape Job Scheduling ............................................................................................... 197 9.2.2. Tape Job Encryption ............................................................................................... 198 9.2.3. VM Restore from Tape to Infrastructure .................................................................. 199 9.2.4. Automated Drive Cleaning ...................................................................................... 200 9.3. Storage Integration (VMware) ......................................................................................... 201 9.3.1. SAN Storage Systems Support Overview ............................................................... 201 9.3.2. Dell EMC Storage Systems ..................................................................................... 203 9.3.3. HPE Storage Systems ............................................................................................. 204 9.3.4. NetApp Storage Systems ........................................................................................ 205 9.3.5. Nimble Storage Systems ......................................................................................... 207 9.4. Microsoft Hyper-V Off-host Backup Proxy .................................................................... 207 9.5. Support for Deduplicating Storage Systems ................................................................ 208 9.5.1. ExaGrid ................................................................................................................... 208 9.5.2. HPE StoreOnce ....................................................................................................... 209 9.5.3. EMC Data Domain Boost ........................................................................................ 213 9.6. Veeam Cloud Connect .................................................................................................... 217 9.6.1. Lease and Quota ..................................................................................................... 219 9.6.2. Deleted Backups Protection .................................................................................... 219 9.6.3. Licensing for Cloud Repositories ............................................................................. 222 9.6.4. v9 Cloud Connect Enhancements ........................................................................... 223 9.7. Veeam Backup Enterprise Manager .............................................................................. 225 9.7.1. Veeam plug-in for vSphere Web Client ................................................................... 225 9.7.2. Required Permissions ............................................................................................. 227 9.7.3. Restore of Application Items ................................................................................... 228 9.7.4. Self-restore portal .................................................................................................... 228 9.7.5. Managing Encryption Keys ...................................................................................... 229 9.7.6. Decrypting Data without a Password ...................................................................... 230 9.7.7. Veeam Backup Enterprise Manager RESTful API .................................................. 230 9.8. Standalone Console ........................................................................................................ 231 9.9. vCloud Director Support ................................................................................................. 232 Labs for Module 9: Advanced Data Protection .................................................................... 235 10. Veeam ONE Features and Functionality ........................................................................ 237 10.1. Veeam ONE overview .................................................................................................... 237 10.2. Veeam ONE components .............................................................................................. 237 10.2.1. Monitoring and Alerting ......................................................................................... 237 10.2.2. Reporting and Dashboards ................................................................................... 240 10.2.3. Business Categorization ........................................................................................ 241 10.2.4. Auto Discovery of Backup and Virtual Infrastructure ............................................. 242 10.3. Veeam ONE Deployment ............................................................................................... 243 10.3.1. Typical deployment ............................................................................................... 243 10.3.2. Advanced deployment ........................................................................................... 244 10.4. Veeam ONE as an assessment tool ............................................................................. 245 iv

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Table of Contents

D

o

N

ot

D

up

lic

at

e

or

D

is

tr

ib ut e

10.4.1. Veeam ONE as an assessment tool content ......................................................... 245 10.4.2. Data Sovereignty ................................................................................................... 246 Labs for Module 10: Veeam ONE Features and Functionality ........................................... 247 11. Product Editions ............................................................................................................... 249 11.1. Product Editions Comparison ...................................................................................... 249 11.2. Product Licensing ......................................................................................................... 252 11.3. Full and Free Functionality Modes .............................................................................. 252 12. Troubleshooting ............................................................................................................... 255 12.1. How to identify the Problem ......................................................................................... 255 12.2. Review and Analyze the Issue ...................................................................................... 255 12.3. Common Issues & Misconfigurations ......................................................................... 256 12.3.1. Low Performance (bottlenecks) ............................................................................. 256 12.4. Common VMware related issues ................................................................................. 257 12.4.1. Snapshot Creation Failure ..................................................................................... 258 12.4.2. Snapshot Removal Failure .................................................................................... 258 12.4.3. Snapshot Removal Stun ........................................................................................ 258 12.4.4. NFC Related Errors ............................................................................................... 259 12.5. Log files .......................................................................................................................... 259 12.6. Veeam Support .............................................................................................................. 260 12.6.1. Support Programs ................................................................................................. 260 12.6.2. Response Time SLA ............................................................................................. 261 12.6.3. Contacting Customer Support ............................................................................... 261 12.6.4. Product Lifecycle ................................................................................................... 263 12.6.5. Third Party Software Support ................................................................................ 264 12.7. Search for Additional Information ............................................................................... 265 13. Additional Resources ....................................................................................................... 267 Labs for Module 13: Additional Resources .......................................................................... 269 14. Training Summary ............................................................................................................ 271 14.1. Key Points ...................................................................................................................... 271 14.2. Useful Resources .......................................................................................................... 273 14.3. Contacts ......................................................................................................................... 273

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

v

D

o

N

ot

D

up

lic

at

e

or

D

is

tr

ib ut e

Table of Contents

vi

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 1: Overview

1. Overview This section provides a brief overview of the course and its learning objectives.

1.1. Veeam Products

ib ut e

This topic will provide you with a brief overview of the range of Veeam products so you have a better understanding of the business problems they cover.

1.1.1. Veeam Availability Suite Capabilities

D

is

tr

In today’s interconnected and global business environment, customers, partners, suppliers and employees expect access to information and applications at any time and from any device, with no tolerance for downtime or data loss. IT organizations must therefore make data and applications available to all stakeholders every minute of every day. This is the era of the Always-On Business™.

at

e

or

Achieving non-stop service and continuous protection has traditionally required a significant investment in fully redundant systems with instant failover capabilities. These kinds of investments could only be justified for a few applications, so the vast majority of workloads were served with lower performing, legacy backup solutions allowing recovery time objectives and recovery point objectives (RTO and RPO) of several hours or days. These low performance levels fail to meet the requirements of the Always-On Business, creating a significant availability gap.

up

lic

Veeam® bridges this availability gap by leveraging the capabilities of the modern data center – including virtualization, new storage integration and cloud capabilities – to provide five key enabling capabilities. These enabling capabilities in turn allow for a recovery time and point objective (RTPO™) of <15 minutes for the majority of workloads, bridging the availability gap and enabling the Always-On Business. Description

D

Benefit

ot

High-Speed Recovery

o

N

Data Loss Avoidance

D

Verified Recoverability

Enables low recovery time objectives (RTOs) of <15 minutes; enables rapid recovery of the data customers want, in the form that they want it Avoids data loss by enabling low recovery point objectives (RPOs ) of <15 minutes, and by facilitating off-site data protection Ensures that files, applications, and virtual servers can be reliably restored when needed; ensures business resiliency through automated backup and DR testing

Leveraged Data

Eliminates the risks associated with application deployment, configuration changes, and other testing scenarios; allows testing of changes in a production-like environment before actually deploying them

Complete Visibility

Provides monitoring and alerting tools so that you can discover and be alerted to issues and potential problems in your IT environment before they have a significant impact on your operations

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

1

Module 1: Overview

1.1.2. Veeam Backup & Replication Veeam Backup & Replication is an availability, data protection and disaster recovery solution for VMware vSphere and Microsoft Hyper-V virtual environments of any size and complexity.

ib ut e

To provide the most comprehensive protection of your virtual infrastructure, Veeam Backup & Replication complements image-based backup with image-based replication. You can back up any VM, VM container or VM disk, as well as replicate VMs onsite for high availability (HA) or offsite for disaster recovery (DR), across local area and wide area networks.

tr

By leveraging the latest technological advancements of the virtualization technology, Veeam Backup & Replication delivers unprecedented replication speed. It provides near-continuous data protection (or near-CDP) at a fraction of the cost of traditional CDP systems – you can capture changes and update VM images as often as every few minutes as the replication job can be set to run Continuously.

is

Veeam Backup & Replication offers vPower – Veeam’s technology that allows you to:

at

e

or

D

Immediately recover a failed VM, thus reducing downtime of production VMs to the minimum (see Instant VM Recovery). Verify recoverability of every backup by starting and testing VMs directly from VM backups in an isolated environment. Restore items from any virtualized applications with Veeam Explorers and U-AIR. Restore guest OS files with Multi-OS File-Level Recovery.

lic

1.1.3. Veeam ONE

up

Veeam ONE delivers powerful, easy-to-use and affordable monitoring, reporting and capacity planning for virtual and backup infrastructures:

D

o

N

ot

D

Real-time monitoring – 24x7 real-time monitoring and alerting, with built intelligence for fast troubleshooting and problem resolution Documentation and management reporting – pre-deployment analysis of backup requirements, complete documentation of the structure and state of your virtual and backup infrastructures, plus automated and on-demand reporting Capacity planning – trend analysis, provisioning recommendations, what-if modeling and more Chargeback and billing — complete visibility into IT costs of compute, storage and backup repository resources Business categorization – technical- and business-oriented views of your virtual environment

1.1.4. Veeam Management Pack for System Center Veeam Management Pack for System Center supports both vSphere and Hyper-V virtual environments, offering the same features for monitoring, reporting and capacity planning for both hypervisors. Veeam Management Pack extends System Center’s monitoring capabilities to include Hyper-V and vSphere virtual machines and hosts, the hardware, storage and network resources they run on, as 2

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 1: Overview

well as the Veeam Backup & Replication infrastructure. Veeam MP automatically integrates System Center’s native monitoring of critical applications like Microsoft Exchange and SQL Server and provides drill-down view from the application to virtualization layer and further to the hardware sensors data.

1.1.5. The Veeam Backup & Replication Add-on for Kaseya

ib ut e

The Veeam Backup Add-on for Kaseya bridges the Kaseya platform with Veeam Backup & Replication and allows Managed Service Providers to remotely monitor their Veeam backup infrastructures and estimate data protection efficiencies for the managed virtual environments.

With the add-on, you can perform the following operations from within the Kaseya web interface:

at

e

or

D

is

tr

Audit the state and performance of Veeam backup infrastructure components Analyze VM data protection for managed customer virtual environments and ensure that critical VMs have valid backup and replica restore points that meet established RPO requirements See an overview of all types of jobs managed by Veeam backup servers and monitor job completion results Receive informative alerts about critical situations around the backup infrastructure components and data protection operations Generate reports based on data collected from Veeam backup servers and protected VMs Monitor backup infrastructure machines and protected VMs, perform basic maintenance, troubleshoot and fix problems with Kaseya Live Connect

lic

1.1.6. Veeam Backup & Replication Plug-in for LabTech

D

up

This Veeam plugin for LabTech is designed for Service Providers and IT Departments using the LabTech Remote Monitoring and Management (RMM) platform and Veeam Backup & Replication. With the Veeam Backup & Replication Plug-in for LabTech, you get a single pane of glass view of your Veeam backup activity from inside the LabTech Control Center, providing complete visibility into your virtual infrastructure.

ot

You can perform the following from within the LabTech Control Center:

D

o

N

Manage, view and monitor all backup jobs managed by Veeam backup servers including the ability to start, stop, retry and disable jobs Analyze protected and unprotected VMs to ensure critical VMs have valid backup and replica restore points Receive critical alerts and automatically raise tickets and alarms Perform day-to-day maintenance, troubleshoot and fix problems based off a pre-defined list of reports, monitors and data views with zero configuration required Generate reports based on data collected from the Veeam backup servers and associated VMs

1.2. Key Concepts In the “key concepts” topic, concepts like RTO and RPO will be defined, and their relation to Business Continuity and Disaster Recovery will be explained. Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

3

Module 1: Overview

1.2.1. Key Concepts Concept

Details An activity performed by an organization to ensure that critical business functions will be available to customers, suppliers, regulators, and other entities that must have access to those functions.

Disaster Recovery (DR)

A process, policies and procedures that are related to preparing for recovery or continuation of technology infrastructure which are vital to an organization after a natural or human-induced disaster.

Recovery Point Objective (RPO)

The maximum tolerable period in which data might be lost from an IT service due to a major incident. Essentially, it is the acceptable time period data can be backdated to a restore.

Recovery Time Objective (RTO)

The duration of time and a service level within which a business process must be restored after a disaster (or disruption) in order to avoid unacceptable consequences associated with a break in business continuity. Essentially, it is the amount of time allowable between off-line due to disaster and on-line from recovery.

or

D

is

tr

ib ut e

Business Continuity (BC)

e

1.3. Course Overview

lic

at

Keeping your business up and running at all times is critical. Businesses today require 24/7 access to data, efficient management of exploding data growth, and little tolerance for downtime and data loss. With Veeam® Availability Suite™, Veeam has created a new solution category and thus a new market: Availability for the Modern Data Center™ to enable the Always-On Business™:

ot

D

up

High-Speed Recovery: Rapid recovery of what you want, the way you want it Data Loss Avoidance: Near-continuous data protection and streamlined disaster recovery Verified Recoverability: Guaranteed recovery of every file, application or virtual server, every time Leveraged Data: Low-risk deployment with a production-like test environment Complete Visibility: Proactive monitoring and alerting of issues before operational impact

D

o

N

Veeam Backup & Replication delivers backup, recovery and replication for VMware and Hyper-V. This #1 VM Backup™ solution helps organizations meet RPOs and RTOs, save time, eliminate risks and dramatically reduce capital and operational costs. Veeam Availability Suite™ combines Veeam Backup & Replication with advanced monitoring and reporting capabilities to help organizations of all sizes protect virtualization, increase administrator productivity and mitigate daily management risks. By the end of this course you should be able to: Understand basic and advanced backup terminology Understand Veeam Backup & Replication architecture, backup methods, transport modes and other mechanisms Install and set up Veeam Backup & Replication, Veeam ONE, Veeam Backup Enterprise Manager to prepare your infrastructure for assessment and backup deployment Create, edit and set up backups 4

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 1: Overview

D

o

N

ot

D

up

lic

at

e

or

D

is

tr

ib ut e

Create replications and perform their failovers, set up failover plans Verify restore points using such mechanisms as: SureReplica and SureBackup Restore Windows, Linux and other guest OS files, Exchange, Oracle, AD, SQL and SharePoint objects using different mechanisms provided by Veeam Backup & Replication Take backups off and archive backups to tape using native tape support and backup copy option Install, set up and work with WAN Accelerator Leverage storage snapshots for backups and restores

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

5

D

o

N

ot

D

up

lic

at

e

or

D

is

tr

ib ut e

Module 1: Overview

6

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 2: Deployment

2. Deployment

ib ut e

Veeam Backup & Replication is a modular solution which allows flexible scalability for environments of different sizes and configuration. The installation package of Veeam Backup & Replication includes a set of components used to configure your backup infrastructure. Some of them are mandatory and provide core functionality; some of them are optional and can be installed to provide additional functionality for your business and deployment needs. You can consolidate Veeam Backup & Replication components on the same machine, either physical or virtual, or you can set them up separately for a more scalable approach.

2.1. Core Components and Their Interaction

is

tr

Veeam Backup & Replication comprises the following components. Some of the components are installed using a setup file and others are configured while working with the product.

D

2.1.1. Veeam Backup Server

at

e

or

The Veeam Backup Server is a Windows-based physical or virtual machine on which Veeam Backup & Replication is installed. It is the core component in the backup infrastructure that fills the role of the “configuration and control center”. The Veeam backup server performs all types of administrative activities including:

up

lic

Coordinating backup, replication, recovery verification and restore tasks Controlling job scheduling and resource allocation Setting up and managing backup infrastructure components as well as specifying global settings for the backup infrastructure

D

In addition to its primary functions, a newly deployed Veeam backup server also performs the roles of the default backup proxy, which manages the data handling, and the default backup repository, which handles the data storing tasks.

ot

The Veeam backup server uses the following services and components:

N

Veeam Backup Service

D

o

Manages scheduled jobs, serves Veeam Backup Enterprise Manager requests.

Veeam Installer Service Enables installing, updating and configuring Veeam Backup & Replication components.

Veeam Backup Catalog Service Manages guest OS file system indexing for VMs and replicates system index data files to enable search through guest OS files.

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

7

Module 2: Deployment

Veeam Backup PowerShell Snap-In

Veeam Data Mover Services

Used by Veeam Backup Service, Veeam Backup Shell and Veeam Backup Catalog Service to store data about the backup infrastructure, jobs, sessions and so on. The database instance can be located on a SQL Server installed either locally (on the same machine where the Veeam backup server is running) or remotely.

Acts as an extension for Microsoft Windows PowerShell 2.0. Veeam Backup PowerShell adds a set of cmdlets to allow users to perform backup, replication and recovery tasks through the command-line interface of PowerShell or run custom scripts to fully automate operation of Veeam Backup & Replication.

Responsible for deploying and coordinating executable modules that act as "data movers" and perform main job activities on behalf of Veeam Backup & Replication, such as communicating with VMware Tools, copying VM files, performing data deduplication and compression and so on.

Veeam Mount Service

Veeam Broker Service

Mounts backups and replicas for file-level access, browsing the VM guest file system and restoring VM guest OS files and application items to the original location.

Interacts with the virtual infrastructure to collect and cache the virtual infrastructure topology. Jobs and tasks query information about the virtual infrastructure topology from the broker service, which accelerates job and task performance.

lic

at

e

or

D

is

tr

ib ut e

Veeam Backup SQL Database

up

2.1.2. Veeam Backup Proxy (VMware)

D

When Veeam Backup & Replication is initially installed, the Veeam backup server coordinates all job activities and, until you deploy a Backup Proxy, handles data traffic itself.

N

ot

That is, when you run a backup, replication, VM copy, VM migration job or perform restore operations, VM data is moved from source to target through the Veeam backup server. So, by default Veeam backup server plays backup proxy role. This scenario is acceptable for virtual environments where few backup jobs are performed; in large-scale environments, however, the workload on the Veeam backup server will be significant.

D

o

To take the workload off the Veeam backup server, Veeam Backup & Replication uses backup proxies. A backup proxy is an architecture component that sits between data source and target and is used to process jobs and deliver backup traffic. In particular, the backup proxy tasks include retrieving VM data from the production storage, compressing and sending it to the backup repository (for example, if you run a backup job) or another backup proxy (for example, if you run a replication job). As the data handling task is assigned to the backup proxy, the Veeam backup server becomes the “point of control” for dispatching jobs to proxy servers. The role of a backup proxy can be assigned to a dedicated Windows server (physical or virtual) in your virtual environment. You can deploy backup proxies both in the primary site and in remote sites.

8

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 2: Deployment

To optimize performance of several concurrent jobs, you can use a number of backup proxies. In this case, Veeam Backup & Replication will distribute the backup workload between available backup proxies.

ib ut e

Using backup proxies lets you easily scale your backup infrastructure up and down based on your demands. Backup proxies run light-weight services that take a few seconds to deploy. Deployment is fully automated – Veeam Backup & Replication installs the necessary components on a Windowsbased server when you add it to the product console. As soon as you assign the role of a backup proxy to the added server, Veeam Backup & Replication starts the required services on it. The primary role of the backup proxy is to provide an optimal route for backup traffic and enable efficient data transfer.

tr

Transport Modes (VMware)

or

D

is

Efficiency of a backup job and time required for its completion in many respects depends on the transport mode. The following section will review various transport modes Veeam Backup & Replication uses to process VMware vSphere virtual machines.

Transport Modes (VMware)

at

e

The transport mode is a method that is used by the Veeam Data Mover Service to read VM data from the source and write VM data to the target.

D

up

lic

Depending on the type of backup proxy and your backup architecture, the backup proxy can use one of the following data transport modes: Direct Storage Access, Virtual Appliance or Network. If the VM disks are located on the SAN storage and the SAN storage is added to the Veeam Backup & Replication console, the backup proxy can also use the Backup from Storage Snapshots mode. You can explicitly select the transport mode or let Veeam Backup & Replication automatically choose the mode.

ot

For reading data, Veeam Backup & Replication offers the following modes (starting with the most efficient):

N

Direct Storage Access Virtual Appliance Network

D

o

The Veeam Data Mover (transport) service is responsible for reading data on a backup proxy server. The transport mode can be defined in the settings of the backup proxy that performs the job. When configuring backup proxy settings, you can manually select a transport mode or let Veeam Backup & Replication select the most appropriate mode automatically. If you use automatic mode selection, Veeam Backup & Replication will scan the backup proxy configuration and its connection to the VMware infrastructure to choose the optimal transport mode. If multiple transport modes are available for the same proxy, Veeam Backup & Replication will choose the mode in the following order: Direct Storage Access → Virtual Appliance → Network. For writing data to the target destination, Veeam Backup & Replication normally uses the Network

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

9

Module 2: Deployment

mode. In some cases, such as VM replication or full VM recovery, Veeam Backup & Replication also supports the Virtual Appliance mode and the Direct Storage Access mode (for restore operations where the backup proxy is engaged, for example, full VM restore, VM disk restore and replica failback).You cannot select the transport mode for writing data – Veeam Backup & Replication selects it automatically, based on the backup proxy configuration.

ib ut e

For all transport modes, Veeam Backup & Replication leverages VMware vStorage APIs for Data Protection (VADP). VADP can be used for VMware vSphere starting from v4 Applicability and efficiency of each transport mode primarily depends on the type of datastore used by the source host (local or shared), and on the backup proxy server type (physical or virtual). The table below shows recommendations for installing the backup proxy, depending on the storage type and desired transport mode.

Physical or Virtual Proxy

Local storage

Not supported

is

NFS storage

D

iSCSI SAN

Physical or Virtual Proxy

Virtual Proxy running on an ESX(i) host connected to the storage device

or

Physical Proxy with direct FC access to the SAN

Network Mode

Not recommended

Physical or Virtual Proxy connecting to the ESX(i) host(s) VMkernel interface (management network)

at

Fiber Channel (FC) SAN

Virtual Appliance

tr

Direct Storage Access

e

Production Storage Type

lic

Virtual Proxy on every ESX(i) host

ot

D

up

Veeam Backup & Replication processes VM disks one by one or in parallel, depending on the data processing settings you select. If VM disks are located on different storages (for example, on the SAN and local storage subsystem), Veeam Backup & Replication will use different transport modes to process VM disks. In such scenario, it is strongly recommended that you select the Failover to network mode if primary transport modes fail or are unavailable option when configuring the mode settings for the necessary backup proxy.

N

Direct Storage Access

D

o

In the Direct storage access mode, Veeam Backup & Replication reads/writes data directly from/to the storage system where VM data or backups are located. This mode unites two transport modes: Direct SAN access Direct NFS access

Direct SAN Access 10

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 2: Deployment

The Direct SAN access transport mode is recommended for VMs whose disks are located on shared VMFS SAN LUNs that are connected to ESX(i) hosts over FC, FCoE, iSCSI, and on shared SAS storage.

at

e

or

D

is

tr

ib ut e

In the Direct SAN access transport mode, Veeam Backup & Replication leverages VMware VADP to transport VM data directly from and to FC and iSCSI storage over the SAN. VM data travels over the SAN, bypassing ESX(i) hosts and the LAN. The Direct SAN access transport method provides the fastest data transfer speed and produces no load on the production network.

ot

D

up

Backup Replication VM copy Quick migration Entire VM restore VM disk restore Replica failback

lic

The Direct SAN access transport mode can be used for all operations where the backup proxy is engaged:

N

The process of data retrieval in Direct SAN Access mode includes the following steps:

D

o

1. The backup proxy sends a request to the ESX(i) host to locate the necessary VM on the datastore. 2. The ESX(i) host locates the VM. 3. Veeam Backup & Replication triggers VMware vSphere to create a VM snapshot. 4. The ESX(i) host retrieves metadata about the layout of VM disks on the storage (physical addresses of data blocks). 5. The ESX(i) host sends metadata to the backup proxy. 6. The backup proxy uses metadata to copy VM data blocks directly from the source storage over the SAN. 7. The backup proxy processes copied data blocks and sends them to the target.

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

11

Module 2: Deployment

Important! The backup proxy using Direct SAN Access mode must be connected directly into the SAN fabric. If no “Failover to the network mode” option is chosen and a direct SAN connection is not configured or not available when a job or task starts, the job or task will fail.

ib ut e

Veeam Backup & Replication allows you to switch to the Network mode and retrieve VM data through the ESX(i) host over the LAN if the SAN becomes inaccessible. This option is selected by default to ensure that backup jobs can be completed in any case. However, it puts additional load on your production network and thus may potentially affect performance if you are running backup and replication jobs during business hours.

is

tr

Important! If you install Veeam Backup & Replication in a VM and plan to use the Direct SAN access mode without adding any Backup Proxy, you need to make sure that the Veeam Backup Server has direct access to the production storage or that you deploy a Backup Proxy that has direct access to the production storage.

or

D

Additionally, you can use the Direct SAN Access mode for those restore operations where the backup proxy is engaged, for example, full VM restore, VM disk restore and replica failover. The Direct SAN Access transport mode can be used to restore VMs with thick disks only. Before VM data is restored, the ESX(i) host needs to allocate space for the restored VM disk on the datastore:

at

e

When thick disks are restored, the ESX(i) host allocates space on disk before writing VM data. When thin disks are restored, the ESX(i) host attempts to allocate space on the fly, as requests for data blocks restore are received.

lic

As a result, restore of thin disks involves extra allocation overhead if compared to restore of thick disks, which results in decreased performance.

ot

D

up

To restore VMs with thin disks, you can use the Virtual Appliance mode or the Network mode. If you plan to process a VM that has both thin and thick disks, you can select the Direct SAN Access transport mode and choose to failover to the Network mode if SAN becomes inaccessible. In this case, Veeam Backup & Replication will use the Direct SAN Access transport mode to restore thick disks and the Network transport mode to restore thin disks. Alternatively, you can restore all VM disks as thick.

N

Direct NFS Access

o

The Direct NFS access is a recommended transport mode for VMs whose disks are located on NFS datastores.

D

In the Direct NFS access mode, Veeam Backup & Replication bypasses the ESX(i) host and reads/writes data directly from/to NFS datastores. To do this, Veeam Backup & Replication deploys its native NFS client on the backup proxy and uses it for VM data transport. VM data still travels over LAN but there is no load on the ESX(i) host.

12

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

tr

ib ut e

Module 2: Deployment

is

The Direct NFS access mode can be used for all operations where the backup proxy is engaged:

e

or

D

Backup Replication Quick migration VM copy Entire VM restore VM disk restore Replica failback

up

lic

at

Veeam Backup & Replication deploys its NFS agent on every backup proxy when you assign the backup proxy role to a Microsoft Windows server (physical or virtual). To instruct the backup proxy to use the Direct NFS access mode, you must choose the Automatic selection or Direct storage access option in the backup proxy settings. Direct NFS access mode can be used in VMware vSphere environments running NFS v3 and NFS v4.1 (NFS v4.1 is only supported for VMware vSphere 6.0 and later).

D

To read and write data in the Direct NFS transport mode, the backup proxy must meet the following requirements:

N

ot

The backup proxy must have access to the NFS datastore. The backup proxy must have Read Only/Write permissions and root access to the NFS datastore.

D

o

Veeam Backup & Replication selects backup proxies working in the Direct NFS access transport mode by the following rules: If you instruct Veeam Backup & Replication to select a backup proxy automatically for a job or task, Veeam Backup & Replication picks a backup proxy with the minimum number of hops to the NFS datastore. If there are several backup proxies with the equal number of hops in the backup infrastructure, Veeam Backup & Replication picks the least busy backup proxy in the backup infrastructure. If all backup proxies with the minimum number of hops are busy at the moment, Veeam Backup & Replication waits until these backup proxies are free. Veeam Backup & Replication does not pick a backup proxy that has a greater number of hops to the NFS datastore and works in the Direct NFS access or Virtual Appliance transport mode.

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

13

Module 2: Deployment

If you select one or more backup proxies explicitly for a job or task, Veeam Backup & Replication does not regard the number of hops to the NFS datastore. Veeam Backup & Replication picks the least busy backup proxy working in the Direct NFS access transport mode. If all backup proxies working in the Direct NFS access transport mode are busy, Veeam Backup & Replication waits until these backup proxies are free. Veeam Backup & Replication does not pick a backup proxy working in the Virtual Appliance transport mode.

ib ut e

To detect the number of hops from a backup proxy to the NFS datastore, Veeam Backup & Replication uses the host discovery process. During host discovery, Veeam Backup & Replication obtains information about the number of hops, checks to which NFS datastores the backup proxy has access and what permissions the backup proxy has on NFS datastores.

D

is

tr

The host discovery process rescans all Microsoft Windows machines to which the backup proxy role is assigned. The process starts automatically every 4 hours. Host discovery is also triggered when you change the transport mode settings and choose to use the Direct storage access for the backup proxy. If necessary, you can start the host discovery process manually. To do this, perform the Rescan operation for a machine to which the backup proxy role is assigned.

or

If you enable the Enable VMware tools quiescence option in the job settings, Veeam Backup & Replication will not use the Direct NFS transport mode to process running Microsoft Windows VMs that have VMware Tools installed.

at

e

If a VM has some disks that cannot be processed in the Direct NFS access mode, Veeam Backup & Replication processes these VM disks in the Network transport mode.

lic

Cisco HyperFlex storage

up

If VMware vSphere VMs store their disks on Cisco HyperFlex storages, Veeam Backup & Replication can use the Direct NFS access mode to process such VMs.

D

To allow Veeam Backup & Replication to access VM data directly over the HyperFlex Data network, by NFS protocol, the infrastructure must meet the following requirements:

D

o

N

ot

Direct NFS access is enabled on data platform controllers. For more information, see https://www.veeam.com/kb2300. VMs do not have Cisco HyperFlex snapshots (including the base snapshot) or VMware vSphere snapshots. VMs meet requirements described in the Limitations for Direct NFS access section. Backup proxies assigned for jobs work in the Direct storage access or Automatic selection modes. Backup data read over NFS is processed by a single HyperFlex Controller that holds the HyperFlex Controller Cluster IP.

Important! If these requirements are not met, Veeam Backup & Replication can process VM data in the Virtual appliance or Network transport mode.

14

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 2: Deployment

Virtual Appliance

ib ut e

This mode is recommended and can only be used if the backup proxy is deployed on a VM. The Virtual Appliance (also referred to as Hot-Add) mode uses the SCSI hot-add capability of ESXi hosts to attach disks of the backed up VM to the backup proxy VM. In In this mode, VM data is retrieved directly from storage through the ESXi I/O stack, instead of going through the network stack, which improves performance.

D

Network Mode

up

lic

at

e

or

D

is

tr

Important! To ensure that a VM can be backed up using Virtual Appliance mode, it’s important to make sure the ESX(i) host on which the backup proxy VM resides has access to the storage where disks of a backed up VM are located.

D

o

N

ot

This mode can be used with any infrastructure configuration. However, when an alternative transport mode is applicable, the Network mode is not recommended because it has the lowest data retrieval speed. It is the only applicable mode when the backup proxy is a physical machine and the host uses local storage. In this mode, data is retrieved via the ESX (i) host over the LAN using Network Block Device protocol (NBD).

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

15

is

tr

ib ut e

Module 2: Deployment

D

The process of data retrieval in Network mode includes the following steps:

at

e

or

1. The backup proxy sends a request to the ESX(i) host to locate the necessary VM on the datastore. 2. The ESX(i) host locates the VM on the datastore. 3. Veeam Backup & Replication triggers VMware vSphere to create a VM snapshot, copies VM data blocks from the source storage and sends them to the backup proxy over LAN. 4. The backup proxy sends the data to target.

D

up

lic

Veeam Backup & Replication processes VM disks one by one or in parallel, depending on selected data processing settings. If VM disks are located on different storages (for example, on the SAN and local storage), Veeam Backup & Replication uses different transport modes to process VM disks. In such scenario, it is strongly recommended that you select the Failover to network mode if primary transport modes fail or are unavailable option when configuring the mode settings for the backup proxy.

ot

2.1.3. Veeam Backup Proxy (Hyper-V)

D

o

N

By default, when you perform backup, replication or VM copy jobs in the Hyper-V environment, VM data is processed directly on the source Hyper-V host where VMs reside and then moved to the target. However VM data processing can produce unwanted overhead on the production Hyper-V host and impact performance of VMs running on this host. To take data processing off the production Hyper-V host, the off-host backup mode can be used. The off-host mode shifts the backup and replication load to a dedicated machine – an off-host backup proxy. The off-host backup proxy functions as a “data mover” which retrieves VM data from the source datastore, processes it and transfers it to the destination. Online backup is the recommended backup method for Microsoft Hyper-V VMs. This type of backup requires no downtime. VMs remain running for the whole period of backup, and users can access them without any interruption. Online backup can be performed if VMs meets a number of

16

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 2: Deployment

requirements. For more information, see Microsoft Hyper-V documentation in TechNet article DD252619 (Planning for Backup). The procedure of online backup depends on the Microsoft Hyper-V Server version:

ib ut e

Microsoft Hyper-V Server 2008 R2 and 2012 Microsoft Hyper-V Server 2012 R2 Microsoft Hyper-V Server 2016 Microsoft Hyper-V Server 2008 R2 and 2012

tr

For online backup of VMs on Microsoft Hyper-V Server 2008 R2 and 2012, Veeam Backup & Replication uses a native Microsoft Hyper-V approach. To quiesce VM data, Microsoft Hyper-V employs two Microsoft VSS frameworks that work at two different levels and communicate with each other:

or

D

is

Microsoft VSS framework inside the VM guest OS. This framework is responsible for quiescing data of Microsoft VSS-aware applications inside the VM and creating a snapshot inside the VM guest OS. This snapshot is known as internal snapshot. Microsoft VSS framework at the Microsoft Hyper-V host level. This framework is responsible for creating a snapshot of a volume on which VM disks are located. This snapshot is known as external snapshot.

at

e

Online backup for VMs on Microsoft Hyper-V Server 2008 R2 and 2012 is performed in the following way:

D

o

N

ot

D

up

lic

1. Veeam Backup & Replication interacts with the Microsoft Hyper-V host VSS Service and requests backup of a specific VM. 2. The Microsoft VSS Writer on the Microsoft Hyper-V host passes the request to the Microsoft Hyper-V Integration Components (HV-IC) installed inside the VM guest OS. 3. The HV-IC acts as a VSS Requestor for the framework inside the VM. It communicates with this framework and requests backup of Microsoft VSS-aware applications running on the VM. 4. VSS Writers for Microsoft VSS-aware applications on the VM are instructed to quiesce application data. 5. After the applications are quiesced, the framework inside the VM takes an internal snapshot using a Microsoft VSS software provider in the VM guest OS. 6. The VM returns from the read-only state to the read-write state, and operations inside the VM are resumed. The created snapshot is passed to the HV-IC. 7. The HV-IC notifies the hypervisor that the VM is ready for backup. 8. The Microsoft Hyper-V host VSS provider takes a snapshot of a volume on which VM disks are located (external snapshot). After that, Microsoft VSS triggers the auto-recovery process. For more information, see Auto-Recovery. 9. The volume snapshot is presented to Veeam Backup & Replication. Veeam Backup & Replication reads VM data from the volume snapshot in one of two backup modes — on-host backup or off-host backup. 10. After the backup is complete, the volume snapshot is deleted.

Auto-Recovery Internal and external snapshots are taken one after another, with a little time difference. During this time interval, the VM on the volume is not frozen — its applications and OS are working as usual. For Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

17

Module 2: Deployment

this reason, when the external snapshot is created, there may remain unfinished application transactions inside the VM, and this data can be lost during backup. To make sure the VM data is consistent at the moment of backup, Microsoft Hyper-V VSS Writer performs additional processing inside the created external snapshot. This process is also known as auto-recovery.

ib ut e

Auto-recovery is performed after a volume snapshot is taken. The auto-recovery process is performed in the following way:

D

is

tr

1. Right after the snapshot of a volume is taken, Microsoft Hyper-V host VSS allows the Microsoft Hyper-V host VSS Writer time to update data inside the external snapshot, before it is permanently put to the read-only state. 2. The volume snapshot is temporarily mounted to the Microsoft Hyper-V host as a new volume with the read-write access. 3. The Microsoft Hyper-V host VSS Writer rolls back a VM on the external snapshot to the state of the internal snapshot. All changes that took place after the internal snapshot was taken are discarded. This way, VM data inside the external snapshot is brought to a completely consistent state. At the same time, the internal snapshot inside the VM guest OS is deleted.

or

As a result, you have a VM on the production volume, and a consistent volume snapshot that Veeam Backup & Replication can use for backup.

e

Microsoft Hyper-V Server 2012 R2

at

For Microsoft Hyper-V Server 2012 R2, Microsoft VSS adds backup and auto-recovery checkpoints to the backup process.

up

lic

To quiesce VM data, Veeam Backup & Replication leverages two Microsoft VSS frameworks that work at two different levels and communicate with each other:

ot

D

Microsoft VSS framework inside the VM guest OS. This framework is responsible for quiescing data of Microsoft VSS-aware applications inside the VM and creating a snapshot inside the VM guest OS. Microsoft VSS framework at the Microsoft Hyper-V host level. This framework is responsible for creating a snapshot of a volume on which VM disks are located.

N

Online backup for VMs on Microsoft Hyper-V 2012 R2 is performed in the following way:

D

o

1. Veeam Backup & Replication interacts with the Microsoft Hyper-V host VSS Service and requests backup of a specific VM. 2. The Microsoft VSS Writer on the Microsoft Hyper-V host passes the request to the Microsoft Hyper-V Integration Components (HV-IC) installed inside the VM guest OS. 3. The HV-IC acts as a VSS Requestor for the framework inside the VM. It communicates with this framework and requests backup of Microsoft VSS-aware applications running on the VM. 4. VSS Writers for Microsoft VSS-aware applications on the VM are instructed to quiesce application data. 5. After the applications are quiesced, Microsoft Hyper-V VSS takes a backup checkpoint of the VM. Every virtual disk of a VM receives a temporary file named GUID.avhdx. All new writes that occur to the VM until the volume snapshot is taken are redirected to this file. 6. Right after taking the backup checkpoint, Microsoft Hyper-V VSS takes another auxiliary

18

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 2: Deployment

12. 13. 14.

D

15.

ib ut e

9. 10. 11.

tr

8.

is

7.

checkpoint — auto-recovery checkpoint. Every virtual disk of a VM receives a temporary file named GUID-Autorecovery.avhdx. The auto-recovery checkpoint helps make sure that VM data is consistent during backup. The auto-recovery checkpoint does not depend on the backup checkpoint — it is taken independently in a new checkpoint chain. The framework inside the VM takes an internal snapshot using a Microsoft Hyper-V Integration Services Shadow Copy provider in the VM guest OS. The created internal snapshot is passed to the HV-IC. The HV-IC notifies the hypervisor that the VM is ready for backup. Microsoft Hyper-V VSS performs auto-recovery — it mounts the auto-recovery checkpoint to the VM, rolls back data on the VM to the consistent state. The Microsoft Hyper-V host VSS provider takes a snapshot of a volume on which VM disks are located (external snapshot). The auto-recovery checkpoint is merged with the original VM. The volume snapshot is presented to Veeam Backup & Replication. Veeam Backup & Replication reads VM data from the volume snapshot in one of two backup modes — on-host backup or off-host backup. After the backup is complete, the volume snapshot is deleted, and the backup checkpoint is merged with the original VM.

or

Microsoft Hyper-V Server 2016

e

Online backup of VMs on Microsoft Hyper-V 2016 relies on production checkpoints.

lic

at

Production checkpoints are point-in-time images of VMs. When producing production checkpoints, Microsoft Hyper-V does not put VMs to the saved state. Instead, it quiesces data on VMs with the help of the Microsoft VSS technology (for Microsoft Windows VMs) or file system freeze (for Linux VMs). The resulting checkpoints are application-consistent, so you can recover VMs without any data loss.

up

Veeam Backup & Replication performs online backup with the help of production checkpoints only if the following conditions are met:

ot

D

VM configuration version is upgraded to 8. VMs are deployed on Microsoft Hyper-V Server 2016 [For Microsoft Hyper-V clusters] All hosts in the cluster are upgraded to Microsoft Hyper-V Server 2016 and the cluster functional level is upgraded.

N

Online backup is performed in the following way:

D

o

1. Veeam Backup & Replication interacts with Microsoft Hyper-V VSS and requests backup of a specific VM. 2. Microsoft Hyper-V VSS leverages Microsoft VSS inside the VM (for Microsoft Windows VMs) or file system freeze (for Linux VMs) to bring data on the VM guest OS to a consistent state. 3. Microsoft Hyper-V VSS creates a production checkpoint for the VM. Every virtual disk of a VM receives a temporary AVHDX file. All new writes are redirected to temporary AVHDX files. 4. Further activities depends on the backup mode: In the on-host backup mode, Veeam Backup & Replication reads data from VM disks in the read-only state. After the VM processing completes, the production checkpoint is merged with the original VM.

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

19

Module 2: Deployment

lic

Backup Modes (Hyper-V)

at

e

or

D

is

tr

ib ut e

In the off-host backup mode, the Microsoft Hyper-V host VSS provider takes a snapshot of a volume on which VM disks are located. Immediately after that, the production checkpoint is merged with the original VM. The volume snapshot is mounted to the offhost backup proxy and presented to Veeam Backup & Replication. Veeam Backup & Replication reads VM data from the volume snapshot. After the backup job completes, the volume snapshot is deleted.

D

up

Veeam Backup & Replication offers two modes for processing volume shadow copies – onhost backup and off-host backup. The difference between the two modes lies in the location where VM data is processed.

ot

On-host Backup

o

N

During on-host backup, VM data is processed on the source Hyper-V host where the VMs you want to back up or replicate reside. All processing operations are performed directly on the source Hyper-V host. For this reason, onhost backup may result in high CPU usage and network overhead on the host system.

D

The on-host backup process includes the following steps: 1. Veeam Backup & Replication triggers a snapshot of the necessary volume. 2. The Veeam data mover service uses the created volume snapshot to retrieve VM data; it then processes the VM data and copies it to the destination. 3. Once the backup process is complete, the volume snapshot is deleted.

20

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 2: Deployment

Off-host Backup

ib ut e

In the off-host backup mode, backup processing shifts from the source Hyper-V host to a dedicated machine – an off-host backup proxy. The off-host backup proxy acts as a “data mover” – the Veeam Data Mover ( also called “transport”) service running on it retrieves VM data from the source datastore, processes it and transfers to the destination. This type of backup does not impose load on the Hyper-V host – while resource intensive backup operations are performed on the off-host backup proxy, production hosts remain unaffected.

is

tr

To perform off-host backup, Veeam Backup & Replication uses transportable shadow copies. The transportable shadow copy technology enables you to create a snapshot of a data volume on one server and import, or mount, it onto another server within the same subsystem (SAN) for backup and other purposes. The transport process is accomplished in a few minutes, regardless of the amount of the data. The process is performed at the SAN storage layer so it does not impact the host CPU usage or network performance. In order to perform off-host backup, you must meet the following requirements:

at

e

or

D

You must configure an off-host backup proxy. The role of an off-host backup proxy can be assigned only to a Microsoft Windows 2008 Server R2 machine with the Hyper-V role enabled, to a Microsoft Windows Server 2012 machine with the Hyper-V role enabled, to a Microsoft Windows Server 2012 R2 machine with the Hyper-V role enabled or to a Microsoft Windows 2016 Server machine with Hyper-V role enabled.

up

lic

Note: The version of the Hyper-V host and off-host backup proxy must match. For example, if you use a Microsoft Windows 2008 Server R2 machine with the Hyper-V role enabled as a Hyper-V host, you should deploy the off-host backup proxy on a Microsoft Windows 2008 Server R2 machine with the Hyper-V role enabled. Also please note that Nano Server does not support hardware VSS and as such cannot be used for off-host backup.

D

o

N

ot

D

In the properties of a backup or replication job, you must select the off-host backup method. If necessary, you can point the job to a specific proxy. The source Hyper-V host and the off-host backup proxy must be connected (through a SAN configuration) to the shared storage. To create and manage volume shadow copies on the shared storage, you must install and properly configure a VSS hardware provider that supports transportable shadow copies on the off-host proxy and Hyper-V host. Typically, when configuring a VSS hardware provider, you need to specify a server controlling the LUN and disk array credentials to provide access to the array. If you back up VMs whose disks reside on a CSV with Data Deduplication enabled, make sure that you use a Microsoft Windows 2012 R2 or newer machine as an off-host backup proxy and enable the Data Deduplication option on this off-host backup proxy. Otherwise, off-host backup will fail.

The off-host backup process includes the following steps: 1. Veeam Backup & Replication triggers a snapshot of the necessary volume on the production Hyper-V host. 2. The created snapshot is split from the production Hyper-V server and mounted to the off-host Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

21

Module 2: Deployment

backup proxy. 3. The Veeam data mover running on a backup proxy uses the mounted volume snapshot to retrieve VM data; the VM data is processed on the proxy server and copied to the destination. 4. Once the backup process is complete, the snapshot is dismounted from the off-host backup proxy and deleted on the SAN.

tr

ib ut e

Important! If you plan to perform off-host backup for a Hyper-V cluster with CSV, make sure you deploy an off-host backup proxy on a host that is NOT a part of a Hyper-V cluster. When a volume snapshot is created, this snapshot has the same LUN signature as the original volume. Microsoft Cluster Services do not support LUNs with duplicate signatures and partition layouts. For this reason, volume snapshots must be transported to an off-host backup proxy outside the cluster. If the off-host backup proxy is deployed on a node of a Hyper-V cluster, a duplicate LUN signature will be generated, and the cluster will fail during backup or replication.

D

is

Services and Components for Backup Proxy (VMware) and Offhost Backup proxy (Hyper-V)

or

The backup proxy uses the following services and components:

D

o

N

ot

D

up

lic

at

e

Veeam Installer Service is an auxiliary service that is installed and started on any Windows server once it is added to the list of managed servers in the Veeam Backup & Replication console. This service analyzes the system, installs and upgrades necessary components and services depending on the role selected for the server. Veeam Data Mover Service is responsible for deploying and coordinating executable modules that act as "data movers" and perform main job activities on behalf of Veeam Backup & Replication, such as communicating with VMware Tools, copying VM files, performing data deduplication and compression and so on. It is installed and started on any Windows server once it is added to the list of managed servers in the Veeam Backup & Replication console as well. Veeam Hyper-V Integration Service (Hyper-V only) is responsible for communicating with the VSS framework during backup, replication and other jobs, and performing recovery tasks. It also deploys a driver that handles changed block tracking for Hyper-V.

22

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

e

or

D

is

tr

ib ut e

Module 2: Deployment

lic

at

Both Veeam Data Mover Service and Veeam Installer Service are always present at the Windows server added to the Veeam Backup & Replication UI. Some other services may also be there, depending on the role which this server is configured for.

up

2.1.4. Backup Repository

D

A backup repository is a location used by Veeam Backup & Replication jobs to store:

ot

Backup chains Copies of VMs (VMware only) Metadata for replicated VMs

o

N

Technically, a backup repository is a folder on the backup storage. By assigning different repositories to jobs and limiting the number of parallel jobs for each one, you can balance the load across your backup infrastructure.

D

In the Veeam backup infrastructure, you can use one of the following repository types: Windows server with local or directly attached storage. The storage can be a local disk, directly attached disk-based storage (such as a USB hard drive), or iSCSI/FC SAN LUN in case the server is connected into the SAN fabric. On a Windows repository, Veeam Backup & Replication deploys Veeam Data Mover Service (when you add a Windows-based server to the product console, Veeam Backup & Replication installs a set of components including the Veeam data mover service on that server). When any

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

23

Module 2: Deployment

job addresses the repository, the Data Mover Service on the repository establishes a connection with the source-side Data Mover Service on the backup proxy, enabling efficient data transfer over LAN or WAN.

ib ut e

Windows repositories can be configured to function as vPower NFS Servers (VMware only). In this case, Veeam Backup & Replication will run the Veeam vPower NFS Service directly on the backup repository (namely, on the managing Windows server to which storage is attached) and provide ESX(i) hosts with transparent access to backed up VM images stored on the repository. Linux server with local, directly attached storage or mounted NFS. The storage can be a local disk, directly attached disk-based storage (such as a USB hard drive), NFS share, or iSCSI/FC SAN LUN in case the server is connected into the SAN fabric.

is

tr

On the Linux repository, Veeam Backup & Replication deploys and starts the Veeam data mover (transport) service when a job addressing this repository is launched. This Data Mover Service establishes a connection with the source-side Data Mover Service on the backup proxy, enabling efficient data transfer over LAN or WAN.

or

D

CIFS (SMB) share. This type of repository does not support Veeam data mover services, therefore data to the SMB share is written from a Windows-based gateway server. By default, this role is performed by the Backup Proxy that is utilized by the job for data transport.

at

e

However, if you plan to move VM data to an offsite SMB repository over a WAN link, it is recommended that you deploy an additional Windows gateway server in the remote site, closer to the SMB repository.

lic

Veeam Backup & Replication will deploy a Veeam data mover service on that proxy server, which will improve data transfer performance.

ot

D

up

Deduplicating storage appliance. Veeam Backup & Replication supports the following deduplicating storage appliances: EMC Data Domain ExaGrid HPE StoreOnce

D

o

N

Note: You can configure a backup repository to use rotated drives. This scenario can be helpful if you want to store backups on several external hard drives (for example, USB or eSATA) and plan to regularly swap these drives between different locations. If you are using rotated drives for a backup repository, select the This repository is backed up by rotated hard drives check box when setting up a job.

Fast Clone To increase the speed of synthetic operations on Microsoft Windows backup repositories, Veeam Backup & Replication uses the Fast Clone technology based on Block Cloning. Block Cloning is Microsoft functionality available on ReFS 3.0. Block Cloning allows applications to quickly copy data blocks between different files or within the limits of one file. When an application needs to copy data, the file system does not physically copy data on the underlying storage. Instead, 24

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 2: Deployment

it performs a low-cost metadata operation — it ‘projects’ data blocks from one region on the ReFS volume to another one. Block Cloning increases data copying performance as the file system does not need to read/write data from/to the underlying storage. It also helps reduce the amount of redundant data. Backup Repository Configuration

ib ut e

Important! Veeam Backup & Replication supports Fast Clone on all types of backup repositories: simple, scale-out and cloud.

is

tr

Fast Clone works on backup repositories that meet the following requirements: Backup repository type: Microsoft Windows 2016 Server or shared folder SMB 3.11 File system: ReFS 3.0 Backup chain: all backup files are stored on the same volume

or

D

To configure a backup repository with Fast Clone support, you must assign the role of a backup repository to a Microsoft Windows 2016 Server or shared folder SMB 3.11. Veeam Backup & Replication automatically detects if the server or shared folder meets the specified requirements and if Fast Clone can be used for work with data stored on this backup repository.

D

o

N

ot

D

up

lic

at

e

Fast Clone requires that the starting and ending file offsets are aligned to cluster boundaries. For this reason, Veeam Backup & Replication automatically enables the Align backup file data blocks option for backup repositories that support Fast Clone. Data blocks are aligned at a 4KB or 64 KB block boundary, depending on the volume configuration.

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

25

Module 2: Deployment

Tip: By default, Veeam Backup & Replication uses Fast Clone for all backup repositories that meet the specified requirements. You can disable this option with a registry key. For more information, contact Veeam Support Team. Operations with Block Cloning

ib ut e

Veeam Backup & Replication leverages Fast Clone for the following synthetic operations: In backup jobs:

tr

Merge of backup files Synthetic full backup Reverse incremental backup Compact of full backup file

D

or

Merge of backup files Creation of archive full backups (synthetic method) Compact of full backup file

is

In backup copy job:

D

o

N

ot

D

up

lic

at

e

When Veeam Backup & Replication performs a synthetic operation with Fast Clone, it reports this information to the session details for this operation:

26

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 2: Deployment

Limitations for Fast Clone/Block Cloning

ib ut e

Veeam Backup & Replication does not use Fast Clone for backup repositories configured with previous versions of the product. After upgrade, such backup repositories will work as backup repositories without Fast Clone support. To leverage Fast Clone, you need to remove such backup repositories from the backup infrastructure and add them once again. Fast Clone requires that source and destination files are stored on the same ReFS volume. If you add a backup repository with Fast Clone support as an extent to a scale-out backup repository, make sure that you enable the Data Locality placement policy for this scale-out backup repository. If backup files are stored on different extents, Fast Clone will not be used.

Offsite backup

D

up

lic

at

e

or

D

is

tr

The common requirement for offsite backup is that one Veeam data mover service runs in the production site (closer to the source datastore), and the other Veeam data mover service runs in the remote target site (closer to the repository). During backup, Veeam data mover services maintain a stable connection, which allows for uninterrupted operation over WAN or slow links.

N

ot

If you choose to backup to an offsite Windows or Linux repository, Veeam Backup & Replication will start the target-side Veeam data mover service on the Windows or Linux repository server. The source-side Veeam data mover service can be hosted either on the source host or on a dedicated offhost backup proxy, depending on the backup mode you use (on-host or off-host). Backup data is sent from the source to the repository over WAN.

D

o

If you choose to backup to an offsite SMB share in the on-host mode, you should deploy an additional Windows-based proxying server in the remote site and point the SMB share to this proxying server in the backup repository settings. In this scenario, Veeam Backup & Replication starts the target-side Veeam data mover service on the proxying server. The source-side Veeam data mover service can be hosted either on the source host or on a dedicated off-host backup proxy in the source site, depending on the backup mode you use (on-host or off-host). If you choose to backup to an on-site or off-site NFS share, you should deploy an additional Linuxbased Backup Repository, as close as possible to the NFS share, and mount the NFS share on this Linux-based server.

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

27

is

tr

ib ut e

Module 2: Deployment

D

Scale-Out Backup Repository

e

or

Prior to Veeam Backup & Replication version 9, each backup repository used a single dedicated container to store data. This approach led to constraints for configuring bigger backup jobs (e.g., for vCenter backup) due to limited physical capacity. V9 introduces a new logical entity – extendable, or scale-out backup repository. It embraces several repositories (extents), summarizing their capacity and offering flexible options for keeping massive backups.

lic

at

An extent is a standard Veeam backup repository of any supported type (except for cloud) which was added to the scale-out repository. You can use the scale-out backup repository for the following types of jobs and tasks:

D

up

Backup jobs. Backup copy jobs. You can copy backups that reside on scale-out backup repositories and store backup copies on scale-out backup repositories. VeeamZIP tasks.

o

N

ot

Backup files stored on the scale-out repository can be used for all types of restores, replication from backup and backup copy jobs. You can verify such backups with SureBackup jobs. The scale-out backup repository can be used as a staging backup repository for restore from tape media. Files restored from the tape media are placed to the extents according to data placement policy configured for the scale-out backup repository

D

The following backup files placement policies are available: Data locality - all dependent backup files are placed on the same extent. For example, all VIBs are where possible placed together with their corresponding VBK. Built-in logic determines where the first VBK will be placed, based on several criteria: extent status (online\offline), free space and number of slots. When job processing starts, extent scheduler requests free space from the extents, and then estimates the required space to store the backup – it assumes that VBK will become avg. 50% less, and VIB will be 10% less (due to compression). The Data locality policy does not put any limitations to backup chains. A new backup chain may be stored

28

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 2: Deployment

D

is

tr

ib ut e

on the same extent or another extent. For example, if you create an active full backup, Veeam Backup & Replication may store the full backup file to another extent, and all dependent incremental backup files will be stored together with this full backup file. However, if you use a deduplicating storage appliance as an extent to the scale-out backup repository, Veeam Backup & Replication will attempt to place a new full backup to the extent where the full backup from the previous backup chain resides. Such behavior will help increase the data deduplication ratio. Performance - can improve performance of transform operations if you use raw data devices as extents. When Veeam Backup & Replication performs transform operations, it needs to access a number of backup files on the backup repository. If these files are located on different storage devices, the I/O load on the devices hosting backup files will be lower. If you set the Performance policy, you must make sure that the network connection between extents is fast and reliable. You must also make sure all extents are online when the backup job, backup copy job or a restore task starts. If any extent hosting backup files in the current backup chain is not available, the backup chain will be broken, and Veeam Backup & Replication will not be able to complete the task. To avoid data loss in this situation, you can enable the Perform full backup when required extent is offline option for the scale-out backup repository. With this option enabled, Veeam Backup & Replication will create a full backup instead of incremental backup if some files are missing from the backup chain.

e

or

If you decide to change the policy settings, consider that the new options will be applied starting from the next job run. Similarly, extent settings you specified on the previous step (in particular, per-VM files placement) will be updated starting from the next full backup creation.

at

To discover the extent where a particular VM data was stored, examine job session data.

up

lic

Important! After you add an extent, you will not be able to use it as a standalone repository until you remove it from the scale-out repository.

ot

D

You can remove an extent from scale-out repository by selecting the required scale-out repository and clicking Edit Repository on the toolbar or using the Properties command from the shortcut menu. After that, you can choose to keep the backups in the extent after it becomes a standalone repository or manually evacuate them. When planning for a scale-out repository, consider the following limitations:

D

o

N

The scale-out backup repository functionality is available only in Enterprise and Enterprise Plus editions of Veeam Backup & Replication. If you configure a scale-out backup repository and then downgrade to the Standard license, you will not be able to run jobs targeted at the scale-out backup repository. However, you will be able to perform restore from the scale-out backup repository. You cannot use the scale-out backup repository as a target for the following types of jobs: Configuration backup job Replication jobs VM copy jobs Endpoint backup jobs You cannot add a backup repository as an extent to the scale-out backup repository if any job of unsupported type is targeted at this backup repository or if the backup repository contains data produced by jobs of unsupported types (for example, replica metadata). To add such

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

29

Module 2: Deployment

e

or

D

is

tr

ib ut e

backup repository as an extent, you must first target unsupported jobs to another backup repository and remove the job data from the backup repository. You cannot use a scale-out backup repository as a cloud repository. You cannot add a cloud repository as an extent to the scale-out backup repository. You cannot use a backup repository with rotated drives as an extent to a scale-out backup repository. Even you enable the This repository is backed up by rotated hard drives setting for an extent, Veeam Backup & Replication will ignore this setting and use an extent as a simple backup repository. If a backup repository is added as an extent to the scale-out backup repository, you cannot use it as a regular backup repository. You cannot add a scale-out backup repository as an extent to another scale-out backup repository. You cannot add a backup repository as an extent if this backup repository is already added as an extent to another scale-out backup repository. You cannot add a backup repository on which some activity is being performed (for example, a backup job or restore task) as an extent to the scale-out backup repository. If you use Enterprise Edition of Veeam Backup & Replication, you can create 1 scale-out backup repository with 3 active extents and 1 inactive extent (extent put at the Maintenance mode). You can add inactive extents, for example, if any of active extents has no free space, and you want to evacuate backup data from it. If you add 4 extents and do not put any of them to the Maintenance mode, the jobs targeted at the scale-out backup repository will fail. Enterprise Plus Edition has no limitations on the number of scale-out backup repositories or extents.

lic

at

Mount Server

up

The mount server is required if you perform restore VM guest OS files and application items to the original location. The mount server lets you route VM traffic by an optimal way, reduce load on the network and speed up the restore process.

ot

D

When you perform file-level restore or application item restore, Veeam Backup & Replication needs to mount the content of the backup file to a staging server. The staging server must be located in the same site as the backup repository where backup files are stored. If the staging server is located in some other site, Veeam Backup & Replication may route data traffic in a non-optimal way.

D

o

N

To prevent VM data from traveling between sites, Veeam Backup & Replication uses the mount server. The mount server acts as a "mount point" for backups in the backup repository. When you restore files or application items to the original location, Veeam Backup & Replication mounts the content of the backup file to the mount server (or the original VM for restore to the Microsoft SQL Server and Oracle VMs) and copies files or items to their destination via this mount server or VM. Mount Server Deployment The mount server is created for every backup repository and associated with it. When you configure a backup repository, you define which server you want to use as a mount server for this backup repository. By default, Veeam Backup & Replication assigns the mount server role to the following machines: Backup repository. For Microsoft Windows backup repositories, the mount server role is

30

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 2: Deployment

assigned to the backup repository server itself. Backup server. For Linux, shared folder backup repositories and deduplicating storage appliances, the mount server role is assigned to the backup server. Veeam Backup & Replication console. The mount server role is also assigned to a machine on which the Veeam Backup & Replication console is installed. Note that this type of mount server is not registered in the Veeam Backup & Replication configuration database.

ib ut e

For scale-out backup repositories, you must define the mount server for every extent.

up

lic

at

e

or

D

is

tr

If you do not want to use default mount servers, you can assign the mount server role to any Microsoft Windows machine in the backup infrastructure. It is recommended that you configure at least one mount server in each site and associate this mount server with the backup repository residing in this site. The mount server and backup repository must be located as close to each other as possible. In this case, you will be able to keep the VM traffic in one site.

Services and Components

ot

D

On the mount server machine, Veeam Backup & Replication installs the Veeam Mount Service. The Veeam Mount Service requires .NET 4.5.2. If .NET 4.5.2 is not installed on the machine, Veeam Backup & Replication will install it automatically.

N

Requirements to Mount Server

D

o

The machine to which you assign the mount server role must meet the following requirements: You can assign the role of a mount server to Microsoft Windows machines (physical or virtual). You can assign the role of a mount server to 64-bit machines only. The mount server must have access to the backup repository with which it is associated and to the original VM (VM to which you restore files or application items). For restore from storage snapshots, the mount server must also have access to the ESX(i) host on which the temporary VM is registered.

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

31

Module 2: Deployment

Proxy Affinity By default, Veeam Backup & Replication assigns backup proxies and repositories for jobs or tasks independently of each other. If you need to bind backup proxies to specific backup repositories and use them together, you can define proxy affinity settings. Proxy affinity determines what backup proxies are eligible to access a specific backup repository and read/write data from/to this backup repository.

o

N

ot

D

up

lic

at

e

or

D

is

tr

ib ut e

Proxy affinity lets you control assignment of resources in the backup infrastructure and reduce administration overhead. For example, in case of a geographically distributed infrastructure, you can restrict a backup repository in the local site from communicating with backup proxies in a remote site or you can configure proxy affinity rules based on a connection speed between backup proxies and backup repositories. Proxy affinity settings are specified at the level of a backup repository. By default, Veeam Backup & Replication let's all backup proxies in the backup infrastructure access the backup repository. Using proxy affinity settings, you can define a list of backup proxies that can access this backup repository.

D

Proxy affinity can be set up for the following types of backup repositories: Simple backup repositories Scale-out backup repositories Cloud repositories (proxy affinity settings are configured on the tenant side)

Proxy affinity rules are applied for the following types of jobs and tasks that engage backup proxies and repositories: Backup jobs, including VMware vCloud backup and backup jobs from storage snapshots on 32

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 2: Deployment

primary and target storage arrays VeeamZIP VM copy Entire VM restore Hard disk restore

ib ut e

Note: Proxy affinity rules are not applied for replication jobs.

tr

Proxy affinity rules are not restrictive. You can think of affinity rules as a priority list. If backup proxies from the proxy affinity list cannot be used for some reason, for example, these backup proxies are inaccessible, Veeam Backup & Replication automatically fails over to the regular processing mode. It displays a warning in the job or task session and picks the most appropriate backup proxy from the list of proxies selected for the job or task.

or

D

is

When you target a job at a backup repository for which proxy affinity settings are configured, you must make sure that you assign a backup proxy from the proxy affinity list for job or task processing. If you assign a backup proxy that is not bound to this backup repository, Veeam Backup & Replication will display a warning. For job processing, Veeam Backup & Replication will use the backup proxy that you define in the job settings, which may result in degraded job performance. Proxy Affinity for Scale-Out Backup Repositories

up

lic

at

e

In case of a scale-out backup repository, you can configure proxy affinity settings at the extent level. Proxy affinity settings cannot be configured at the scale-out backup repository level. Extent selection rules have a higher priority than proxy affinity rules. Veeam Backup & Replication first selects an extent and then picks a backup proxy according to the proxy affinity rules specified for this extent. For example, you have 2 backup proxies: Backup Proxy 1 and Backup Proxy 2. You create a backup job and target it at a scale-out backup repository configured in the following way:

D

Scale-out backup repository policy is set to Data Locality. Scale-out backup repository has 2 extents: Extent 1 has 100 GB of free space and is bound to Backup Proxy 1; Extent 2 has 1 TB of free space and is bound to Backup Proxy 2.

N

ot

In the backup job settings, you define that Backup Proxy 1 must be used for job processing. When you run the backup job, Veeam Backup & Replication will store backup files to Extent 2 since it has more free space. For job processing, it will pick Backup Proxy 1 and in the job statistics will report a warning that requirements of proxy affinity rules cannot be met.

D

o

In case of restore from a scale-out backup repository, backup files may be located on different extents. In this case, Veeam Backup & Replication picks a backup proxy according to the following priority rules (starting from the most preferable one): 1. Backup proxy is added to the affinity list for all extents. 2. Backup proxy is added to the affinity list for the extent where the full backup file is stored. 3. Backup proxy is added to the affinity list for at least one extent.

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

33

Module 2: Deployment

2.2. Optional Components This topic defines some of the additional components of Veeam Backup & Replication and gives you an understanding of their functionality.

ib ut e

2.2.1. Veeam Backup Enterprise Manager

is

tr

Veeam Backup Enterprise Manager is an optional component intended for distributed enterprise environments with multiple backup servers. Veeam Backup Enterprise Manager federates Veeam backup servers and offers a consolidated view of these servers through a web browser interface. You can centrally control and manage all jobs through a “single pane of glass", edit and clone jobs, monitor job state, and get reporting data across all backup servers. Veeam Backup Enterprise Manager also enables you to search for the OS files in all current and archived backups across your backup infrastructure, and restore these files in one click.

D

Veeam Backup Enterprise Manager can be installed on a physical or virtual machine. You can deploy it on the Veeam backup server or use a dedicated machine.

or

Veeam Backup Enterprise Manager uses the following services and components:

N

ot

D

up

lic

at

e

Veeam Backup Enterprise Manager coordinates all operations of Veeam Backup Enterprise Manager, aggregates data from multiple Veeam backup servers and provides control over these servers. Veeam Enterprise Manager Database is used by Veeam Backup Enterprise Manager for storing data. The database instance can be located on an SQL Server installed either locally (on the same machine as Veeam Backup Enterprise Manager Server) or remotely. Veeam Backup Catalog Service on Veeam Backup Enterprise Manager works as a global, federal catalog service. It communicates with Veeam Backup Catalog services on Veeam backup servers connected to Veeam Backup Enterprise Manager and performs the following tasks: Replicates indexing data from Veeam backup servers to create a global catalog for the whole backup infrastructure. By default, the Veeam Backup Catalog folder is located in the C:\VBRCatalog folder on the Veeam Backup Enterprise Manager server. Maintains indexing data retention. Lets you search for VM guest OS files in current and archived backup file.

o

2.2.2. U-AIR Wizard

D

Universal Application Item-Level Recovery (or U-AIR) addresses one of the most common IT problem – it enables you to restore individual objects from virtualized applications (for example, email messages, database records, directory objects and so on) for rare applications – when there is no suitable Veeam Explorer. For recovery of application objects, U-AIR leverages the vPower technology. It starts the application and all components required for its proper work in an isolated virtual lab directly from compressed and deduplicated backup files. Once the VM is started, U-AIR provides transparent access to the backed up VM image through a proxy appliance that has visibility of both the virtual lab and production environment. Users can then extract the necessary application objects from the earlier VM images 34

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 2: Deployment

and bring them back to the production environment. U-AIR Universal wizard is a standalone component that can be installed and updated independent of the product on any machine in the production environment from which the restore process must be performed.

2.2.3. Veeam Backup Search

ib ut e

In Veeam Backup & Replication, search for guest OS files in backups is performed with Veeam Backup Enterprise Manager. However, if you frequently need to search through a great number of backups, it is recommended to install Veeam Backup Search from the installation package on a machine running Microsoft Search Server. Veeam Backup Search is an optional component in the backup infrastructure that is used for the purpose of search performance optimization.

D

is

tr

The Veeam Backup Search server runs the MOSS Integration Service that invokes updates of index databases on Microsoft Search Server. The service also sends search queries to Microsoft Search Server which processes them and returns necessary search results to Veeam Backup Enterprise Manager.

or

2.3. Deployment Scenarios

lic

at

e

Veeam Backup & Replication can be used in virtual environments of any size and complexity right out of the box. The architecture of the solution supports onsite and offsite data protection, operations across remote sites and geographically dispersed locations. Veeam Backup & Replication provides flexible scalability and easily adapts to the needs of your virtual environment.

up

Before installing Veeam Backup & Replication, it is strongly advised to familiarize yourself with common deployment scenarios and carefully plan your backup infrastructure layout.

D

2.3.1. Simple Deployment

ot

In a simple deployment scenario, one instance of Veeam Backup & Replication is installed on a physical or virtual Windows-based machine. This server is referred to as a Veeam backup server.

N

Simple deployment for VMware implies that the Veeam backup server fills the following roles:

D

o

It functions as a management point, coordinates all jobs, controls their scheduling and performs other administrative activities. It acts as the default backup proxy for handling job processing and transferring backup traffic. All components necessary for the backup proxy functionality are installed on the Veeam backup server locally. It is used as the default backup repository. During installation, Veeam Backup & Replication checks volumes of the machine on which you install the product and identifies a volume with the greatest amount of free disk space. In the root of this volume, Veeam Backup & Replication creates the Backup folder that is used as the default backup repository (for example X:\Backup). It is used as a mount server and guest interaction proxy.

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

35

is

tr

ib ut e

Module 2: Deployment

Simple deployment for Hyper-V implies that the Veeam backup server fills two major roles:

at

e

or

D

It functions as a management point, coordinates all jobs, controls their scheduling and performs other administrative activities. It is used as the default backup proxy. During installation, Veeam Backup & Replication checks volumes of the machine on which you install the product and identifies a volume with the greatest amount of free disk space. On this volume, Veeam Backup & Replication creates the Backup folder that is used as the default backup repository. It is used as a mount server and guest interaction proxy.

up

lic

In this scenario, source Hyper-V host acts as a backup proxy, handling job processing and transferring backup traffic directly to the target. All necessary backup proxy services are installed on source Hyper-V servers.

D

o

N

ot

D

If you decide to use a simple deployment scenario in the Hyper-V environment, you can install Veeam Backup & Replication right on the Hyper-V host where VMs you want to work with reside. However, to use this Hyper-V host as the source for backup and replication, you will still need to add it to the Veeam Backup & Replication console.

36

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 2: Deployment

If you plan to back up and replicate only a small number of VMs or evaluate Veeam Backup & Replication, this configuration is enough to get you started. Veeam Backup & Replication is ready for use right out of the box – as soon as it is installed, you can start using the solution to perform backup and replication operations. To balance the load of backing up and replicating your VMs, you can schedule jobs at different times.

ib ut e

In the environments that require a large number of backup or replication activities, the simple deployment scenario is not appropriate for the following reasons:

tr

The Veeam backup server might not have enough disk capacity to store the required amount of backup data. [For Microsoft Hyper-V environments] A significant load is placed on production servers that combine the roles of backup proxies and source hosts.

is

2.3.2. Advanced Deployment

Advanced Deployment for VMware

or

D

In large-scale virtual environments with a large number of jobs, the load on the backup server is heavy. In this case, it is recommended that you use the advanced deployment scenario that moves the backup workload to dedicated backup infrastructure components.

D

o

N

ot

D

up

lic

at

e

The essence of the advanced deployment is that the backup proxy takes off a part of Veeam backup server activities (namely, it collects and processes data and moves backup traffic from source to target). In addition, the Veeam backup server no longer acts as a storage location – the backup proxy transports VM data to a dedicated backup repository which is the location for keeping backup files, VM copies, metadata and so on. The Veeam backup server in this scenario functions as a "manager" for deploying and maintaining backup proxies and repositories.

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

37

or

D

is

tr

ib ut e

Module 2: Deployment

at

e

To deploy a backup proxy and/or a backup repository, you should add a server to Veeam Backup & Replication and assign a proxy and/or repository role to it. Veeam Backup & Replication will automatically install light-weight components and services onto these servers. A backup proxy does not require a separate SQL database – all settings are stored centrally, within the Veeam backup server’s SQL database.

D

up

lic

With the advanced deployment scenario, you can easily meet your current and future data protection requirements. You can expand your backup infrastructure horizontally in a matter of minutes to match the amount of data you want to process and available network throughput. Instead of growing the number of backup servers or constantly tuning job scheduling, you can install multiple backup proxies and repositories and distribute the backup workload among them. The installation process is fully automated, which simplifies deployment and maintenance of the backup infrastructure in your virtual environment.

o

N

ot

Veeam Backup & Replication assigns backup proxies to VMs included in the backup job one by one. Before processing a new VM in the VM list, Veeam Backup & Replication checks available backup proxies. If more than one backup proxy is available, Veeam Backup & Replication analyzes transport modes that the backup proxies can use to retrieve VM data and the current workload on the backup proxies to select the most appropriate one for VM processing.

D

The advanced deployment scenario can be a good choice for backing up and replicating off site. You can deploy a backup proxy in the production site and another one in the DR site, closer to the backup repository to avoid saturating the connection. When a job is performed, backup proxies on both sides establish a stable connection, allowing for efficient transport of data over a slow network connection or WAN.

Note: To regulate backup load, you can specify the maximum number of concurrent tasks per proxy and set up throttling rules to limit proxy bandwidth. The maximum number of concurrent 38

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 2: Deployment

tasks can also be specified for a backup repository in addition to the value of the read and write data rates for it. Another advantage of the advanced deployment scenario is that it contributes to high availability – jobs can migrate between proxies if one of them becomes overloaded or unavailable.

ib ut e

Advanced Deployment for Hyper-V For mid-size and large-scale Hyper-V environments with a great number of backup and replication jobs, the advanced deployment scenario can be a good choice.

tr

The advanced deployment includes the following components:

D

o

N

ot

D

up

lic

at

e

or

D

is

Virtual infrastructure servers — Hyper-V hosts used as source and target for backup and replication. Backups server — a configuration and control center of the backup infrastructure. Off-host backup proxy — a “data mover” component used to retrieve VM data from the source datastore, process it and deliver to the target. Backup repository — a location used to store backup files and auxiliary replica files. Dedicated mount servers — component required for VM guest OS files and application items restore to the original location. Dedicated guest interaction proxies — components used to deploy the runtime process in Microsoft Windows VMs.

With the advanced deployment scenario, you can expand your backup infrastructure horizontally in a matter of minutes to meet your data protection requirements. Instead of growing the number of backup servers or constantly tuning job scheduling, you can install multiple backup infrastructure components and distribute the backup workload among them. The installation process is fully Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

39

Module 2: Deployment

automated, which simplifies deployment and maintenance of the backup infrastructure in your virtual environment.

ib ut e

In virtual environments with several proxies, Veeam Backup & Replication dynamically distributes the backup traffic among these proxies. A job can be explicitly mapped to a specific proxy. Alternatively, you can let Veeam Backup & Replication choose an off-host backup proxy. In this case, Veeam Backup & Replication will check settings of available backup proxies and select the most appropriate one for the job. The backup proxy should have access to the source and target hosts, and to backup repositories to which files will be written.

tr

To regulate the backup load, you can specify the maximum number of concurrent tasks per backup proxy and set up throttling rules to limit the proxy bandwidth. For a backup repository, you can set the maximum number of concurrent tasks and define a combined data rate.

is

2.3.3. Distributed Deployment

N

ot

D

up

lic

at

e

or

D

The distributed deployment scenario is recommended for large, geographically dispersed virtual environments with multiple Veeam backup servers installed across different sites. These backup servers are federated under Veeam Backup Enterprise Manager – an optional component that provides centralized management and reporting for these servers through a web interface.

D

o

Veeam Backup Enterprise Manager collects data from Veeam backup servers and enables you to run backup and replication jobs across the entire backup infrastructure through a “single pane of glass", edit them, and clone jobs using a single job as a template. Using indexing data consolidated on one server, Veeam Backup Enterprise Manager provides advanced capabilities to search for guest OS files of Windows-based VM backups created on all Veeam backup servers (even if they are stored in repositories on different sites), and recover them in a single click. With flexible delegation options and security roles, IT administrators can delegate the necessary file restore or VM restore rights to authorized personnel in the organization – for example, allow database administrators to restore Oracle or SQL server VMs.

40

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 2: Deployment

If you use Veeam Backup Enterprise Manager in your backup infrastructure, you do not need to install licenses on every Veeam backup server you deploy. Instead, you can install one license on the Veeam Backup Enterprise Manager server and it will be applied to all servers across your backup infrastructure. This approach simplifies tracking license usage and license updates across multiple Veeam backup servers.

ib ut e

In addition, VMware administrators will benefit from Veeam’s plug-in for vSphere Web Client that can be installed using Veeam Backup Enterprise Manager setup. They can analyze cumulative information on used and available storage space view and statistics on processed VMs, review success, warning, and failure counts for all jobs, easily identify unprotected VMs, and perform capacity planning for repositories, all directly from vSphere.

tr

2.3.4. Distributed Architecture

D

is

Veeam Backup & Replication provides enterprise scalability through the distributed architecture and automatic intelligent load balancing.

or

Distributed Architecture

Distributing backup processing across multiple proxy servers and repositories:

up

lic

at

e

Makes it easier for you to scale your Backup & Replication deployment Enables you to achieve higher availability and redundancy: if a proxy goes down, another one can still complete the task – no more single point of failure Reduces the impact from backups on the production infrastructure through intelligent load balancing Dramatically simplifies job scheduling (by automatically controlling the desired tasks concurrency) Controls backup storage saturation (for when the backup storage is too slow)

ot

D

With automatic intelligent load balancing, Veeam Backup & Replication picks the best proxy server (best in terms of connectivity to VM data, as well as least loaded with other tasks) to perform the backup for a VM each time the job runs.

D

o

N

Built-in mechanisms of resource scheduling enable Veeam Backup & Replication to automatically select and use optimal resources to run configured jobs. Resource scheduling is performed by the Veeam Backup Service running on the Veeam backup server. When a job starts, it communicates with the service to inform it about the resources it needs. The service analyzes job settings, parameters specified for backup infrastructure components, current load on the components, and automatically allocates optimal resources to the job.

Enabling Parallel Processing

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

41

at

e

or

D

is

tr

ib ut e

Module 2: Deployment

up

lic

Multiple VMs and VM disks can be processed in parallel, optimizing your backup infrastructure performance and increasing the efficiency of resource usage; each data processing task within a job requires one CPU core – consider this value when configuring job settings.

ot

D

Note: This is a global setting, so if configured, it will take effect for all backup, backup copy, replication jobs, and restore tasks — entire VM restore and VM disks restore. If you have parallel processing enabled and several proxies/repositories in the infrastructure, you can:

D

o

N

Distribute backup processing across multiple proxy servers to make it easier for you to scale your Backup & Replication deployment Achieve higher availability and redundancy: if a proxy goes down, another one can still complete the task – no more single point of failure Reduce the impact from backups on the production infrastructure through intelligent load balancing Dramatically simplify job scheduling (by automatically controlling the desired tasks concurrency) Control backup storage saturation (for when the backup storage is too slow)

42

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 2: Deployment

2.4. Prerequisites & System Requirements Before you begin the installation process, take the following steps to prepare for deployment: Check Item

Description Make sure the computer on which Veeam Backup & Replication is to be installed meets the system requirements

Account permissions

Make sure all accounts you will be using have sufficient permissions. You will not be able to use Veeam Backup & Replication successfully if the accounts do not have required permissions.

Ports

Communication between components requires a number of ports to be open. Carefully plan your backup strategy and infrastructure layout.

is

tr

ib ut e

Platform-specific and system requirements

D

Also, note the following:

lic

2.4.1. Requirements

at

e

or

1. Veeam Backup & Replication requires .NET Framework 4.5.2. If it is not available, the Veeam Backup & Replication setup will install it on your computer. 2. Veeam Backup & Replication uses an SQL Server instance installed either locally or remotely. In case it is not installed, the Veeam Backup & Replication setup will install Microsoft SQL Server 2012 SP3 Express on your computer. If a Microsoft SQL Server instance has already been installed by the previous version, Veeam Backup & Replication will connect to the existing database, upgrade it (if necessary) and use it for work.

D

up

This section covers the list of system requirements for VMware vSphere and Microsoft Hyper-V environments, Veeam Backup & Replication console, virtual machines and backup targets, necessary rights and permissions, as well provides information on ports used by Veeam Backup & Replication.

N

ot

Important! Pay attention on whether the architecture at the machine you are planning use for using for a particular role in your backup infrastructure is 64 or 32-bit. The following components require 64-bit version of the operation system ONLY:

D

o

Veeam backup server WAN Accelerator Veeam Explorers

2.4.2. Platform Support Veeam Backup & Replication provides full support for the VMware vSphere and Hyper-V virtualization platform.

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

43

Module 2: Deployment

Virtual Infrastructure Specification

VMware Requirement

Hyper-V Requirement - Windows Server 2016 - Windows Server 2012 R2 - Windows Server 2012 - Windows Server 2008 R2 SP1

ib ut e

- vSphere 6.x - vSphere 5.x - vSphere 4.1

- Windows Nano Server (with Microsoft Hyper-V role installed) - Windows Server Hyper-V 2016 - Windows Server Hyper-V 2012 R2 - Windows Server Hyper-V 2012 - Windows Server Hyper-V 2008 R2 SP1 - Microsoft Hyper-V Server (free hypervisor) is supported Depending on your Windows Server version, some additional hot fixes not included in the Windows Update must be installed. Please refer to KB1838 for more information.

or

D

is

tr

Platform

e

- ESXi 6.x - ESXi 5.x - ESX(i) 4.1 Free ESXi is not supported. Veeam Backup & Replication leverages vSphere and vStorage APIs that are disabled by VMware in free ESXi.

D

o

N

ot

D

up

lic

at

Hypervisor

44

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 2: Deployment

Hyper-V Requirement - Microsoft PowerShell Engine 2.0 (optional, enables networkless guest processing) - Microsoft System Center Virtual Machine Manager 2016 (optional) - Microsoft System Center Virtual Machine Manager 2012 R2 (optional) - Microsoft System Center Virtual Machine Manager 2012 SP1 (optional) - Microsoft System Center Virtual Machine Manager 2008 R2 SP1 (optional)

- vCenter Server 6.x - vCenter Server 5.x - vCenter Server 4.1

e

or

D

is

tr

Management Server (optional)

VMware Requirement

ib ut e

Specification

D

o

N

ot

D

up

lic

at

Important! Please note free ESXi is not supported by Veeam Backup & Replication due to the technical limitation: host?level snapshot backups are not supported with free ESXi.

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

45

Module 2: Deployment

Virtual Machines

- All types and versions of virtual hardware are supported, including 62 TB VMDK. - Virtual machines with disks engaged in SCSI bus sharing are not supported, because VMware does not support snapshotting such VMs. - RDM virtual disks in physical mode, independent disks, and disks connected via in-guest iSCSI initiator are not supported, and are skipped from processing automatically. Network shares and mount points targeted to 3rd party storage devices are also skipped as these volumes/disks are not visible in the VM configuration file.

- Supported virtual hardware versions are 5.0 and 8.0 (Hyper-V 2016). - Both Generation 1 and 2 virtual machines are supported, including 64 TB VHDX disks. - [For Microsoft Hyper-V 2016 Server VMs] Processing of VMs with pass-through virtual disks and disks connected via in-guest iSCSI initiator is not supported. Veeam Backup & Replication cannot create checkpoints for such VMs. [For Microsoft Hyper-V 2012 R2 server and earlier VMs] Pass-through virtual disks and disks connected via in-guest iSCSI initiator are not supported, and are skipped from processing automatically.

D

is

tr

ib ut e

Hyper-V Requirement

e

Hardware

VMware Requirement

or

Specification

lic

at

- All operating systems supported by Hyper-V. - Application-aware processing is supported for Microsoft Windows 2003 SP2 and later except Nano Server, due to the absence of VSS framework. - Microsoft Windows file-level restore option is supported on NTFS, FAT, FAT32 and ReFS file systems (ReFS is supported only if Veeam Backup & Replication is installed on Microsoft Windows Server 2012 and later). To restore files from non-Microsoft Windows guests (Linux, Solaris, BSD, Novell OES), use the Multi-OS File Level Restore wizard.

up

- All operating systems supported by VMware. - Application-aware processing for Microsoft Windows 2003 SP1 and later except Nano Server, due to the absence of VSS framework.

D

o

N

ot

D

OS

Software

46

- VMware Tools (optional, recommended). VMware Tools are required for the following operations: application-aware processing, file-level restore from Microsoft Windows guest OS and SureBackup testing functions. - All latest OS service packs and patches (required for application-aware processing).

Hyper-V integration components (required for application-aware processing)

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 2: Deployment

vCloud Director Specification

Requirement

vCloud Director (optional)

vCloud Director 5.5, 5.6, 8.0, 8.10, 8.20

ib ut e

2.4.3. System Requirements Make sure that servers on which you plan to deploy backup infrastructure components meet the following system requirements:

VMware Requirement

Hyper-V Requirement

is

Specification

tr

Veeam Backup Server

OS

Only 64-bit version of the following operating systems are supported: - Microsoft Windows Server 2016 - Microsoft Windows Server 2012 R2 - Microsoft Windows Server 2012 - Microsoft Windows Server 2008 R2 SP1 - Microsoft Windows Server 2008 SP2 - Microsoft Windows 10 - Microsoft Windows 8.x - Microsoft Windows 7 SP1

D

o

N

ot

D

up

lic

at

e

or

D

Hardware

CPU: x86-64 processor. Memory: 4 GB RAM plus 500 MB RAM for each concurrent job. Additionally, for users with tape installations (for file to tape jobs processing more than 1,000,000 files): - 1,5 GB RAM for file to tape backup for each 1,000,000 files - 2,6 GB RAM for file restore for each 1,000,000 files - 1,3 GB RAM for catalog jobs for each 1,000,000 files Disk Space: 2 GB for product installation and 4.5 GB for Microsoft .NET Framework 4.5.2 installation. 10 GB per 100 VM for guest file system catalog folder (persistent data). Additional free disk space for Instant VM Recovery cache folder (non-persistent data, at least 10 GB recommended). Network: 1 Gbps or faster for on-site backup and replication, and 1 Mbps or faster for offsite backup and replication. High latency and reasonably unstable WAN links are supported.

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

47

Module 2: Deployment

Hyper-V Requirement

Software

During setup, the setup performs system configuration check to determine if all prerequisite software is available on the machine where you plan to install Veeam Backup & Replication. If some of the required software components are missing, the setup wizard will offer you to install missing software automatically. This refers to: - Microsoft .NET Framework 4.5.2 - Microsoft Windows Installer 4.5 - Microsoft SQL Server Management Objects - Microsoft SQL Server System CLR Types - Microsoft Visual C++ 2010 Service Pack 1 redistributable package The following software must be installed manually: - Microsoft PowerShell 2.0 or later (optional). - Firefox, Google Chrome, Microsoft Edge or Microsoft Internet Explorer 10.0 or later.

During setup, the setup performs system configuration check to determine if all prerequisite software is available on the machine where you plan to install Veeam Backup & Replication. If some of the required software components are missing, the setup wizard will offer you to install missing software automatically. This refers to: - Microsoft .NET Framework 4.5.2 - Microsoft Windows Installer 4.5 - Microsoft SQL Server Management Objects - Microsoft SQL Server System CLR Types - Microsoft Visual C++ 2010 Service Pack 1 redistributable package The following software must be installed manually: - Microsoft PowerShell 2.0 or later (optional). - Firefox, Google Chrome, Microsoft Edge or Microsoft Internet Explorer 10.0 or later. - System Center Virtual Machine Manager 2016/2012 R2/2012/2008 R2 Admin UI (optional, to be able to register SCVMM server with Veeam Backup & Replication infrastructure). - RDP client version 7.0 and later installed on the backup server (required to open the VM console during SureBackup recovery verification of Microsoft Hyper-VVMs). The RDP client is preinstalled on Microsoft Windows 7/Windows Server 2008 R2 OS and later. You can download the RDP client from http://support.microsoft.com/kb/969084/en-us.

SQL Database

Local or remote installation of the following versions of Microsoft SQL Server (both Full and Express Editions are supported): - Microsoft SQL Server 2016 - Microsoft SQL Server 2014 - Microsoft SQL Server 2012 (Microsoft SQL Server 2012 SP3 Express Edition is included in the setup) - Microsoft SQL Server 2008 R2 - Microsoft SQL Server 2008 Veeam Backup & Replication and Veeam Backup Enterprise Manager configuration databases can be deployed on Microsoft SQL AlwaysOn Availability Groups. To do this, you must modify a database connection registry key on the Veeam Backup & Replication or Veeam Backup Enterprise Manager server. For more information about the registry key, contact Veeam Support Team.

or

D

is

tr

ib ut e

VMware Requirement

D

o

N

ot

D

up

lic

at

e

Specification

Note: If you plan to back up VMs running Microsoft Windows Server 2012 R2 or later and Data Deduplication is enabled for some of VM volumes, it is recommended to deploy the Veeam Backup & Replication console on a machine running the same version of Microsoft Windows Server with Data Deduplication feature enabled. Otherwise, certain types of restore operations for these VMs (such as Windows File Level Recovery) may fail.

48

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 2: Deployment

Backup Proxy Specification

VMware Backup Proxy Requirement

Off-host Backup Proxy Requirement

OS

Both 32-bit and 64-bit versions of the following operating systems are supported: - Microsoft Windows Server 2016 - Microsoft Windows Server 2012 R2 - Microsoft Windows Server 2012 - Microsoft Windows Server 2008 R2 SP1 - Microsoft Windows Server 2008 SP2 - Microsoft Windows 10 - Microsoft Windows 8.x - Microsoft Windows 7 SP1 - Microsoft Windows Vista SP2

tr

ib ut e

Hardware

CPU: modern x86 processor with minimum of 2 cores (vCPUs), plus 1 core (vCPU) for each additional concurrent task. Using faster processors improves data processing performance. Memory: 2 GB RAM plus 200 MB for each concurrent task. Using faster memory (DDR3/DDR4) improves data processing performance. Disk Space: 300 MB. Network: 1 Gbps or faster for on-site backup and replication, and 1 Mbps or faster for off-site backup and replication. High latency and reasonably unstable WAN links are supported.

lic

at

e

or

D

is

- Microsoft Windows Server 2016 with Hyper-V role enabled - Microsoft Windows Server 2012 R2 with Hyper-V role enabled - Microsoft Windows Server 2012 with Hyper-V role enabled - Microsoft Windows Server 2008 R2 SP1 with Hyper-V role enabled

D

up

Important! To protect VMware VMs running on ESXi 5.5 or later, you must deploy backup proxies on machines running a 64-bit version of Microsoft Windows. VDDK 5.5 or later does not support 32-bit versions of Microsoft Windows.

ot

Backup Repository

N

Specification

D

o

Hardware

VMware Requirement

Hyper-V Requirement

CPU: x86 processor (x86-64 recommended). Memory: 4 GB RAM, plus up to 2 GB RAM (32-bit OS) or up to 4 GB RAM (64-bit OS) for each concurrent job depending on backup chain’s length and backup files sizes. Network: 1 Gbps or faster for on-site backup and replication, and 1 Mbps or faster for off-site backup and replication. High latency and reasonably unstable WAN links are supported.

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

49

Module 2: Deployment

Specification

VMware Requirement

Hyper-V Requirement

Both 32-bit and 64-bit (recommended) versions of the following operating systems are supported: - Microsoft Windows Server 2016 - Microsoft Windows Server 2012 R2 - Microsoft Windows Server 2012 - Microsoft Windows Server 2008 R2 SP1 - Microsoft Windows Server 2008 SP2 - Microsoft Windows 10 - Microsoft Windows 8.x - Microsoft Windows 7 SP1 - Microsoft Windows Vista SP2 - Linux (bash shell, SSH and Perl are required). Please check the full list of required Perl modules here: www.veeam.com/kb2007. 64-bit edition of Linux must be able to run 32-bit programs. Pure 64-bit Linux editions are not supported (Perl installation must support 32-bit variables).

is

tr

ib ut e

OS

VMware Requirement

Hyper-V Requirement

or

Specification

D

Tape Server

up

lic

Hardware

at

e

CPU: x86 processor (x86-64 recommended). Memory: 2 GB RAM plus 200MB for each concurrent task. Restoring VMs directly from tape requires 400MB of RAM per 1TB of virtual disk size. Additionally (for file to tape jobs processing more than 1,000,000 files): - 800 MB RAM for file to tape backup for each 1,000,000 files - 800 MB RAM catalog jobs for each 1,000,000 files Disk Space: 300 MB, plus 10 GB for temporary data storage for backup and restore operations. Network: 1 Gbps or faster.

D

o

N

OS

ot

D

Both 32-bit and 64-bit (recommended) versions of the following operating systems are supported: - Microsoft Windows Server 2016 - Microsoft Windows Server 2012 R2 - Microsoft Windows Server 2012 - Microsoft Windows Server 2008 R2 SP1 - Microsoft Windows Server 2008 SP2 - Microsoft Windows 10 - Microsoft Windows 8.x - Microsoft Windows 7 SP1 - Microsoft Windows Vista SP2

50

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 2: Deployment

WAN Accelerator Specification

VMware Requirement

Hyper-V Requirement

OS

Only 64-bit version of the following operating systems are supported: - Microsoft Windows Server 2016 - Microsoft Windows Server 2012 R2 - Microsoft Windows Server 2012 - Microsoft Windows Server 2008 R2 SP1 - Microsoft Windows Server 2008 SP2 - Microsoft Windows 10 - Microsoft Windows 8.x - Microsoft Windows 7 SP1 - Microsoft Windows Vista SP2

e

or

D

is

tr

ib ut e

Hardware

CPU: x86-64 processor. Using multi-core processors improves data processing performance, and is highly recommended on WAN links faster than 10 Mbps. Memory: 8 GB RAM. Using faster memory (DDR3/DDR4) improves data processing performance. Disk Space: Disk space requirements depend on the WAN Accelerator role. Network: 1 Gbps or faster for on-site backup and replication, and 1 Mbps or faster for off-site backup and replication. High latency and reasonably unstable WAN links are supported.

at

Cloud Gateway

Backup Target

up

lic

Same system requirements as for Tape Server are applicable.

D

Backup can be performed to the following disk-based storage targets:

D

o

N

ot

Local (internal) storage of the backup repository server. Direct Attached Storage (DAS) connected to the backup repository server, including external USB/eSATA drives and raw device mapping (RDM) volumes. Storage Area Network (SAN). Backup repository server must be connected into the SAN fabric via hardware or virtual HBA, or software iSCSI initiator. Network Attached Storage (NAS) able to represent itself as SMB (CIFS) share (direct operation), or NFS share (must be mounted on a Linux backup repository server). Dell EMC DataDomain (DD OS version 5.4, 5.5, 5.6, 5.7 or 6.0) with DDBoost license. Both Ethernet and Fibre Channel (FC) connectivity is supported. ExaGrid (firmware version 4.8.0.351.P28 or later). HPE StoreOnce (firmware version 3.13.1 or later) with Catalyst license. Both Ethernet and Fibre Channel (FC) connectivity is supported. Instant VM Recovery support requires firmware version 3.15.1 or later.

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

51

Module 2: Deployment

Storage Integration Backup from Storage Snapshots and Veeam Explorer for Storage Snapshots are supported for the following storage devices: Cisco HyperFlex

ib ut e

Cisco HyperFlex 2.0 and later (Backup from Storage Snapshots, Full Integration mode) Dell EMC VNX, VNX2, VNXe and Unity NFS, Fibre Channel (FC) or iSCSI connectivity

Fibre Channel (FC) or iSCSI connectivity 3PAR OS 3.1.2 or later

D

iSCSI VLAN tags are supported. Virtual Domains are supported.

is

tr

HPE 3PAR StoreServ

or

HPE StoreVirtual (LeftHand / P4000 series) and StoreVirtual VSA

at

e

iSCSI connectivity only LeftHand OS versions 9.5 through 12.6 HPE SV3200 (LeftHand OS version 13) is not supported

NetApp FAS, FlexArray (V-Series), Edge VSA and IBM N Series (NetApp FAS OEM)

up

lic

NFS, Fibre Channel (FC) or iSCSI connectivity. Data ONTAP versions from 8.1 up to 9.2. 7-mode or cluster-mode

D

ONTAP 9.2 application-aware data management and SVM-DR are not supported. Nimble Storage AF-Series and CS-Series

N

ot

Fibre Channel (FC) or iSCSI connectivity Nimble OS 2.3 and later

D

o

Note: Hyper-V has native integration with storage snapshots for backup via Hardware VSS, so the list of storage devices the integration is possible for listed above is relevant only for vSphere.

52

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 2: Deployment

Tape Specification

VMware Requirement

Hyper-V Requirement

Software

- Tape devices without device-specific, vendor-supplied OEM drivers for Windows installed will appear in Windows Device Manager as Unknown or Generic and require enabling native SCSI commands mode. - No other backup server must be interacting with the tape device.

or

Veeam Backup Enterprise Manager Server

D

is

tr

ib ut e

Hardware

LTO3 or later tape libraries (including VTL) and standalone drives are supported. Tape device must be directly attached to the backup server, to a tape server via SAS, FC or iSCSI interface. Note that VMware does not support connecting tape libraries to ESX(i) for VM pass-through. Important! If you plan to run both Veeam Backup & Replication and 3rd party tape-recording software (for example, in your evaluation lab), consider that Veeam Backup & Replication by default will periodically lock the drive to perform rescan, preventing other software from recording.

Specification

VMware Requirement

Hyper-V Requirement

OS

64-bit version of the following operating systems is supported: - Microsoft Windows Server 2016 - Microsoft Windows 10 - Microsoft Windows Server 2012 R2 - Microsoft Windows Server 2012 - Microsoft Windows 2008 R2 SP1 - Microsoft Windows 2008 SP2 - Microsoft Windows 8.x - Microsoft Windows 7 SP1

N

ot

D

up

lic

at

e

Hardware

Processor: x64 processor. Memory: 4 GB RAM. Hard Disk Space: 2 GB for product installation plus sufficient disk space to store guest file system catalog from connected backup servers (according to data retention policy). Network: 1 Mbps or faster connection to Veeam backup servers.

D

o

Software

Client Software

- Microsoft Internet Information Services 7.0 or later - Microsoft .NET Framework 4.5.2 (included in the setup) - Microsoft Internet Explorer 10 or later, Microsoft Edge, latest versions of Mozilla Firefox and Google Chrome are supported. The browser needs to have JavaScript enabled. - Microsoft Excel 2003 or later (to view Excel reports).

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

53

Module 2: Deployment

Specification

VMware Requirement

Hyper-V Requirement

Local or remote installation of the following versions of Microsoft SQL Server are supported: - Microsoft SQL Server 2016 - Microsoft SQL Server 2014 (Full and Express Edition) - Microsoft SQL Server 2012 (Full and Express Edition; SP3 Express Edition is included in the setup) - Microsoft SQL Server 2008 R2 (Full and Express Edition) - Microsoft SQL Server 2008 (Full and Express Edition) Important! SQL Server 2008 and later databases with compatibility level that corresponds to SQL Server 2005, will not be supported. If you plan to deploy Enterprise Manager database on a Microsoft SQL Server participating in the AlwaysOn Availability Group, follow the recommendations provided in the Veeam KB article: https://www.veeam.com/kb2301.

tr

ib ut e

SQL Database

VMware Requirement

Hyper-V Requirement

D

Specification

is

Veeam Backup Search

Refer to corresponding Microsoft Search Server version system requirements

OS

Refer to corresponding Microsoft Search Server version system requirements

Software

- Microsoft Search Server 2008 (including Express edition) - Microsoft Search Server 2010 (including Express edition)

lic

at

e

or

Hardware

Veeam Explorer for Microsoft Exchange

up

VMware Requirement

Hyper-V Requirement

Veeam Explorer for Microsoft Exchange supports mailbox database (EDB) files created with 64-bit versions of the following Microsoft Exchange systems: - Microsoft Exchange 2016 - Microsoft Exchange 2013 SP1 - Microsoft Exchange 2013 - Microsoft Exchange 2010 SP1, SP2, or SP3 To open mailbox databases, Veeam Explorer for Microsoft Exchange requires a service dynamic link library (ESE.DLL) that is installed together with Microsoft Exchange.

ot

D

Specification

D

o

N

Microsoft Exchange

Software

54

Microsoft Outlook 2016, 2013 or 2010 (64-bit) for PST exports (optional)

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 2: Deployment

Veeam Explorer for Microsoft SharePoint Specification

VMware Requirement

Hyper-V Requirement

Software

Veeam Explorer for Microsoft SharePoint is installed on the machine running Veeam Backup & Replication. All editions including Veeam Backup Free Edition are supported.

Staging SQL Server

1. The staging Microsoft SQL Server can run on the machine where Veeam Explorer for Microsoft SharePoint is installed, or on another machine. 2. The staging system must have the same or a later version of Microsoft SQL Server as the server that hosts restored Microsoft SharePoint content databases. For example, if the Microsoft SharePoint server uses Microsoft SQL Server 2008, then the staging system can run Microsoft SQL Server 2008 or later.

or

D

is

tr

ib ut e

Microsoft SharePoint

- Microsoft SharePoint 2016 - Microsoft SharePoint 2013 - Microsoft SharePoint 2010 All editions are supported (Foundation, Standard, Enterprise).

at

e

Remote BLOB Stores Support

up

lic

To be able to work with remote BLOB stores (RBS) of the SharePoint content database, make sure that you have your remote BLOB store virtualized on the corresponding platform (VMware or HyperV). Also, make sure that it is either included in the SharePoint backup created by Veeam Backup & Replication (for automated discovery), or stored on the local machine running Veeam Explorer and staging SQL server (for manual discovery).

D

Veeam Explorer for Microsoft SQL

N

ot

Specification

D

o

Microsoft SQL Server

VMware Requirement

Hyper-V Requirement

- Microsoft SQL Server 2016 - Microsoft SQL Server 2014 - Microsoft SQL Server 2012 - Microsoft SQL Server 2008R2 - Microsoft SQL Server 2008 - Microsoft SQL Server 2005 SP4 All editions of Microsoft SQL Server are supported. AlwaysOn Availability Groups are supported for Microsoft SQL Server 2012 and later.

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

55

Module 2: Deployment

Specification

VMware Requirement

Hyper-V Requirement

Other

ib ut e

For export to selected point in time and for export/restore to the state before selected transaction, Veeam Explorer for Microsoft SQL Server uses a staging Microsoft SQL Server. By default, local Microsoft SQL Server deployed with Veeam backup server will be used as a staging system. If you plan to use another server as a staging Microsoft SQL Server, then it should have the same or later version as the original Microsoft SQL Server. Besides, if the source database uses any edition-specific features, then staging system should be of the same or higher edition than the original SQL Server. See the Staging SQL Server section for details.

Veeam Explorer for Oracle VMware Requirement

Hyper-V Requirement

tr

Specification

or

D

is

The following versions of Oracle Database are supported as source/target systems for database backup and restore: - Oracle Database 12c (for Windows or Linux OS) - Oracle Database 11g (for Windows or Linux OS) Automatic Storage Management (ASM) is supported for Oracle 11g and later, requires ASMlib present. Oracle Real Application Clusters (RAC) are not supported. Oracle servers using Data Guard are partially supported - backup and full VM restore are supported, database restore via Veeam Explorer is not supported in the current version. Also, current version does not support creating transactionally-consistent backups of a standby database in case you are using Oracle Active Data Guard; only crash-consistent backups can be created in this case. However, a primary database can be backed up in a transactionallyconsistent way. Note: Currently, Oracle Database Express Edition (XE) is supported for Windows-based machines only.

up

lic

at

e

Oracle System

ot

D

Staging server is used to fine-tune the restore point in case a user needs to restore database to the state before specific transaction. At the first launch of Veeam Explorer it tries to obtain the staging Oracle server settings using the built-in algorithm. You can specify another staging server, either local (for Windows VMs only) or remote (for both Windows and Linux VMs).

N

The following requirements apply to staging server:

D

o

1. A staging server must have the same Oracle database version as the source (original) and target Oracle server. 2. If you plan to restore databases with Automatic Storage Management enabled, the staging and target servers should have ASM enabled, too. 3. Oracle Database Express Edition (XE) cannot be used as a staging system.

56

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 2: Deployment

Veeam Explorer for Microsoft Active Directory Specification

VMware Requirement

Hyper-V Requirement

Software

- Any edition of Veeam Backup & Replication 9.5. - Microsoft PowerShell 2.0 and higher. Veeam Explorer can restore the relationships between Active Directory objects and corresponding mailboxes - if an object (user or group) was deleted from production Active Directory, Veeam Explorer can restore this object from Active Directory backup, reconnect Exchange mailbox and restore mailbox security role for that object. Veeam Explorer for Active Directory supports restore of both mailbox-enabled objects (including hard-deleted items and Online Archives) and mail-enabled objects for the following Microsoft Exchange versions: - Microsoft Exchange Server 2016 - Microsoft Exchange Server 2013 - Microsoft Exchange Server 2010 SP1 and later For other Microsoft Exchange versions, restore of mailbox-enabled objects is not supported (only mail-enabled objects can be restored). - To open database files, Veeam Explorer for Microsoft Active Directory uses a service dynamic link library (esent.dll) which is installed together with Microsoft Active Directory Domain Services and can be found in the system directory at %SystemRoot%. Important! Esent.dll on the machine where Veeam Explorer runs should be of the same version as Microsoft Active Directory Domain Services used to create database files. - To restore account password, Veeam Explorer for Microsoft Active Directory uses the registry database, so if you plan to restore password(s), make sure that System registry hive is available (default location is %systemroot%\System32\Config). If you restore Active Directory database from Active Directory backup using Veeam file-level restore, then registry hive will be located automatically. Otherwise, for example, if you restore from an imported backup or from VeeamZIP file, make sure the System registry hive is located in the same folder as .DIT file.

D

o

N

ot

D

up

lic

at

e

or

D

is

tr

ib ut e

Microsoft Active Directory Domain Controllers

- Microsoft Windows Server 2016 - Microsoft Windows Server 2012 R2 - Microsoft Windows Server 2012 - Microsoft Windows Server 2008 R2 - Microsoft Windows Server 2008 - Microsoft Windows Server 2003 SP2 Minimum supported domain and forest functional level is Windows 2003. Veeam Explorers can be only installed on a 64-bit Windows operating system.

Note: Database files created by a domain controller can be open only if Veeam Explorer is installed on a Windows machine with OS version same or above the version of that domain controller's OS.

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

57

Module 2: Deployment

2.4.4. Required Permissions The accounts used for installing and using Veeam Backup & Replication should have the following permissions: Account

VMware Requirement

Hyper-V Requirement

The account used for product installation must have the Local Administrator permissions on the Veeam backup server to install Veeam Backup & Replication.

Target/Source Host Permissions

Root permissions on the source ESX(i) host Root (or equivalent) permissions on Linux backup repository Write permission on the target folder and share If vCenter Server is used, administrator credentials are required

SQL Server

The account used to run Veeam Backup Management Service must have the database owner role for the VeeamBackup database on the SQL Server instance. The account used to run Veeam Backup Enterprise Manager must have the database owner role for the VeeamBackupReporting database on the SQL Server instance.

Veeam Backup Enterprise Manager

Local Administrator permissions on the Veeam Backup Enterprise Manager server to install Veeam Backup Enterprise Manager To be able to work with Veeam Backup Enterprise Manager, users should be assigned the Portal Administrator, Restore Operator or Portal User role.

Veeam Backup Search

Local Administrator permissions on the Microsoft Search Server to install Veeam Backup Search

ib ut e

Setup Account

ot

D

up

lic

at

e

or

D

is

tr

Local Administrator permissions on the source Hyper-V server Root (or equivalent) permissions on Linux backup repository Write permission on the target folder and share

D

o

N

Veeam Explorer for Exchange

Veeam Explorer for SharePoint

58

Full access to Microsoft Exchange database and its log files for item recovery The account you plan to use for recovery should have both read and write permissions to all files in the folder with the database. Access rights can be provided through impersonation. The account used for working with Veeam Explorer for SharePoint requires membership in the sysadmin fixed server role on the staging Microsoft SQL Server. The account used for connection with target SharePoint server where document item(s)/list will be restored needs the following: - If permissions of the item being restored are inherited from the parent item (list) – Full Control for that list is required. - If permissions are not inherited, and restored item will replace an existing item – then Contribute for the item and Full Control for its parent list are required.

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 2: Deployment

2.5. Upgrading Veeam Backup & Replication To perform upgrade, run the Veeam Backup & Replication setup file. For details on the upgrade procedure, refer to Veeam Backup & Replication Release Notes.

ib ut e

2.5.1. Before You Upgrade To perform upgrade of Veeam Backup & Replication to version 9.5, you must be running version 9.0 (any update) or 8.0 Update #3 on the supported operating system. To upgrade from previous versions, contact Veeam Technical Support.

tr

Upgrade checklist:

o

N

ot

D

up

lic

at

e

or

D

is

1. Are you using Veeam ONE to monitor your backup infrastructure? If yes, upgrade it first. Veeam ONE supports monitoring of backup servers versions 9.5, 9.0 and 8.0. 2. Are you running Veeam Backup & Replication 9.0 (any update) or 8.0 Update #3? If yes, perform the upgrade procedure. To upgrade from other versions, contact Veeam Technical Support. 3. Is backup server to be upgraded installed on the supported operating system? If not, you must migrate the server to the supported OS first, before performing the upgrade. Refer to the Veeam support KB article KB1803 for more information on how to perform the migration. 4. Is your Veeam Backup & Replication or Veeam Backup Enterprise Manager configuration database hosted on Microsoft SQL Server 2005? If yes, you must upgrade the Microsoft SQL Server to version 2008 or later first. We recommend Microsoft SQL Server 2014 or later for performance considerations. 5. Are you using Cloud Connect? If yes, check with your Cloud Connect service provider if they have already upgraded their system to at least the version you are upgrading to. 6. Ensure there is no active processes, such as any running jobs and restore sessions. We recommend that you do not stop running jobs and let them complete successfully instead. Disable any periodic and backup copy jobs, so that they do not start during the upgrade. 7. Perform a backup of the corresponding SQL Server configuration databases used by backup and Enterprise Manager servers, so that you can easily go back to previous version in case of issues with upgrade. Note that built-in configuration backup functionality does not protect Enterprise Manager configuration. 8. Are you using Veeam Backup Enterprise Manager? If yes, start the upgrade procedure from this component. Note that Enterprise Manager 9.5 supports version 9.0 and 8.0 backup servers, so you can potentially run both old and new product versions side by side.

D

2.5.2. After You Upgrade When upgrade is complete, perform the following actions: 1. Once the upgrade process is complete, download and install the latest available update from www.veeam.com/updates.html. 2. Open the Veeam Backup & Replication console. If necessary, the automated upgrade wizard will automatically appear, prompting you to upgrade product components running on remote servers. Follow the wizard to complete the upgrade process.

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

59

Module 2: Deployment

3. If some remote servers are unavailable at the time of upgrade, you can run the Upgrade wizard at any time later from the main product menu, or by closing and re-opening the Veeam Backup & Replication console. Note that out-of-date product components cannot be used by jobs until they are updated to the backup server version. 4. Enable any scheduled jobs that you have disabled before the upgrade.

ib ut e

Please note that immediately after upgrade, backup server performance may be impacted due to configuration database being optimized by the maintenance job. This can take up to an hour depending on the database size.

D

o

N

ot

D

up

lic

at

e

or

D

is

tr

You must upgrade Veeam components on all remote servers with which the backup server communicates during data protection and disaster recovery tasks. If you do not upgrade components on remote servers, Veeam Backup & Replication jobs will be failing.

60

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 2: Deployment

Labs for Module 2: Deployment

ib ut e

This module gets you acquainted with the components that make up the Veeam Backup & Replication architecture and explains how to choose between Veeam Backup & Replication deployment scenarios. The corresponding labs provide you with an opportunity to dive into the Veeam Backup & Replication and Veeam Backup Enterprise Manager installation.

Get into the Lab Action

Purpose

2.1

Adding Veeam Backup & Replication to Veeam Backup Enterprise Manager

Add the Veeam Backup & Replication server to the Veeam Backup Enterprise Manager console to control and manage all the Veeam Backup & Replication jobs through a single pane of glass.

2.2

Setting up Veeam ONE (part one)

Add VMware vSphere and Microsoft Hyper-V hosts to the Veeam ONE interface and schedule data collection.

D

o

N

ot

D

up

lic

at

e

or

D

is

tr

Lab

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

61

D

o

N

ot

D

up

lic

at

e

or

D

is

tr

ib ut e

Module 2: Deployment

62

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 3: Initial Configuration

3. Initial Configuration

3.1. Adding Servers For building your backup infrastructure in a VMware vSphere environment, Veeam Backup & Replication supports the following types of servers:

D

is

tr

VMware Server vCloud Director Windows Server Linux Server

ib ut e

In this module you will learn how to configure all components of Veeam Backup & Replication product, including backup server, backup proxy and backup repository. We will also review about global settings and how they improve the product’s performance and Veeam Backup & Replication user interface.

or

For building your backup infrastructure in a Hyper-V environment, Veeam Backup & Replication supports the following types of servers:

at

e

Hyper-V Server SMB v3 Server Windows Server Linux Server

D

up

lic

Managed servers are physical or virtual machines that are used as source and target hosts, backup proxies, repositories and other servers included in the backup infrastructure. The table below shows which roles can be assigned to the different types of servers managed by Veeam Backup & Replication.

Source

Backup Proxy

Off-host backup proxy (Hyper-V

Backup Repository

ot

Server Type

Replication Target

D

o

N

VMware Server (standalone ESX(i) host or vCenter Server) / Hyper-V Server (standalone Hyper-V Server, SCVMM or Hyper-V cluster) Windows Server

*

Linux Server

*

vCloud Director * = Windows and Linux can be used as source for Agent jobs or Files to tape jobs.

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

63

Module 3: Initial Configuration

Any ESXi host is essentially a Linux server. Thus, you can add ESXi hosts both as virtualization servers and as standard file servers, depending on the role you wish to assign them. Note that if you plan to use the same host as an ESXi host and Linux server, you should add it to Veeam Backup & Replication twice.

ib ut e

Similarly, any Hyper-V Server is essentially a Windows server. Thus, you can add Hyper-V hosts both as virtualization servers and as standard file servers, depending on the role you wish to assign them. Note that if you plan to use the same host as a Hyper-V server and Windows server, you should add it to Veeam Backup & Replication twice.

tr

Note: If there is a vCenter server in the infrastructure, it is recommended that you add vCenter server instead of separate ESX(i) hosts to provide more flexibility at work.

e

or

D

is

Note: When you create a credential record for the user account that you plan to use to connect to a Linux sever or VM running Linux OS, you can either choose a root account, or specify a non-root account and use the Non-root account section to grant sudo rights to this account. Then, to provide a non-root user with root account privileges, select the Elevate account to root check box and to add the user account to sudoers file, select the Add account to the sudoers file automatically check box. If you do not enable this option, you will have to manually add the user account to the sudoers file.

at

3.1.1. Adding a VMware Backup Proxy

up

lic

In the backup infrastructure, a backup proxy acts as a “data mover.” While the backup server fills the role of the job manager, the backup proxy actually performs main data handling – it retrieves data, processes it and transfers to the target destination. Using backup proxies enables you to take the job processing off the backup server and allows for better scalability of your backup infrastructure.

D

Proxy deployment recommendations depend on a particular configuration of your virtual infrastructure.

N

ot

To add a backup proxy to your backup infrastructure, you should assign this role to a Windows server that is already added to the list of managed servers.

D

o

By default, Veeam Backup & Replication adds the Veeam backup server to the list of backup proxies. A local backup proxy may be sufficient for the simplest backup or replication scenarios; however, for larger VMware environments, you will need to deploy a number of additional VMware proxy servers to offload the Veeam backup server.

3.1.2. Adding Backup Repositories Backup repository is a location for storing backup data and auxiliary files. You can assign the role of a backup repository to any Windows or Linux server added to the list of managed servers in Veeam Backup & Replication, any shared CIFS folder to which the backup server has access, or to deduplicating storage appliances. Windows-based backup repositories can also perform the role of 64

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 3: Initial Configuration

the Veeam vPower NFS server, enabling advantages of the vPower technology for multi-OS file-level restore, Instant VM Recovery, SureBackup and U-AIR capabilities.

ib ut e

Note: You can permanently remove a backup repository from the backup infrastructure. When you remove a backup repository, Veeam Backup & Replication unassigns the backup repository role from the server and this server is no longer used as a backup repository. Veeam Backup & Replication does not remove backup files and other data stored on the backup repository. You can re-connect the backup repository at any time and import backups from this backup repository to Veeam Backup & Replication.

or

3.2. Data location tagging

D

is

tr

Important! The remove operation has the following limitations: you cannot remove a backup repository that is used by any backup or replication job (including Configuration Backup). To remove such backup repository, you first need to delete a reference to this backup repository in the job settings.

up

lic

at

e

Ensure data sovereignty compliance required by various regulations, such as the General Data Protection Regulation (GDPR), by tagging production infrastructure and backup infrastructure objects with locations. Location tags are used to prevent accidental errors when configuring backup and replication jobs or performing out-of-place restores, by issuing a warning when an action may result in a data sovereignty violation and producing audit trails whenever such action is confirmed.

3.2.1. Locations

ot

D

To control data migration in the virtual infrastructure, Veeam Backup & Replication introduces a notion of location. A location defines a geographical region, or country, in which an infrastructure object resides. You can create a list of locations, and assign to backup infrastructure objects information about locations to which they belong.

D

o

N

Veeam Backup & Replication allows you to assign information about locations to the following infrastructure objects: Virtual infrastructure objects: vCenter Servers, datacenters, clusters and hosts. Backup infrastructure objects: simple backup repositories, scale-out backup repositories, tape libraries and tape vaults. Agent management objects: protection groups.

Information about infrastructure objects location is stored in the Veeam Backup & Replication configuration database. When VM data in the virtual infrastructure migrate from one location to another, Veeam Backup & Replication displays a warning and stores a record about data migration to job or task session details. In addition to it, Veeam Backup & Replication logs this information to Microsoft Windows event logs. For example, if Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

65

Module 3: Initial Configuration

you back up VMs from a host that resides in Germany to a backup repository that resides in Australia, Veeam Backup & Replication will display a warning that VM data changes its location in the backup job wizard, display information about data migration in the backup job session details and log it to Microsoft Windows event logs. Veeam Backup & Replication displays information about VM data migration in statistics for the following types of jobs:

at

e

or

D

is

tr

ib ut e

Backup jobs — Veeam Backup & Replication compares the location of the source host on which VMs are registered with the location of the target backup repository or cloud repository. VeeamZIP tasks — Veeam Backup & Replication compares the location of the source host on which VMs are registered with the location of the target backup repository. Replication jobs — Veeam Backup & Replication compares the location of the source host on which VMs are registered with the location of the target host. Replica failback tasks — Veeam Backup & Replication compares the location of the host on which a VM replica is registered with the location of the host to which the VM is restored. VM copy jobs — Veeam Backup & Replication compares the location of the source host on which VMs are registered with the location of the target backup repository or target host. Quick migration tasks — Veeam Backup & Replication compares the location of the source host on which VMs are registered with the location of the target host. Entire VM restore tasks — Veeam Backup & Replication compares the location of the backup repository or cloud repository on which the backup resides, with the location of the host to which VMs are restored. SureBackup jobs — Veeam Backup & Replication compares the source location with the target location. The target location is always a host on which the virtual lab is registered. The source location may be one of the following:

D

up

lic

If a VM is added to the application group, Veeam Backup & Replication compares the host on which the VM is registered (or was registered at the moment of backup) with the target location. If a VM is added to the SureBackup job from the linked job, Veeam Backup & Replication compares the backup repository on which the backup file resides with the target location.

ot

For SureReplica jobs, Veeam Backup & Replication does not compare information about source and target hosts location.

N

Tape tasks:

D

o

Backup to tape jobs: In backup to tape jobs, Veeam Backup & Replication compares the location of the source job or repository with the location of the tape library in the target media pool. If the media pool spans multiple tape libraries, Veeam Backup & Replication analyzes locations of all libraries in the media pool. Vaults: If a tape job exports offline backups to a vault, Veeam Backup & Replication compares the location of the source job or repository with the location of the vault. I a GFS tape job exports tapes to multiple vaults, Veeam Backup & Replication analyzes all vaults configured for target media pools of the GFS tape job. Media pools: Veeam Backup & Replication compares locations of all tape libraries added to the media pool. If the media pool exports tapes to a

66

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 3: Initial Configuration

vault, Veeam Backup & Replication analyzes all vaults configured for the media pool.

Important! Veeam Backup & Replication does not display a warning about VM data migration for file copy jobs.

ib ut e

3.2.2. Creating and Assigning Locations You can create a list of locations in Veeam Backup & Replication and assign locations to infrastructure objects. To create a location:

D

is

tr

1. In the Inventory or Backup Infrastructure view, right-click the infrastructure object and select Location > Manage locations. 2. In the Manage Locations window, click Add. 3. In the Name field, enter a name of the location.

e

or

To assign a location to an infrastructure object, in the Inventory or Backup Infrastructure view, rightclick the infrastructure object and select Location > . If the location is not in the list, select Location > Manage Locations and add the location to the list.

at

3.2.3. Editing Locations

lic

You can edit a location in the locations list, for example, if you want to change the location name.

up

To edit a location:

ot

D

1. In the Inventory or Backup Infrastructure view, right-click the infrastructure object and select Location > Manage locations. 2. In the Manage Locations window, select the location and click Edit. 3. In the Name field, change the location name as required.

N

3.2.4. Deleting Locations

o

You can delete a location from the locations list, for example, if you no longer host infrastructure objects in this location.

D

To delete a location: 1. In the Inventory or Backup Infrastructure view, right-click the infrastructure object and select Location > Manage locations. 2. In the Manage Locations window, select the location and click Delete. If the location is currently assigned to some infrastructure objects, Veeam Backup & Replication will display a warning with the list of objects that belong to this location. Click Yes to confirm the location deletion.

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

67

Module 3: Initial Configuration

3.2.5. Exporting and Importing Locations List You can export and import the list of locations to/from a file of XML format.

ib ut e

The import and export functionality facilitates the process of locations creation and maintenance. For example, if you need to set up the same list of locations throughout the whole backup infrastructure, you can create a list of locations on one backup server manually, export this list to an XML file, and then import the list on other backup servers and machines running the Veeam Backup & Replication console. To export the locations list:

is

tr

1. In the Inventory or Backup Infrastructure view, right-click an infrastructure object and select Location > Manage locations. 2. In the Manage Locations window, click Export and specify a name of the XML file to which the locations list must be exported.

D

To import the locations list:

e

or

1. In the Inventory or Backup Infrastructure view, right-click an infrastructure object and select Location > Manage locations. 2. In the Manage Locations window, click Import and browse to the XML file from which the locations list must be imported.

at

3.3. Performing Configuration Backup and Restore

up

lic

With Veeam Backup & Replication, you can create a configuration backup of the Veeam backup server.

ot

D

When you create a configuration backup, you export the configuration data from the Veeam Backup SQL database and save it into a backup file on the repository. If the Veeam backup server fails for some reason, you can re-install it and then quickly restore its configuration from the backup file. Alternatively, you can apply the configuration of one Veeam backup server to any other Veeam backup server in your backup infrastructure.

D

o

N

It is recommended that you regularly create a configuration backup for every Veeam backup server in your backup infrastructure. Periodic configuration backups reduce the possibility of data loss and minimize the administrative overhead if any problem with Veeam backup server(s) occurs.

3.3.1. Creating Configuration Backups When you perform a configuration backup, Veeam Backup & Replication retrieves configuration data for the Veeam backup server from the SQL database, writes this data into a set of .xml files and archives these .xml files to a .bco file. Veeam Backup & Replication exports configuration data for all Veeam Backup & Replication objects:

68

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 3: Initial Configuration

Object

Contents Hosts, servers, backup proxies, repositories, WAN accelerators and jobs, global settings configured on the backup server and so on.

Backups

Backups, replicas and backup copies created on the backup server.

Sessions

Job sessions performed on the backup server.

Tapes

Tape libraries connected to the backup server.

ib ut e

Backup infrastructure components and objects

D

is

tr

Note: When storing credentials for the infrastructure objects, Veeam Backup & Replication does not keep passwords if encryption is not enabled. During the restore process, you will have to specify passwords manually. If by the time of restore passwords for credentials records have changed, you can specify new values for these records.

or

The configuration backup is job-driven. Just like any other job, you can schedule it to run regularly or start it manually. You can choose the backup repository to which the configuration backup should be stored and specify the necessary retention policy settings.

up

lic

at

e

By default, Veeam Backup & Replication is configured to create a configuration backup daily. The resulting configuration backup file is stored in the \VeeamConfigBackup\%BackupServer% folder in the default backup repository. However, for security’s sake, it is recommended that you store configuration backups on the backup repository other than the default one. In this case, configuration data of the Veeam backup server(s) will be available for recovery even if the Veeam backup server fails.

o

N

ot

D

Note: When you configure a new backup repository, Veeam Backup & Replication offers you to change the configuration backup file location from the default backup repository to the new backup repository. Click Yes, and Veeam Backup & Replication will automatically change the backup target in the configuration backup job properties and will use this target in future. Configuration backups that were created before the target change will remain in the default backup repository. You can manually copy them to the new backup repository to have all restore points of the configuration backup in one place.

D

3.3.2. Restoring Configuration Data To restore data from the configuration backup, you can use one of two methods: data restore and data migration. Data restore can be helpful in the following situations: The configuration database got corrupted and you want to recover data from the configuration backup.

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

69

Module 3: Initial Configuration

The Microsoft SQL Server on which the configuration database resides got corrupted, and you want to deploy the configuration database on a new Microsoft SQL Server, and restore data from the configuration backup to it. You want to roll back the configuration database to a specific point in time. You want to restore data to a new configuration database on the same Microsoft SQL server, for example, for testing purposes.

ib ut e

Data migration can be helpful if you need to move the backup server and configuration database to another location, for example, offsite. In this case, you can configure a backup server, deploy a Microsoft SQL Server in the target location and then restore data from the configuration backup to a database on this server. As a result, you will get a "replica" of the backup server without additional adjustments and fine-tuning.

is

tr

It is recommended that you use Veeam Backup & Replication tools to create configuration backups and migrate the configuration database. If you use other tools, for example, native Microsoft SQL Server tools, after migration some information such as secure configuration data may be not accessible.

D

Before you start the restore process, check the following prerequisites:

at

e

or

Stop all jobs that are currently running. During restore of configuration, Veeam Backup & Replication temporary stops the Veeam Backup Service and jobs. Check the version of the backup server. On the backup server running Veeam Backup & Replication 9.5, you can restore configuration backups created with the following product versions: 8.0 Update 3 and 9.0.

up

lic

Mind the following limitation: You can only start configuration restore from the Veeam Backup & Replication console installed locally on the backup server. You cannot start configuration restore from the console installed on a remote machine.

D

3.3.3. Encrypted Configuration Backups

ot

Veeam Backup & Replication requires that you encrypt the configuration backup if you have created at least one password in the Password Manager on the backup server.

D

o

N

When you encrypt jobs or tapes with passwords, Veeam Backup & Replication creates a set of keys that are employed in the encryption process. Some of encryption keys, for example, storage keys and metakeys, are stored in the Veeam Backup & Replication database. If a configuration backup was non-encrypted, data from it could be freely restored on any backup server. The encryption keys would be saved to the Veeam Backup & Replication database, and the content of encrypted files might become accessible for unintended audience. If the Password Manager contains at least one password and you do not enable encryption for the configuration backup, Veeam Backup & Replication disables configuration backup. To enable the configuration backup, you must configure encryption settings in the configuration backup job properties.

70

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 3: Initial Configuration

3.4. Managing Network Traffic If you plan to perform offsite backup or replicate VMs to a remote DR site, you can manage network traffic with the following options:

ib ut e

3.4.1. Setting Network Traffic Throttling Rules

tr

To limit the impact of Veeam Backup & Replication tasks on network performance, you can throttle network traffic for jobs. Network traffic throttling prevents jobs from utilizing the entire bandwidth available in your environment and makes sure that enough traffic is provided for other network operations. It is especially recommended that you throttle network traffic if you perform offsite backup or replicate VMs to a DR site over slow WAN links.

D

is

Network traffic throttling is implemented through rules. Network throttling rules apply to components in the Veeam backup infrastructure, so you do not have to make any changes to the network infrastructure.

or

Network traffic throttling rules are enforced globally, at the level of the backup server. Every rule limits the maximum throughput of traffic going between backup infrastructure components on which Veeam Data Movers are deployed. Depending on the scenario, traffic can be throttled between the following components:

D

up

lic

at

e

Backup to a Microsoft Windows or Linux backup repository: a backup proxy (onhost or offhost) and backup repository Backup to an SMB share, Dell EMC Data Domain and HPE StoreOnce: backup proxy (onhost or offhost) and gateway server Backup copy: source and target backup repositories or gateway sever(s), or WAN accelerators (if WAN accelerators are engaged in the backup copy process) Replication: source and target backup proxies (onhost or offhost) or WAN accelerators (if WAN accelerators are engaged in the replication process) Backup to tape: backup repository and tape server

ot

Rules are set for a pair of IP address ranges and are applied to the source and target components between which data is transferred over the network. The range can include a single IP address.

N

3.4.2. Managing Data Transfer Connections

D

o

By default, Veeam Backup & Replication uses multithreaded data transfer for every job session. VM data going from source to target is transferred over 5 TCP/IP connections. However, if you schedule several jobs to run at the same time, load on the network may be heavy. If the network capacity is not sufficient to support multiple data transfer connections, you can disable multithreaded data transfer or change the number of TCP/IP connections.

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

71

or

D

is

tr

ib ut e

Module 3: Initial Configuration

up

lic

at

e

Note: Veeam Backup & Replication performs a CRC check for the TCP traffic going between the source and the target. When you perform backup and replication operations, Veeam Backup & Replication calculates checksums for data blocks going from the source. On the target, it recalculates checksums for received data blocks and compares them to the checksums created on the source. If the CRC check fails, Veeam Backup & Replication automatically re-sends data blocks without any impact on the job.

D

3.4.3. Preferred Networks

ot

You can choose networks over which Veeam Backup & Replication must transport VM data when you perform data protection and disaster recovery tasks. This option can be helpful if you have a nonproduction network and want to route VM data traffic over this network instead of the production one.

N

Preferred network rules are applied to the following backup infrastructure components:

D

o

Backup proxies Backup repositories WAN accelerators Gateways (used with backup repositories) Log shipping servers Tape servers

To define networks for data transfer, you must create a list of preferred networks. When Veeam Backup & Replication needs to transfer VM data, it uses networks from this list. If a connection over preferred network(s) cannot be established for some reason, Veeam Backup & Replication will automatically fail over to the production network. 72

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

or

D

is

tr

ib ut e

Module 3: Initial Configuration

at

e

3.4.4. Network Traffic Encryption

up

lic

You can enable network traffic encryption (in flight encryption) for data going between the primary site and disaster recovery site. Network traffic encryption helps you raise the security level for your data. If encrypted data is intercepted in the middle of data transfer, the eavesdropper will not be able to decrypt it or get access to it.

ot

D

Network data encryption for different subnets is enabled by default. If you want to enable data encryption within the same subnet, you must create a network traffic rule for this subnet and select the data encryption option for the rule. As a result, the traffic going between servers that fall into the source and target IP addresses ranges will be encrypted according to the 256-bit Advanced Encryption Standard (AES-256).

N

3.5. General options

D

o

General options that affect all jobs.

3.5.1. Backup I/O control At the same time, it’s important to keep production storage availability from being impacted by too much load from parallel backup tasks. Backup I/O Control is a global setting that lets you set limits on how much latency is acceptable for any VMware or Hyper-V datastore. Those values are customizable.

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

73

Module 3: Initial Configuration

For the Enterprise Plus Edition, Backup I/O Control can be used to set the latency on a per-datastore basis, rather than a single global setting. This is especially useful if you have datastores that need a higher/lower setting based on workload or importance, for example higher latency is usually acceptable for test/development workloads.

3.5.2. Global Notification Settings

ib ut e

Notifications help ensure visibility for the processes that are happening within Veeam Backup and Replication.

Specifying E-Mail Notification Settings

D

is

tr

With Veeam Backup & Replication, you can select to receive email messages in the case of success or failure of a created backup or replication job. To be able to receive email messages, you must configure general email notification settings and select to receive a notification when creating a corresponding job.

e

or

Tip: To receive email notification about all jobs performed on the Veeam backup server in one email, configure email notification settings in Veeam Backup Enterprise Manager.

at

Specifying Other Notification Settings

lic

You can configure Veeam Backup & Replication to automatically notify you about the following events:

D

up

Low disk space Support contract expiration New product versions and available updates

ot

When you run a job, Veeam Backup & Replication checks disk space on the target backup repository and production storage. If the disk space is below a specific value, Veeam Backup & Replication will display a warning message in the job session details.

D

o

N

By default, email recipients specified in global notification settings are informed about the support expiration date in every received email notification. Veeam Backup & Replication starts sending such notifications 14 days before the expiration date. Expiration information is also shown on the splash screen and on the License Information window. You can configure Veeam Backup & Replication to automatically check for new product versions and updates available on the Veeam website. When a new version of the product or a new product update becomes available on the website, Veeam Backup & Replication displays an icon in the system tray. An icon is displayed once a week. For Microsoft Hyper-V environments, Veeam Backup & Replication also notifies about updates that should be installed on Microsoft Hyper-V hosts and off-host backup proxies: if a Microsoft Hyper-V host or an off-host backup proxy connected to the Veeam backup server misses important

74

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 3: Initial Configuration

fixes/patches, it can potentially hinder work of Veeam Backup & Replication.

Important! To get notified about updates and patches, make sure that the Veeam backup server is connected to the Internet. In the opposite case, update notification will not work.

ib ut e

If you do not want to get notified about available updates, you can disable this option. However, it is recommended that you leave update notifications enabled not to miss critical updates and patches.

3.6. Getting to Know User Interface

is

tr

The user interface of Veeam Backup & Replication is designed to let you quickly find commands you need and perform necessary data protection and disaster recovery tasks. This section will familiarize you with elements of the application user interface.

D

3.6.1. Main Menu

or

The main menu in Veeam Backup & Replication contains commands related to general application settings. The following operations can be performed:

N

ot

D

up

lic

at

e

Upgrade backup infrastructure components Manage credentials Manage passwords Manage Microsoft Azure accounts Configure application settings Set up user roles Configure network traffic rules Perform configuration backup and restore Start PuTTy and Microsoft PowerShell console Change color theme Work with licenses View Veeam Backup & Replication help and export program logs Exit Veeam Backup & Replication

o

3.6.2. Navigation Pane

D

The navigation pane, located on the left side of the window, provides centralized navigation and enables you to easily access Veeam Backup & Replication items organized in views. The navigation pane is made up of two areas: The upper, or the inventory pane, displays a hierarchy or a list of all items relevant for a specific view. The content of the inventory pane is different for different views. For example, in the Backup Infrastructure view, the inventory pane displays a list of backup infrastructure components – virtual infrastructure servers, backup proxies and backup repositories. In the Virtual Machines view, the inventory pane displays a list of servers connected to Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

75

Module 3: Initial Configuration

Veeam Backup & Replication. The lower pane contains a set of buttons that enables you to switch between Veeam Backup & Replication views.

3.6.3. Ribbon and Tabs

D

is

tr

ib ut e

Operation commands in Veeam Backup & Replication are organized into logical groups and collected together under tabs on the ribbon. The ribbon is displayed at the top of the main application window; it contains the Home tab that is always present, and context-sensitive tabs.

up

lic

at

e

or

The Home tab provides quick access to the most commonly performed operations. It enables you to create different types of jobs, perform restores, and import operations. This tab is always displayed, no matter which view is currently open. Context-sensitive tabs contain commands specific for certain items and appear when these items are selected. For example, if you open the Backup & Replication view and select a backup job in the working area, the Jobs tab containing buttons for operations with jobs will appear on the ribbon. In a similar manner, if you open the Files view and select a file or folder, the File tab containing buttons for operations with files will appear on the ribbon.

ot

3.6.4. Views

D

Note: Commands for operations with items in Veeam Backup & Replication are also available from the shortcut menu.

N

Veeam Backup & Replication displays its items in views. When you click the button of a specific view in the navigation pane, its content is displayed in the working area of Veeam Backup & Replication.

D

o

Veeam Backup & Replication offers the following views: Views

Backup & Replication

76

Functions Used for work with all kind of jobs. It also displays a list of created backups and replicas that can be used for various restore operations, and provides statistics on recently performed jobs.

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 3: Initial Configuration

Views

Functions

Virtual Machines

Displays the inventory of your virtual infrastructure. The inventory can be presented from different perspectives: Compute, Storage, VM Folders and VM Tags. This view is used to work with VMs and VM containers.

Storage Infrastructure

Displays a list of storage systems, volumes and snapshots. This view is used to restore data from storage snapshots (available only for VMware VMs).

Tape Infrastructure

Displays a hierarchy of tape library connected to the tape server. This view is used to archive data to tapes and restore data from tapes.

Cloud Infrastructure

Displays components of the Veeam Cloud Connect infrastructure. This view can be used by SP to manage TLS certificates, configure cloud gateways and create accounts for users who plan to work with cloud resources.

Files

Displays a file tree for servers connected to Veeam Backup & Replication, and is primarily used for file copying operations.

History

Displays statistics on operations performed with Veeam Backup & Replication. You can use this section for viewing statistics on performed tasks and reporting.

D

o

N

ot

D

up

lic

at

e

or

D

is

tr

ib ut e

Backup Infrastructure

Displays a list of backup infrastructure components: servers, hosts, backup proxies, backup repositories and so on. You can use this view for backup infrastructure setup — here you can configure backup infrastructure components that will be used for data protection and disaster recovery tasks.

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

77

lic

3.6.5. Working Area

at

e

or

D

is

tr

ib ut e

Module 3: Initial Configuration

D

o

N

ot

D

up

The working area of Veeam Backup & Replication displays a list of items relevant to a specific view. The working area looks different depending on the view that is currently open. For example, if you open the History view, the working area will display a list of job sessions and restore tasks performed with Veeam Backup & Replication. If you open the Virtual Machines view, the working area will display a list of virtual machines that reside on servers connected to Veeam Backup & Replication.

78

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 3: Initial Configuration

Labs for Module 3: Initial Configuration Before proceeding to the day-to-day operation sections, we need to configure the backup infrastructure for the lab.

Lab

ib ut e

Get into the Lab Action

Purpose

Connecting virtual infrastructure servers

Add a vSphere host and a Hyper-V host to Veeam Backup & Replication.

3.2

Configuring a backup proxy

Review the default backup proxy settings to understand its specifics.

3.3

Configuring a backup repository

Configure a main Scale-out Backup Repository™ and a remote backup repository for off-site transfers.

Setting up notifications

Set up notifications to receive email notifications that contain results on the jobs performed on the Veeam backup server.

is

D

or

e

3.4

tr

3.1

Setup locations

D

o

N

ot

D

up

3.5

lic

at

Ensure data sovereignty compliance that is required by various regulations, such as the General Data Protection Regulation (GDPR), by tagging production infrastructure and backup infrastructure objects with locations. Location tags are used to prevent accidental errors when configuring backup and replication jobs or performing out-of-place restores by issuing a warning when an action may result in a data sovereignty violation and by producing audit trails whenever such action is confirmed.

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

79

D

o

N

ot

D

up

lic

at

e

or

D

is

tr

ib ut e

Module 3: Initial Configuration

80

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 4: Protect

4. Protect

ib ut e

Veeam Backup & Replication produces image-level backups of virtual machines. It treats virtual machines as objects, not as a set of files. When you protect virtual machines, Veeam Backup & Replication copies a virtual machine image as a whole, at a block level. In this module, you will learn how to create backup, backup copy, VM copy, file copy and replication jobs. Additionally, you will also learn about the VeeamZIP and Quick Backup features.

4.1. 3-2-1 rule

tr

The main purpose of backup is to protect your data against disasters and VM failures. However, having one copy of a backup file does not provide the necessary level of safety. A backup file may get corrupted or lost, leaving you with not data to restore at all.

D

is

Backup experts claim that to build a successful data protection and disaster recovery plan, you must follow the 3-2-1 rule:

o

N

ot

D

up

lic

at

e

or

3: You must have three copies of a data in different locations. 2: You must use two different types of media to store copies of a backup file, for example, disk storage and tape. 1: You must keep at least one copy of a backup file offsite, for example, in the cloud or in the remote site.

D

Thus, according to the first statement of the 3-2-1 backup strategy, you must have 2 different copies of a backup file in different locations, plus your production VM data. In case a disaster strikes, multiple backup copies increase your chances in data restore.

4.2. Creating Backup Jobs To perform backup of VMs, you must create a backup job by means of the New Backup Job

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

81

Module 4: Protect

wizard. This section will guide you through all steps of the wizard and provide explanations for available options.

4.2.1. Before You Begin

ib ut e

Prior to creating a backup job, make sure you have set up all necessary backup infrastructure components for the job. During every job run, Veeam Backup & Replication checks disk space on the destination storage. If the disk space is below a specific threshold value, Veeam Backup & Replication will display a warning in the job session log. To specify the disk space threshold, select Options from the main menu. On the Notifications tab, specify the amount of free disk space required in a percentage.

is

or

D

Total size of VMs being backed up Frequency of backups Retention period for backups Whether the jobs will use forward or reverse incremental

tr

When estimating the amount of disk space required, you should know the following:

e

You must also make assumptions on compression and deduplication ratios, change rates, and other factors. The following figures are typical for most sites; however, it is important to understand your environment if there are exceptions:

lic

at

Compression and deduplication savings 2:1 or more; typical is 3:1 or better, but always be conservative when estimating required space. Typical change rate of 5% day; this can vary tremendously per server and some include additional space for one-off full backups, and so on.

D

up

Using the numbers above, you can estimate required disk space for any job. Besides, you should always give plenty of extra headroom for future growth, additional full backups, moving VMs, restoring VMs from tape, and so on.

N

ot

Note: With Veeam ONE, you can use the VM Change Rate Estimation report from the Infrastructure Assessment pack as a ballpark pre-deployment assessment of the potential amount of free space that should be available on the target repositories.

D

o

When adding the VMs to the job, to quickly find the necessary object, you can use the search field at the bottom of the Add Objects window. The available options are: Everything, Folder, Cluster, Host, Resource pool, VirtualApp or Virtual machine for the vSphere infrastrucutre. Everything, Folder, Host Group, SCVMM, Cluster, Host or Virtual machine for the Hyper-V infrastructure.

82

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 4: Protect

4.2.2. Backup Methods Veeam Backup & Replication provides the following methods for creating regular backup files:

ib ut e

Reverse incremental backup Incremental backup Forward incremental backup Forever forward incremental backup

Retention Policy

or

D

is

tr

Every successful job run creates a new restore point that lets you return your data to an earlier point in time. When you define retention policy, you specify how many restore points you want to keep and thus how ‘far’ you want to be able to roll back. Once the specified number is exceeded, the earliest restore point will be automatically removed. So if the retention policy is set to three and you already have three restore points, the fourth successful job run will generally delete the restore point created during the first job run.

lic

at

e

Note: When the allowed number of restore points in the backup chain is exceeded, Veeam Backup & Replication deletes the whole backup file, not separate VMs from it. For this reason, in some situation a certain VM may have fewer restore points in the backup chain than is specified in the retention policy settings. This can happen if a backup job processes a number of VMs or VM containers and some VMs or VM containers fail to be processed in some job sessions.

Reverse Incremental Backup

D

o

N

ot

D

up

Reverse incremental backup implies that during the first run of a backup job, a full backup of a VM is created. VM data is copied block by block, compressed at an appropriate compression level, and stored in a resulting full backup file (.vbk). All subsequent backups are incremental (that is, Veeam Backup & Replication copies only those data blocks that have changed since the last job run). During reverse incremental backup, Veeam Backup & Replication “injects” changes into the .vbk file to rebuild it to the most recent state of the VM. It also creates a reverse incremental backup file (.vrb) containing data blocks that are replaced when the full backup file is rebuilt. Therefore, the most recent restore point is always a full backup, and it gets updated after every backup cycle.

This backup method lets you perform forever-incremental backups and save disk space because you only have to store one full backup on the backup repository. If the number of restore points allowed by the retention policy is exceeded, Veeam Backup & Replication will simply delete the oldest reverse Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

83

Module 4: Protect

increment. Reverse incremental backup enables you to immediately restore a VM to the most recent state without extra processing because the most recent restore point is a full backup file. If you need to restore a VM to a particular point in time, Veeam Backup & Replication will apply the required .vrb files to the .vbk file to get to the required restore point.

ib ut e

Retention for Reverse Incremental Backup

or

D

is

tr

Using reverse incremental backup, Veeam Backup & Replication immediately deletes the earliest reverse increment as soon as it meets the retention policy. For example, if the retention policy is set to three restore points, two latest reverse increments and a full backup will be retained.

at

e

Incremental Backup

lic

Incremental Backup

D

up

During the first run of an incremental backup, Veeam Backup & Replication creates a full backup file (.vbk). During subsequent backups, it only gets changes that have taken place since the last performed backup (whether full or incremental) and saves them as incremental backup files (.vib) next to the full backup.

o D

How to set up

84

Forward Incremental-Forever Backup

The first full backup and a set of forward incremental backups following it + synthetic full and/or active full backups that “split” the backup chain into shorter series

The first and only full backup and a set of forward incremental backups following it

Select the Incremental backup mode in the job settings. Enable synthetic full backups and/or active full backups.

Select the Incremental backup mode in job settings. Do not enable synthetic full backups and/or active full backups.

N

Backup Chain

ot

Forward Incremental Backup

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 4: Protect

Forward Incremental-Forever Backup

- No synthetic operations – only write - The full backup chain is removed only after the last increment in the chain meets the retention policy - The best choice if company regulation and policies require you to regularly move a created backup file to tape or a remote site

- Always the indicated number of restore points - More load on storage (because when applying retention policy, the changes are injected to full backup – see Retention Policy for more details)

ib ut e

Specifics

Forward Incremental Backup

or

D

is

tr

Forever Forward Incremental Backup

at

e

The forever forward incremental backup method produces a backup chain that consists of the first full backup file (VBK) and a set of forward incremental backup files (VIB) following it. Veeam Backup & Replication creates a forever forward incremental backup chain in the following way:

ot

D

up

lic

1. During the first session of a backup job, Veeam Backup & Replication creates a full backup file on the backup repository. 2. During subsequent backup job sessions, Veeam Backup & Replication copies only VM data blocks that have changed since the last backup job session (full or incremental) and saves these blocks as an incremental backup file in the backup chain. 3. After adding a new restore point to the backup chain, Veeam Backup & Replication checks the retention policy for the job. If Veeam Backup & Replication detects an outdated restore point, it transforms the backup chain to make room for the most recent restore point.

o

N

Note: With Veeam Backup & Replication, you can easily switch between backup methods. Veeam Backup & Replication will not transform the previously created chain. Instead, it will create a new chain next to the existing one in the following manner:

D

1. If you switch from the reverse incremental method to the forward incremental method, Veeam Backup & Replication will create a set of incremental backups next to the reverse incremental chain. The full backup in the reverse incremental chain will be used as a starting point for produced increments 2. If you switch from the forward incremental method to the reverse incremental method, Veeam Backup & Replication will first create a full backup next to the incremental backup chain. At subsequent job cycles, Veeam Backup & Replication will transform this full backup and add reverse incremental backups to the chain.

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

85

Module 4: Protect

ib ut e

Forward Incremental Backup

tr

Retention for Forever Forward Incremental Backup

D

is

If the number of restore points in forever forward incremental backup chains exceeds the retention policy settings, Veeam Backup & Replication transforms the backup chain to make room for the most recent restore point.

or

For example: The retention policy is set to seven restore points.

N

ot

D

up

lic

at

e

When Veeam Backup & Replication detects that the number of allowed restore points is exceeded, it starts the transform process. Veeam Backup & Replication merges data blocks from the incremental backup copied on Monday into the full backup copied on Sunday. This way, the full backup file ‘moves’ one step forward – from Sunday to Monday.

D

o

The incremental backup copied on Monday becomes redundant and is removed from the chain.

As a result, you have a chain of a full backup as of Monday and six incremental backups Tuesday 86

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 4: Protect

through Sunday. That way, 3x I/O are performed: first the incremental backup is written to the repository on Sunday, then one read and one more write are executed in order to perform the transform process.

Retention for Forward Incremental Backup

ib ut e

To be able to restore from a forward incremental backup, you need to have a full backup and a chain of subsequent increments on disk. If you delete a full backup, the whole chain of increments will become useless. In a similar manner, if you delete any increment before the restore point to which you want to roll back, you won’t be able to restore your data (since later increments depend on earlier increments).

D

is

tr

For this reason, if you select forward incremental backup, in some days there will be more restore points on the disk than specified by your retention policy. Veeam Backup & Replication will remove the full backup chain only after the last increment in the chain meets your retention policy (which will happen once the retention policy reaches the next full backup).

or

For example: The retention policy is set to three restore points.

N

ot

D

up

lic

at

e

A full backup is performed on Sunday, incremental backups are performed Monday through Saturday, and a synthetic full backup is scheduled on Thursday. Although the policy is already breached on Wednesday, the full backup is not deleted because without it the chain of increments would be useless, leaving you without any restore point at all. Thus, Veeam Backup & Replication will wait for the next full backup and two increments to be created, and only then delete the whole previous chain consisting of the full backup and increment, which will happen on Saturday.

o

Active and Synthetic Full Backups

D

To let you get the most out of incremental backup, Veeam Backup & Replication enables you to create active full backups and schedule the creation of synthetic full backups on specific days. This may help you avoid long chains of increments, ensure safety of backup data, and allow you to meet the requirements of your retention policy.

Active Full Backup In some cases, you need to regularly create a full backup. For example, your corporate backup policy Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

87

Module 4: Protect

may require that you create a full backup on weekends and run incremental backup on work days. To let you conform to these requirements, Veeam Backup & Replication offers the ability to periodically perform active full backups. The active full backup produces a full backup of a VM, just as if you ran the backup job for the first time. Veeam Backup & Replication retrieves data for the whole VM from the source, compresses and deduplicates it, and stores it to the full backup file – .vbk.

or

D

is

tr

ib ut e

The active full backup resets the chain of increments: all subsequent increments use the latest active full backup as a new starting point. A previously used full backup file remains on disk until it is automatically deleted according to the backup retention policy.

at

e

You can create active full backups manually or schedule a backup job to create active full backups with a certain periodicity.

up

lic

To create an active full backup manually, use the Active Full command from the shortcut menu of a corresponding backup job. To schedule active full backups, specify scheduling settings in the Advanced section of a corresponding backup job. You can schedule active full backups to run weekly, for example, every Saturday, or monthly, for example, every fourth Sunday of a month.

N

ot

D

Having active fulls together with the forward incremental backup methods is generally a good method when the backup repository performance is weak – that way, only sequential writes to the backup repository are performed – no transforms. However, additional time and load at the production storage are involved in that case as creating a full backup might be time, network bandwidth and resources consuming.

o

Synthetic Full Backup

D

In some situations, running active full backups periodically may not be an option. Active full backups are very resource-intensive and consume considerable amount of network bandwidth. As an alternative, you can create synthetic full backups. In terms of data, the synthetic full backup is identical to an active full backup. The synthetic full backup is a .vbk file that contains data from the whole VM. The difference between these two backup types lies in the way VM data is retrieved:

88

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 4: Protect

Active Full Backup

Synthetic Full Backup

ib ut e

Veeam Backup & Replication retrieves VM data from the source datastore (volume) where the VM resides, compresses and deduplicates it, and writes it to the .vbk file on the backup repository.

Veeam Backup & Replication does not retrieve VM data from the source datastore (volume). Instead, it “synthesizes” a full backup from data you already have on the backup repository. Veeam Backup & Replication accesses the previous full backup file and a chain of subsequent increments on the backup repository, consolidates VM data from these files and writes consolidated data into a new full backup file. As a result, the created synthetic full backup file contains the same data you would have if you created a full backup in a regular manner.

tr

That way, you can minimize the load on the production storage during backup process, while still maximizing the number of available restore points if any backup file should become corrupt.

D

is

Veeam Backup & Replication treats a synthetic full backup as a regular full backup. As well as any other full backup, the synthetic full backup resets the chain of increments. All subsequent increments use the created synthetic full backup as a new starting point. A previously used full backup file remains on disk until it is automatically deleted according to the backup retention policy.

or

The synthetic full backup has a number of advantages:

e

Does not use network resources: It is created from backup files you already have on disk. Imposes less load on the production environment: It is created right on the backup repository.

lic

at

With Veeam Backup & Replication, you can schedule creation of synthetic full backups on specific days.

up

For example: You can configure a backup job to perform daily forward incremental backups and schedule synthetic fulls on Thursday.

ot

D

Veeam Backup & Replication will perform incremental backups Sunday through Wednesday as usual. On Thursday it will perform a synthetic full backup in the following way:

D

o

N

1. Veeam Backup & Replication will first perform incremental backup in the regular manner. 2. At the end of the backup job, the Veeam data mover service on the backup repository will build a new synthetic full backup from the backup files you already have on disk: the full backup created on Sunday and a chain of increments, Monday through Wednesday plus the new increment created on Thursday. 3. The Veeam data mover service will delete the increment created on Thursday.

As a result, you will have a backup chain consisting of the full backup created on Sunday, three increments created on Monday through Wednesday and a synthetic full backup created on Thursday.

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

89

ib ut e

Module 4: Protect

tr

Every next run of the backup job will create an incremental backup starting from the synthetic full backup until next Thursday. On the next Thursday, Veeam Backup & Replication will create a new synthetic full backup.

or

D

is

Note: Veeam Backup & Replication creates a synthetic full backup only once a day on which it is scheduled. If you run the backup job again on Thursday, Veeam Backup & Replication will perform incremental backups in the regular manner.

lic

at

e

Note: You can schedule to perform a synthetic full backup from time to time for an incremental backup method. This is why incremental backup is more preferrable for remote backups - with reverse incremental you'd have to perfrom an active full from time to time, which is a bigger load on the network.

up

Transforming Incremental Backup Chains into Reversed Incremental Backup Chains

D

If you select to create synthetic full backups, you can additionally choose to transform a previous forward incremental backup chain into a reverse incremental backup chain. In this case, Veeam Backup & Replication will transform the latest backup chain consisting of the .vbk and .vib files into reverse incremental backups – .vrb files.

o

N

ot

The transform option lets you dramatically reduce the amount of space required to store backups. Instead of two full backups – the regular full backup and the synthetic full backup – you will have only one synthetic full backup on disk. Note, however, that the transform process takes more time than simply creating a periodic synthetic full backup.

D

For example: You have configured a backup job to perform daily forward incremental backups and scheduled synthetic fulls on Thursday.

Additionally, you have selected to transform the incremental backup chain into the reverse incremental backup sequence. The backup job starts on Sunday. In this case, Veeam Backup & Replication will perform backup in the following way: 1. On Sunday, Veeam Backup & Replication will create a full backup; Monday through Wednesday Veeam Backup & Replication will create incremental backups and add them to the 90

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 4: Protect

or

D

is

tr

ib ut e

backup chain. 2. On Thursday, Veeam Backup & Replication will first create an incremental backup in the regular manner and add it to the backup chain. 3. After that, Veeam Backup & Replication will transform the incremental backup chain into the reverse incremental chain. As a result, you have a full backup “created” on Thursday and a set of reverse increments Sunday through Wednesday. 4. When you run the backup job next time, Veeam Backup & Replication will add a new incremental backup to the chain; the synthetic full backup will be used as a starting point.

lic

at

e

Veeam Backup & Replication always transforms only the latest incremental backup chain. For example, you have a backup chain that consists of one full backup file and set of increments. In the middle of the chain, you create an active full backup. When you run a transformation task, Veeam Backup & Replication will transform the most recent active full backup plus increments that follow it. All backups that precede the active full backup will stay intact.

up

Note: The transform process is accounted for as an active backup repository task. Make sure you properly plan for use of backup repository resources when you schedule backup jobs.

D

Retention Policy for Deleted VMs

D

o

N

ot

In some situations, after you configure and run backup jobs in Veeam Backup & Replication, you may want to change something in your virtual environment or even in your backup strategy. For example, you may remove some VMs from the virtual infrastructure or move them to some other location. You may also exclude some VMs from jobs that have already been running for some time.

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

91

at

e

or

D

is

tr

ib ut e

Module 4: Protect

up

lic

By default, when you remove a VM protected by Veeam Backup & Replication from the virtual infrastructure or exclude it from a job, its backup files still remain on the backup repository. To avoid keeping redundant data on disk, you can select to control retention policy for deleted VMs.

D

The retention policy for deleted VMs is an option in the backup job settings. By default, this option is disabled. To use this option, you need to select the Remove deleted VMs data from backup after check box and specify the desired period of time for which the data must be retained on the backup repository.

N

ot

If you enable retention policy for deleted VMs in backup job settings, Veeam Backup & Replication performs the following actions:

D

o

1. If all VMs in the job are processed with the Success status, at the end of the backup job session Veeam Backup & Replication gets a list of VMs in the backup. 2. For every VM in the backup, Veeam Backup & Replication checks the configuration database and gets the date of the latest backup job session completed with the Success status. 3. Veeam Backup & Replication checks if any VM in the backup meets the following conditions: There are no successful backups for the VM for the last N days. There are no corrupted backups for the VM for the last N days. Where N is the number of days specified in the Remove deleted VMs data after N days setting. 1. If both conditions are true for some VM, Veeam Backup & Replication removes data for this VM from the backup. When Veeam Backup & Replication removes data for deleted VMs, it does not

92

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 4: Protect

free up space on the backup repository. It marks the space as available to be overwritten, and this space is overwritten during subsequent job sessions or the backup file compact operation.

ib ut e

Important! Retention policy for deleted VMs is applied to reverse incremental backup chains, forever forward incremental backup chains and forward incremental backup chains for which synthetic full backups with subsequent transform is enabled.

4.2.3. Changed Block Tracking (CBT)

tr

To perform incremental backups, Veeam Backup & Replication needs to know which data blocks have changed since the previous job run.

is

For VMware

up

lic

at

e

or

D

For VMware VMs with hardware version 7 or later, Veeam Backup & Replication employs VMware vSphere Changed Block Tracking (CBT) – a native VMware feature. Instead of scanning VMFS, Veeam Backup & Replication queries CBT on vSphere through VADP and gets the list of blocks that have changed since the last run of this particular job. Using CBT increases the speed and efficiency of block-level incremental backups. CBT is enabled by default; if necessary, you can disable it in the settings of a specific backup job.

D

o

N

ot

D

In some situations, Veeam Backup & Replication cannot leverage VMware vSphere CBT due to VMware limitations. Whenever Veeam Backup & Replication cannot leverage VMware vSphere CBT (for example, if your VMs run an earlier version of virtual hardware or CBT is disabled at the ESXi host level), the filtering is still performed. Instead of tracking changed blocks of data, Veeam Backup & Replication filters out unchanged data blocks. During backup, Veeam Backup & Replication consolidates virtual disk content, scans through the VM image and calculates a checksum for every data block. Checksums are stored as metadata to backup files next to VM data. When incremental backup is run, Veeam Backup & Replication opens all backup files in the chain of previous full and incremental backups, reads metadata from these files and compares it with checksums calculated for a VM in its current state. If a match is found (which means the block already exists in the backup), the corresponding block is filtered out. The time of processing using Veeam filtering mechanism will increase though compared to the time of processing when using vSphere CBT.

For Microsoft Hyper-V When Veeam Backup & Replication performs incremental backup, it needs to know what data blocks have changed since the previous job session. To get the list of changed data blocks, Veeam Backup & Replication uses the Changed Block Tracking mechanism (CBT). CBT increases the speed and efficiency of incremental backups. Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

93

Module 4: Protect

Veeam Backup & Replication uses CBT for the following operations: Backup Replication Entire VM restore

ot

D

up

lic

at

e

or

D

is

tr

ib ut e

CBT is enabled by default. You can disable it either at the host level or at the job level for troubleshooting purposes. Note that if you choose to run incremental jobs with CBT disabled, the backup window may increase dramatically, as Veeam Backup & Replication will read all VM data to detect what blocks have changed since the last job session.

N

To keep track of changed data blocks, Veeam Backup & Replication uses the following mechanisms:

D

o

For VMs on Microsoft Hyper-V Servers 2012 R2 and earlier: Veeam proprietary changed block tracking mechanism (CBT) For VMs on Microsoft Hyper-V Server 2016: Resilient Changed Tracking (RCT)

Veeam CBT The CBT mechanism is implemented as a file system filter driver — Veeam CBT driver. The driver is installed on every Microsoft Hyper-V host added to the backup infrastructure. The driver is activated when the host is first addressed by a job for which CBT is enabled. The Veeam CBT driver keeps track of changed data blocks in virtual disks. Information about changed data blocks is registered in special CTP files. When a job runs, Veeam Backup & Replication 94

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 4: Protect

uses CTP files to find out what data blocks have changed since the last run of the job, and copies only changed data blocks from the disk image. CTP files are stored in the C:\ProgramData\Veeam\CtpStore folder on standalone Microsoft Hyper-V hosts or on every node of the Microsoft Hyper-V cluster. The CtpStore folder contains a set of subfolders — one for every processed VM, in which the following files are stored:

ib ut e

CTP files. These files are used by the Veeam CBT driver to keep track of changed data blocks. For every VHD/VHDX or AVHD/AVHDX file of a VM, there is a separate CTP file. notes.txt file. This file contains basic information about the VM such as VM name and ID, and describes for which VHD/VHDX files changed block tracking is enabled.

tr

If a Microsoft Hyper-V VM is registered as a cluster resource, the Veeam CBT driver operates on all cluster nodes that have access to VM disks on the CSV. When a job runs, Veeam Backup & Replication copies CTP files to the temporary folder on the backup proxy used by the backup job.

or

D

is

If backup or replication is performed in the on-host backup mode, CTP files are copied to the Microsoft Hyper-V host performing the role of the on-host backup proxy. If backup is performed in the off-host backup mode, CTP files are copied to the off-host backup proxy.

lic

Resilient Changed Tracking

at

e

Important! If you process VMs on a Microsoft Hyper-V cluster, make sure that all cluster nodes are online. If cluster nodes are in the maintenance mode, have the cluster service stopped, are powered off or not accessible, CBT will not work. For more information about other requirements for VMs on clusters and SMB3 storage, see https://www.veeam.com/kb1934.

D

up

For VMs running on Microsoft Hyper-V Server 2016, Veeam Backup & Replication uses Resilient Change Tracking, or RCT. RCT is a native Microsoft Hyper-V mechanism for changed block tracking in virtual hard disks of VMs. The RCT mechanism is used only if the Microsoft Hyper-V environment meets the following requirements:

o

N

ot

VMs run on Microsoft Hyper-V Server 2016. [For Microsoft Hyper-V clusters] All hosts in the cluster are upgraded to Microsoft Hyper-V Server 2016, and the cluster functional level is upgraded. If at least one node in a cluster is not upgraded to Microsoft Hyper-V Server 2016, Veeam Backup & Replication uses its native driver for changed block tracking. VM configuration version is upgraded to 8.

D

For backup and replication with RCT, Veeam Backup & Replication uses the following mechanism: 1. Veeam Backup & Replication triggers Microsoft Hyper-V to create a checkpoint for a processed VM. The checkpoint is used as a data source for backup and replication. 2. At the end of VM processing, before a checkpoint is merged with the base VM disk, Microsoft Hyper-V converts the checkpoint to a reference point. The reference point can be thought of as a point-in-time representation of the VM disk state. 3. When Veeam Backup & Replication performs incremental backup or replication, it creates a new checkpoint for the VM that is used as a data source. Veeam Backup & Replication queries Microsoft Hyper-V to get incremental changes between the reference point created during the

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

95

Module 4: Protect

previous job session and checkpoint created during the current job session. 4. Veeam Backup & Replication copies only changed data blocks from the created checkpoint and saves them in an incremental backup file. To guarantee persistence of CBT data, Microsoft RCT maintains 3 bitmaps with CBT data:

ib ut e

In-memory bitmap contains the most granular CBT data. RCT file contains less granular CBT data than the in-memory bitmap. The RCT file is used if the CBT data in the in-memory bitmap is not available during normal operational situations, for example, a VM is moved to another host. The RCT file size never exceeds 6 MB. MRT file has the coarsest granularity level. The RCT file is used if the CBT data in the inmemory bitmap is not available during abnormal operational situations, for example, power loss or host crash.

tr

RCT and MRT files are created for every VM disk and stored at the VM disk level.

is

CBT Reset

e

or

D

In some cases, CBT data may get corrupted — as a result, Veeam Backup & Replication will fail to process VMs with changed block tracking. To reset CBT data for individual VMs or specific VHD/VHDX files, you can use the Reset-HvVmChangeTracking PowerShell cmdlet. For more information, see the Veeam PowerShell reference guide at https://www.veeam.com/documentation-guides-datasheets.html.

lic

at

Note: Keep in mind that CBT data is reset when you perform product upgrade. When you run a backup job for the first time after upgrade, Veeam Backup & Replication will not use changed block tracking. Instead, it will scan the VM image to learn what data blocks have changed.

up

4.2.4. Data size optimization

D

To decrease traffic and disk space required for storing backup files, Veeam Backup & Replication provides mechanisms of compression and deduplication.

ot

Compression

o

N

Compression decreases the size of created backups but affects the duration of the backup procedure. Veeam Backup & Replication allows you to select one of the following compression levels:

D

Level

Recommendations

None

When using storage devices with hardware compression and deduplication tools to store created backups

Dedupe-friendly

Optimized compression level for very low CPU usage. Recommended if you want to decrease the proxy load.

Optimal (default setting)

Recommended compression level that provides the best ratio between the size of the backup file and time of the backup procedure.

96

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 4: Protect

Level

Recommendations Provides additional 10% compression ratio over Optimal, but at the cost of about 10x higher CPU usage. May reduce overall backup performance.

Extreme

Provides the smallest size of the backup file but reduces backup performance. We recommend running backup proxies on computers with modern multi-core CPUs (6 cores recommended) if you intend to use the extreme compression.

ib ut e

High

Deduplication

D

is

tr

You can apply deduplication when backing up multiple VMs that have similar data blocks (for example, if VMs were created from the same template) or great amount of free space on their logical disks. Veeam Backup & Replication does not store zero byte blocks or space that has been preallocated but not used. With deduplication, identical blocks or blocks of free space are eliminated, which decreases the size of the created backup file. Thus the disk space required for backups is reduced.

or

Depending on the type of storage you select as a backup target, Veeam Backup & Replication uses data blocks of different size to process VMs, which optimizes the size of a backup file and job performance. If you’re using storage devices with hardware compression and deduplication tools to store created backups, it is recommended to select “None” level.

at

e

You can choose one of the following storage optimization options: When recommended

Details

If you select to use small data blocks to dedupicate a large backup file, the backup file will be cut into a great number of data blocks. As a result, Veeam Backup & Replication will produce a very large deduplication metadata table which can potentially overgrow memory and CPU resources of your backup repository. With this option selected, Veeam Backup & Replication will use data blocks of 4 MB. Large data blocks produce a smaller metadata table that requires less memory and CPU resources to process. Note, however, that this storage optimization option will provide the lowest deduplication ratio and the largest size of incremental backup files.

D

Recommended for backup jobs that can produce very large full backup files – larger than 16 TB

o

N

ot

Local target (16 TB + backup size)

up

lic

Option

The SAN identifies larger blocks of data (1024 KB) and therefore can process large amounts of data at a time. This option provides the fastest backup job performance but reduces the deduplication ratio, because with larger data blocks it is less likely to find identical blocks.

LAN target

Recommended for backup to NAS and onsite backup

This option provides a better deduplication ratio and reduces the size of a backup file because of reduced data block sizes (512 KB).

D

Local target

Recommended for backup to SAN, DAS or local storage

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

97

Module 4: Protect

Option

Details

Recommended if you are planning to use WAN for offsite backup

Veeam Backup & Replication will use small data blocks (256 KB), which will result in the maximum deduplication ratio and the smallest size of backup files, allowing you to reduce the amount of traffic over the WAN connection.

ib ut e

WAN target

When recommended

Note: Changing the compression level and deduplication settings in an existing job will not have any effect on previously created backup files. It will affect only those backups that will be created after you set the new settings:

is

tr

New compression settings are applied at the next run of the job. New deduplication settings are applied only after a new active full backup is created

or

D

Note: Note: If you upgrade to Veeam Backup & Replication 9.0 from a previous product version, this option will be displayed as Local target (legacy 8MB block size) in the list and will still use block size of 8MB. It is recommended that you switch to an option that uses a smaller block size and create an active full backup to apply the new setting.

at

e

Zeroing Out Dirty Blocks

up

lic

When Veeam Backup & Replication performs backup or replication, it copies data of the VM image at the block level. The copied data contains all data of the VM, including data blocks that are marked as deleted on the VM guest OS. Such blocks are also known as dirty blocks or Deleted File Blocks.

D

Important! Veeam Backup & Replication can exclude deleted file blocks only on the VM guest OS with Microsoft NTFS.

ot

This option is enabled by default and excluding deleted file blocks in backup or replica leads to:

N

Reduced size of backup or replica. Possible increase in the job performance.

D

o

If you do not want to exclude deleted file blocks from backups or replicas, you can disable the Exclude deleted file blocks option in the backup or replication job settings. With this option enabled, Veeam Backup & Replication performs the following operations during the job session: 1. Veeam Backup & Replication accesses the MFT file on the VM guest OS to identify deleted file blocks, and zeros out these blocks. 2. Veeam Backup & Replication processes and transports data blocks of the VM image in the following manner: If a data block of the VM image contains only the deleted file blocks, Veeam Backup & 98

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 4: Protect

tr

ib ut e

Replication does not read this data block from the source volume. If a data block of the VM image contains zeroed out blocks and other data, Veeam Backup & Replication copies this block to the target. Due to data compression, data blocks that are marked as deleted are compressed, and the size of the resulting backup or replica file reduces.

D

is

Note: If you enable or disable the Exclude deleted file blocks setting for the existing job, Veeam Backup & Replication will apply the new setting from the next job session.

or

4.2.5. Data Encryption

lic

At source

at

e

Data security is an important part of the backup strategy. You must protect your information from unauthorized access, especially if you back up sensitive VM data to offsite locations or archive it to tape. To keep your data safe, you can use data encryption. The following types of encryption are used in Veeam Backup & Replication:

Who does the encryption

ot

Reads the data and encrypts the files that are sent to the repository, which writes the files as it receives them (already encrypted)

D

o

N

Process

At rest

Data Mover Service at the source proxy

Tape Device

Source Data Mover Service encrypts before sending, target decrypts when receiving

Hardware level: Library- and driver-managed encryption mechanisms provided by the tape vendor (preferred and tried first for tape media). This will cause double encrypted backups, if source backup is already encrypted Software level: The encryption mechanism provided by Veeam

D

up

Data Mover Service at the source proxy

In flight

Note: In Veeam Backup & Replication, encryption works at the job level and can be enabled for the following types of jobs: backup job, backup copy job, tape jobs (backup to tape job and file to tape job), and VeeamZIP. Veeam Backup & Replication uses the following industry-standard data encryption algorithms: Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

99

Module 4: Protect

ib ut e

To encrypt data blocks in backup files and files archived to tape, Veeam Backup & Replication uses the 256-bit AES with a 256-bit key length in the CBC-mode. To generate a key based on a password, Veeam Backup & Replication uses the PasswordBased Key Derivation Function, PKCS #5 version 2.0. Veeam Backup & Replication uses 10,000 HMAC-SHA1 iterations and a 512-bit salt. For Microsoft Windows-based repositories, Veeam Backup & Replication uses the Windows Crypto API, complying with the Federal Information Processing Standards (FIPS 140). For Linux-based repositories, Veeam Backup & Replication uses a statically linked OpenSSL encryption library, without the FIPS 140 support.

tr

To encrypt data in backups and files, Veeam Backup & Replication employs a symmetric key encryption algorithm. The symmetric, or single-key encryption algorithm, uses a single, common secret key to encrypt and decrypt data. Before data is sent to target side, it is encoded with a secret key. To restore encrypted data, you must have the same secret key. Users who do not have the secret key cannot decrypt data and get access to it.

D

is

When you enable encryption for a job, you must define a password to protect data processed by this job, and define a hint for the password. The password and the hint are saved in the job settings. Based on this password, Veeam Backup & Replication generates a user key.

e

or

During the encryption process, Veeam Backup & Replication saves a hint for the password to the encrypted file. When you decrypt a file, Veeam Backup & Replication displays a hint for the password that you must provide. After you enter the password, Veeam Backup & Replication derives a user key from the password and uses it to unlock the storage key for the encrypted file.

lic

at

According to the security best practices, you must change passwords for encrypted jobs regularly. When you change a password for the job, Veeam Backup & Replication creates a new user key and uses it to encrypt new restore points.

D

up

Important! You must always remember passwords set for jobs or save these passwords in a safe place. If you lose or forget the password, you can restore data from a backup file by issuing a request to Veeam Backup Enterprise Manager.

ot

4.2.6. Transaction Consistency

D

o

N

When you perform backups of a running VM, it is necessary to quiesce (or ‘freeze’) it to bring the file system and application data to a consistent state suitable for backup. Backing up a VM without quiescence produces a crash-consistent backup. Restoring a crash-consistent backup is essentially equivalent to rebooting a server after a hard reset. In contrast to it, restoring transactionally consistent backups (produced with VM data quiesced) ensures the safety of data for applications running on VMs.

VMware vSphere To create transactionally consistent backup images of VMware vSphere VMs, Veeam Backup & Replication provides two options: application-aware processing (utilizing Windows VSS framework) and VMware Tools quiescence. 100

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 4: Protect

Important! VMware Tools quiescence does not support log truncation recommended for highlytransactional applications like Exchange Server or SQL Server. That is why application-aware processing utilizing Windows VSS as the recommended option to use for backup and replication of Exchange Server, Active Directory and other VSS-aware applications.

Persistent Snapshots

ib ut e

As it was mentioned earlier, during application-aware processing, Veeam Backup & Replication utilizes a VSS writer for a corresponding application to freeze application data and bring it to a consistent state suitable for backup.

D

is

tr

According to Microsoft limitations, the application freeze cannot take longer than 60 seconds (20 seconds for Microsoft Exchange). If the VSS writer does not manage to freeze application data within this period of time, a VSS processing timeout occurs, and Veeam Backup & Replication fails to create a transactionally consistent backup for the VM.

or

For example: The VSS processing timeout is a common problem for highly transactional applications such as Microsoft Exchange.

at

e

To overcome this limitation, Veeam Backup & Replication utilizes the Microsoft VSS persistent snapshots technology for backup of Microsoft Exchange VMs. If Microsoft Exchange fails to be frozen within the allowed period of time, Veeam Backup & Replication automatically fails over to the persistent snapshot mechanism. The backup operation is performed in the following way:

N

ot

D

up

lic

1. Veeam Backup & Replication triggers the Microsoft VSS framework to prepare Microsoft Exchange inside the VM for backup. 2. The Microsoft VSS writer attempts to quiesce Microsoft Exchange. If the Microsoft VSS writer fails to do it within the allowed period of time, the control is passed to the native Veeam VSS writer. The Veeam VSS writer holds the freeze operation for the necessary amount of time. 3. After Microsoft Exchange data is brought to a consistent state, the control is passed to the Microsoft VSS provider. The Microsoft VSS framework creates a persistent VSS snapshot for VM disks except system VM disks. 4. The rest of the backup operation is performed in a regular way. 5. After the backup operation is complete, Veeam Backup & Replication triggers Microsoft VSS to remove a persistent VSS snapshot on the production VM. The persistent VSS snapshot holding consistent application data still remains inside the created VM backup.

D

o

During full VM restore, Veeam Backup & Replication recovers data from the VM backup and reverts VM disks to the persistent VSS snapshot inside the backup. As a result, the Microsoft Exchange VM is restored from the backup in a consistent state without any data loss. Veeam Backup & Replication uses the persistent VSS snapshot technology if the VM meets the following requirements: The VM runs Microsoft Exchange 2010, Microsoft Exchange 2013 or Microsoft Exchange 2016. The VM does not perform the role of a domain controller. Microsoft Exchange databases and log files are located on a non-system disk of the VM. During

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

101

Module 4: Protect

backup, Veeam Backup & Replication does not trigger a persistent VSS snapshot for system VM disks. As a result, system disks are restored in a crash-consistent, not transactionally consistent state.

Snapshot Hunter

tr

ib ut e

The Snapshot Hunter (available for VMware vSphere) is a Veeam technology used to detect and remove orphaned snapshots that may remain after backup or replication job sessions . The Snapshot Hunter addresses the problem of “phantom” snapshots. Under some circumstances, VMware vSphere can report a successful removal of a snapshot but the snapshot actually remains on the datastore. Phantom snapshots can take substantial space on the datastore or impact VM performance. They can even cause the production VMs to stop if the datastore runs out of free space.

D

is

To solve the problem of phantom snapshots, Veeam Backup & Replication starts the Snapshot Hunter during each backup or replication job session. The Snapshot Hunter looks for snapshot files not registered in vSphere. If there are no orphaned files, the Snapshot Hunter stops. If orphaned snapshot files are detected, the Snapshot Hunter removes them in the background mode.

or

The Snapshot Hunter runs in jobs that use VMware VM snapshots:

lic

at

e

Backup jobs: regular backup, backup from storage snapshot, vCloud Director backup Replication jobs (the source VM snapshot): regular replication, replication from storage snapshot VeeamZIP

Guest Interaction Proxy

D

up

To interact with the VM guest OS during the backup or replication job, Veeam Backup & Replication needs to deploy a runtime process in each VM. Guest OS interaction is performed if you enable the following options:

N

ot

Application-aware processing Guest file system indexing Transaction logs processing

o

Previously, the runtime process was deployed by the backup server. This could potentially cause the following problems:

D

Increased load on the backup server. Decrease in the job performance if the connection between two sites was slow. Inability to process VMs to which the backup server had no network connection.

Since v9 the task of deploying the runtime process in a Microsoft Windows VM is performed by the guest interaction proxy. The guest interaction proxy is a backup infrastructure component that sits between the backup server and processed VM. The guest interaction proxy deploys the runtime process in the VM and sends commands from the backup server to the VM.

102

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 4: Protect

Note: Veeam Backup & Replication does not deploy persistent agents inside VMs. Instead, it uses a runtime coordination process on every VM that is started once the backup operation is launched, and removed as soon as it is finished. This helps avoid agent-related drawbacks such as preinstalling, troubleshooting and updating. Runtime coordination process is used for both Linux and Windows VMs.

ib ut e

The guest interaction proxy allows you to communicate with the guest OS even if the backup server and processed VM run in different networks. As the task of runtime process deployment is assigned to the guest interaction proxy, the backup server only has to coordinate job activities. During the job session with Microsoft Windows VM guest OS interaction, Veeam Backup & Replication performs the following operations:

or

D

is

tr

1. The backup server defines the machine that will perform the guest interaction proxy role. 2. The guest interaction proxy accesses the Microsoft Windows VM and deploys a runtime process responsible for guest OS interaction. 3. The VM processing proceeds with the usual scenario. 4. Once the job session completes, the backup server instructs the guest interaction proxy to delete the runtime process from the VM.

N

ot

D

up

lic

at

e

In case network connection breaks when the job is running, Veeam Backup & Replication will make attempts to reconnect.

D

o

Important! The guest interaction proxy deploys the runtime process only in a Microsoft Windows VM. In a VM with another guest OS, the runtime process will be deployed by the Veeam Backup Server.

To perform the role of guest interaction proxy, the machine must meet the following requirements: It must be a Microsoft Windows machine (physical or virtual). You must add it to the Veeam Backup & Replication console as a managed server. It must have a LAN or VIX connection to the VM that will be backed up or replicated.

Important! The Guest Interaction Proxy functionality is available in the Enterprise and Enterprise Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

103

Module 4: Protect

Plus Editions of Veeam Backup & Replication. In Standard Edition the runtime process will be deployed by the Veeam Backup Server. Guest Interaction Proxy Selection

ib ut e

When you add a Microsoft Windows machine to the backup infrastructure, Veeam Backup & Replication deploys the Data Mover Service on it. The Data Mover Service includes the components responsible for runtime process deployment during guest OS interaction.

tr

To assign a guest interaction proxy for the job, you must select a Microsoft Windows machine that will perform the role of the guest interaction proxy at the Guest Processing step of the backup or replication job wizard. You can assign the guest interaction proxy manually, or let Veeam Backup & Replication do it automatically. Veeam Backup & Replication uses the following priority rules to select the guest interaction proxy:

or

D

is

1. A machine in the same network as the protected VM that does not perform the backup server role. 2. A machine in the same network as the protected VM that performs the backup server role. 3. A machine in another network that does not perform the backup server role. 4. A machine in another network that performs the backup server role.

e

If Veeam Backup & Replication finds several available machines of equal priority, it selects the less loaded machine. The load is defined by the number of tasks that the machine already performs.

up

Microsoft Hyper-V

lic

at

If the guest interaction proxy fails to connect to a Microsoft Windows VM, the guest interaction proxy will not be able to access the VM and deploy a runtime process in it. In this case, the backup server will take over the role of guest interaction proxy and deploy the runtime process in the VM.

ot

D

To create a transactionally consistent backup of Hyper-V VMs, Veeam Backup & Replication uses the VSS framework. The Hyper-V VSS writer coordinates its operations with the Hyper-V Integration Services running inside the backed up VM to quiesce VM operations and create a stable shadow copy of the volume. This approach is also known as Hyper-V online backup.

D

o

N

Veeam Backup & Replication performs host-based backups of Hyper-V VMs. In contrast to traditional backup tools that deploy an agent inside the VM guest OS and back up from within the VM, Veeam Backup & Replication uses a Veeam data mover service running on the Hyper-V host or a Veeam data mover service running on the off-host backup proxy. A VM is treated as an object from the perspective of the Hyper-V host – Veeam Backup & Replication captures the VM configuration and state along with VM VHD/VHDXs and creates an image-based backup of the VM. To perform backups of Hyper-V VMs, Veeam Backup & Replication leverages the VSS framework and Hyper-V VSS components. It acts as a VSS requestor and communicates with the VSS framework. Veeam Backup & Replication obtains from VSS information about available VSS components, prescribes what components should be used, identifies volumes where files of the necessary VMs are located, and triggers the VSS coordinator to create volume snapshots. Before a snapshot of a volume is created, VMs on the volume must be prepared for the snapshot –

104

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 4: Protect

that is, data in the VM must be in a state suitable for backup. Veeam Backup & Replication uses three methods to quiesce Hyper-V VMs on the volume: online backup, offline backup and crash-consistent backup.

ib ut e

Whenever possible, Hyper-V VSS uses online backups to quiesce VMs. If online backups cannot be performed, one of the other two methods is used to prepare a VM for a volume snapshot. By default, Veeam Backup & Replication fails over to the crash-consistent backup if online backup is not possible. However, you can configure your backup jobs to use the offline backup method instead.

Pre-Freeze and Post-Thaw Scripts

is

tr

If you plan to back up VMs running applications that do not support VSS, you can instruct Veeam Backup & Replication to run custom pre-freeze and post-thaw scripts for these VMs. Prefreeze scripts quiesce the VM file system and application data to bring the VM to a consistent state before Veeam Backup & Replication triggers a VMware VM snapshot. After the VM snapshot is committed, post-thaw scripts bring the VM and applications to their initial state.

at

e

or

D

To run pre-freeze and post-thaw scripts, you must create them beforehand and specify paths to them in the job settings. When the job starts, Veeam Backup & Replication will upload these scripts to the VM guest OS and execute them. Scripts for Microsoft Windows VMs are uploaded over the network or VIX, if Veeam Backup & Replication fails to connect to the VM guest OS over the network. Scripts for Linux VMs are uploaded over SSH.

lic

Truncation of transaction logs

up

If you are performing a backup of database systems that use transaction logs, for example, Microsoft Exchange or Microsoft SQL or Oracle you can select to truncate transaction logs so that logs do not overflow the storage space. Veeam Backup & Replication provides the following options of transaction logs handling: Result

If a backup job completes successfully, Veeam Backup & Replication produces a VM backup file and truncates transaction logs on the production database system.

You can recover a database to the point in time when the backup file was created.

For a non-SQL VM and when it’s not required to be able to restore to any point of time between backups.

Veeam Backup & Replication produces a backup file and does not trigger transaction log truncation.

You can use transaction logs to restore the VM to any point in time between backups.

If together with Veeam Backup & Replication, you use another backup tool to maintain consistency of the database state.

ot

D

What

D

o

N

Truncate transaction logs upon successful backup.

Do not truncate transaction logs

When

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

105

Module 4: Protect

Back up transaction logs with Veeam Backup & Replication (for Oracle and Microsoft SQL only)

Result

Veeam Backup & Replication creates a backup of a VM and additionally ships transaction logs and saves them to the backup repository next to the VM backup.

You can use transaction logs to restore the VM to any point in time between backups.

When

When you are backing up a Microsoft SQL or Oracle VM with no other backup tool and you want to be able to restore to any point of time between backups.

ib ut e

What

D

is

tr

Important! To be able to back up the SQL transaction logs make sure that Full or Bulk-logged recovery model is enabled for that server and no other backup tool truncates the SQL server logs files. To be able to back up the Oracle transaction logs make sure that ARCHIVELOG mode is enabled for the Oracle database.

or

4.2.7. Scheduling

lic

at

e

When you create a job, you can simply start it manually whenever it is necessary. However, as the number of backup and replication jobs increases, it may become hard to keep track of them. Veeam Backup & Replication provides a number of job scheduling options which enables you to set up automatic startup schedules for jobs, automatic retries for failed jobs, and a backup window to limit the time when jobs are performed.

up

Automatic Startup Schedule

D

To perform a job on a regular basis, you can schedule it to start automatically. The Veeam Backup Service running on the backup server continuously checks configuration settings of jobs and starts them in accordance with their schedules.

o

N

ot

Jobs can also be scheduled to run continuously, that is, in a non-stop manner. Technically, a job running continuously is launched as soon as previous job processing is complete. With Veeam Backup & Replication, you can run backup jobs and replication jobs continuously or with an interval as low as one minute to implement near-continuous data protection (near-CDP) for the most critical applications and workloads.

D

Even if you have scheduling set up for a job, you can still start it manually at any moment.

Note: For a scheduler, periodic jobs have priority over regular jobs, e.g. if you have a monthly and a daily job scheduled to run at the same time, in case there are only enough resources to launch one of them, the monthly job will be started.

106

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 4: Protect

Automatic Job Retry Veeam Backup & Replication can be configured to retry a job for a certain number of times if the initial job pass fails. By default, Veeam Backup & Replication automatically retries a failed job three times within one job session. If necessary, however, you can change the number of retries in the job settings.

ib ut e

Veeam Backup & Replication retries a job only if the previous job session has failed and one or several VMs in the job have not been processed. Veeam Backup & Replication does not perform a retry if a job session has finished with the Success or Warning status. During the job retry, Veeam Backup & Replication processes only those VMs that have failed.

D

is

tr

Veeam Backup & Replication creates only one backup file within one job session. That is, if a job includes several VMs and some of them fail to be processed during the first job pass, Veeam Backup & Replication will create a backup file containing data for those VMs that have been successfully processed. At the job retry, Veeam Backup & Replication will attempt to process failed VMs; in the case of success, Veeam Backup & Replication will write data of the processed VMs to the backup file that was created at the previous job pass.

e

or

Important! Veeam Backup & Replication does not perform automatic retry for jobs started manually.

up

Backup Window

lic

at

In some situations, Veeam Backup & Replication may fail to process VMs during all job retries. In this case, failed VMs will be processed within the next job session; its data will be written to the backup file created within the current job session.

ot

D

To prevent a backup or replication job from overlapping with production hours and ensure it does not provide unwanted overhead on your virtual environment, you can limit all jobs to a specific backup window. A backup window is a period of time on week days when backup and replication jobs are permitted to run. If the job exceeds the allowed window, it will be automatically terminated.

N

Stopping Job Session

D

o

You can stop the job session: With the Stop option – terminates the job session before Veeam Backup & Replication creates the restore points for the VMs that are currently processed. With the Stop after current VM option – terminates the job session after creating restore points for the VMs that are currently processed.

The VMs that Veeam Backup & Replication succeeded to process will have new restore points.

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

107

Module 4: Protect

4.3. Creating Restore Points with VeeamZIP and Quick Backup If you need to quickly create a restore point for selected VM, VeeamZIP (full backup) or Quick Backup (incremental backup) can be used.

ib ut e

4.3.1. VeeamZIP

With Veeam Backup & Replication, you can quickly perform backups of one or several VMs with VeeamZIP. You can also VeeamZIP files for VMware vSphere and Hyper-V VMs with Veeam Backup Free Edition.

is

tr

VeeamZIP is similar to full VM backup. The VeeamZIP job always produces a full backup file (.vbk) that acts as an independent restore point. You can store the backup file to a backup repository, to a local folder on the Veeam backup server, or to a network share.

or

D

When you perform backups with VeeamZIP, you do not have to configure a backup job and schedule it, only minimum setting are required. Instead, you can start the backup process for selected VMs immediately. Veeam Backup Free Edition offers the following advanced options for VeeamZIP files creation:

D

up

lic

at

e

Data encryption. To create an encrypted VeeamZIP file, you must enable the encryption option and specify a password in VeeamZIP task options. Retention settings. You can specify retention settings for the created VeeamZIP file: define if the file must remain on the target storage or must be deleted with time (autoretention). Data compression – similar to the levels used for regular backup jobs. VM guest OS quiescence. VeeamZIP uses VMware Tools quiescence for VMware VMs and native Hyper-V quiescing mechanisms for Hyper-V VMs to capture VM data. VeeamZIP quiesces, or freezes, a running VM to bring its file system and application data to a consistent state suitable for backup. Restoring a transactionally consistent VeeamZIP file ensures successful recovery of VM applications without any data loss.

D

o

N

ot

The VeeamZIP was in versions prior to v9 not registered in the database used by Veeam Backup & Replication and the backup file produced with it is not available under the Backups node in the Backup & Replication view. However since v9, VeeamZIP backups are now registered in the configuration database and shown under Backups > Disk (VeeamZIP) node to more easily track them. You can easily see the location using the Location column, showing the corresponding backup's location, such as local path, backup repository or storage snapshot.

4.3.2. Quick Backup Quick Backup lets you perform on-demand incremental backups for VMs. You can use Quick Backup if you want to produce an additional restore point for one or more VMs in a backup job and do not want to configure a new job or modify the existing one. Quick Backup can be run for both incremental and reverse incremental backup chains.

108

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 4: Protect

Note: Quick Backup is not supported for separate vCloud Director VMs as vCD job process vApps as integral units.

D

is

tr

ib ut e

Quick Backup is an incremental backup task – and similarly, Quick Backup can only be run for VMs that have been successfully backed up at least once and has a full restore point.

at

e

or

To perform Quick Backup, Veeam Backup & Replication uses an existing backup job. When you start a Quick Backup task for a VM, Veeam Backup & Replication verifies that a backup job processing this VM exists on the Veeam backup server. If such job is detected, Veeam Backup & Replication triggers a job and creates an incremental restore point for the VM. If a backup job for the VM does not exist, Quick Backup is terminated.

up

lic

Note: If many jobs exist for the same VM, the one with the most recent restore point at the repository will be selected.

N

ot

D

When you perform Quick Backup, Veeam Backup & Replication creates a single VM incremental restore point, which contains data only for a specific VM. A partial restore point is not regarded as a full-fledged restore point in the backup chain. From the retention policy perspective, a single VM incremental restore point is grouped with a regular restore point following it. When Veeam Backup & Replication needs to delete a single VM incremental restore point by retention, it waits for the next regular restore point to expire, and deletes two restore points at once.

o

4.4. Backup Copy

D

To let you adopt the 3-2-1 rule: you must have three copies of your data on two different types of media, and at least one copy of that data offsite, Veeam Backup & Replication offers backup copying capabilities. Backup copying allows you to create several instances of the same backup file in different locations, whether onsite or offsite. Copied backup files have the same format as those created by backup jobs and you can use any data recovery option for them.

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

109

Module 4: Protect

4.4.1. Backup Copy Job To let you adopt the 3-2-1 backup strategy, Veeam Backup & Replication offers backup copying capabilities. Backup copying allows you to create several instances of the same backup file in different locations, whether onsite or offsite. Copied backup files have the same format as those created by backup jobs and you can use any data recovery option for them.

ib ut e

Backup copy is a job-driven process. Veeam Backup & Replication fully automates the backup copying process and lets you specify retention policy settings to maintain the desired number of restore points for copied backups.

is

tr

Backup data is copied per VM at the block level. When the backup copying process starts, Veeam Backup & Replication accesses VM backup files in the source backup repository, retrieves data blocks for a specific VM from the backup file, copies them to the target backup repository, and composes copied blocks into a backup file in the target backup repository. Therefore, the backup copying process does not affect virtual infrastructure resources, require an additional snapshot of a VM, or produce any load on VMs whose backups are copied.

or

D

In the target backup repository, the backup copy job creates a chain of restore points using the incremental backup method. The target backup repository always contains only one active incremental backup chain. Restore points in the chain are rotated according to the specified retention policy.

e

The backup chain on the target backup repository is created in the following manner:

D

o

N

ot

D

up

lic

at

1. The first synchronization interval of the backup copy job always produces a full backup file. The full backup file is created in the following way: a. From the backup chain on the source backup repository, Veeam Backup & Replication copies data blocks that are necessary to build a full backup of a VM as of the most recent state. Data blocks can be copied from one or several backup files in the chain, the retention policy for a backup copy job can be different than the retention period of its related backup job, or backup jobs. If the backup chain on the source backup repository was created using the reverse incremental backup method, Veeam Backup & Replication simply copies data blocks of the latest full backup.

110

If the backup chain on the source backup repository was created using the forward incremental backup method, Veeam Backup & Replication copies data blocks from the first full backup and a set of incremental backups to form a full backup of a VM as of the most recent state.

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 4: Protect

ib ut e

b. On the target backup repository, Veeam Backup & Replication writes all copied data blocks to the same full backup file.

at

e

or

D

is

tr

2. At every synchronization interval, when a new restore point appears on the source backup repository, Veeam Backup & Replication copies incremental changes from this most recent restore point and transfers them to the target backup repository. On the target backup repository, Veeam Backup & Replication writes the copied data blocks to the incremental backup file.

ot

D

up

lic

The backup copy job can be created for one VM or several VMs, which can be backed up by one backup job or several backup jobs. If the backup copy job is created for several VMs, you can define the order in which the VMs should be processed. Veeam Backup & Replication will process VMs in the job in parallel, starting from the first VM in the order list. If any VM cannot be processed for some reason, for example, in case a new restore point for this VM is not available yet, the job will start processing the next VM. Once this VM is processed, the job will attempt to copy the unprocessed VM once again. Even if a backup copy job processes several VMs, it creates one backup file on the target backup repository and stores the data for all VMs processed by the job.

D

o

N

Important! Backup copy jobs process VMs in parallel only if you transport VM data over the direct data path. If you use WAN accelerators for backup copy jobs, VMs will be processed sequentially. Parallel data processing over the direct data path is enabled by default. If necessary, you can disable parallel data processing using a registry key. For more information, contact the Veeam Support Team.

Note: With v9, backup copy jobs will now process multiple VMs in parallel, just like primary backup jobs. This improves the backup copy and retention processing performance due to removing “dead time” between each VM, and will further speed up processing when per-VM backup file chains are enabled on the target backup repository To minimize the amount of traffic going over the network, Veeam Backup & Replication uses data Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

111

Module 4: Protect

compression and deduplication technologies. And if you plan to copy VM restore points over the WAN and slow connections, you can also use backup mapping. Backup mapping can only be used if you already have a full backup file for the VM you plan to process with the backup copy job on the target backup repository. In this case, you can point the backup copy job to this backup file. This full backup file will be used as a “seed” for the backup copy job and you will need to copy only small incremental changes over the network.

ib ut e

When changing backup storage settings such as encryption or block size, v9 offers a new ability to trigger a manual Active Full in Backup Copy Jobs. This is also useful in troubleshooting scenarios.

or

D

is

tr

Note: Veeam Backup & Replication does not copy restore points if the block size of the restore point on the source backup repository differs from the block size of restore points on the target backup repository. The data block size for restore points on the target backup repository is set at the first synchronization cycle of the backup copy job. This size is taken from the corresponding settings of the primary backup job — the backup job that creates the backup chain on the source backup repository. If after the first synchronization cycle you add to the backup copy job new sources that use a different data block size, Veeam Backup & Replication will detect such restore points and display the Restore point is located in backup file with different block size message.

e

GFS retention policy

lic

at

Sometimes, simple backup retention policy is not enough. You cannot store an unlimited number of restore points on the target backup repository forever because it is not rational and is resource consuming. If you want to retain VM data for longer periods of time, it is recommended that you use the GFS retention policy scheme.

D

up

The GFS, or Grandfather-Father-Son retention policy is a backup rotation scheme intended for longterm archiving. It lets you keep backups of VMs for an entire year using minimum amount of storage space. GFS is a tiered retention policy scheme. It uses a number of cycles to maintain backups at different tiers:

N

ot

Regular backup cycle performed according to the specified synchronization interval Weekly backup cycle Monthly backup cycle Quarterly backup cycle Yearly backup cycle

D

o

Weekly/monthly/quarterly/yearly backups are always full backups containing data of the whole VM image as of specific date. When you define retention policy settings for a weekly/monthly/quarterly/yearly backup cycle, you specify how many weekly backups you want to retain per month, monthly per year, etc. and define the day on which a full backup must be created. These backups are not created in a separate task. Veeam Backup & Replication re-uses a full backup created in the regular backup cycle and propagates it to the required tier. After the retention is met and the .vbk "passes" the scheduled date, the full backup created in a backup copy job for each GFS retention point will be deleted.

112

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 4: Protect

Maintenance Settings To specify settings for backup files stored in the target backup repository:

ib ut e

Additionally, we can improve local backup copy performance and reduce the load on deduplication appliances with the new option for active full Grandfather-Father-Son (GFS) backups in Backup Copy jobs. The data rehydration requirement is eliminated on the deduplication appliance with this option enabled – and instead, the entire restore point is copied over from source backup files. This effectively turns the Backup Copy workload from random to streaming, really broadening our support for the deduplication appliance that can serve as the target for Backup Copy jobs to any storage at all.

up

lic

at

e

or

D

is

tr

1. At the Target step of the wizard, click Advanced. 2. If you want to periodically perform a health check of the most recent restore point in the backup chain, select the Perform backup files health check check box and specify the time schedule for the health check. By default, the health check is performed on the last Saturday of every month. An automatic health check allows you to avoid a situation when a restore point gets corrupted, making all further increments corrupted, too. If Veeam Backup & Replication detects corrupted data blocks in the restore point during the health check, it will transfer these data blocks to the target backup repository during the next synchronization interval and store them in the newly copied restore point. For more information, see Health Check for Copied Backups. 3. Select the Remove deleted VMs data after days check box and specify the retention policy settings for deleted VMs. If a VM is no longer processed by a job for some reason (for example, it was excluded from the job, removed from the virtual infrastructure and so on), its data may still be kept in backups on the target backup repository. To avoid this situation, you can define the number of days for which data for deleted VMs must be retained. By default, the deleted VM retention period is 30 days. Do not set the deleted VM retention period to 1 day or a similar short interval. In the opposite case, the backup copy job may work not as expected and remove VM data that you still require.

ot

D

Important! When Veeam Backup & Replication removes data for deleted VMs, it does not free up space in the backup repository. It marks the space as available to be overwritten, and this space is overwritten during subsequent job sessions or the backup file compact operation.

D

o

N

4. To periodically compact a full backup, select the Defragment and compact full backup file check box and specify the schedule for the compacting operation. By default, the compact operation is performed on the last Sunday of every month. The compact option can be enabled only if you have not specified the GFS settings. During the compacting operation, Veeam Backup & Replication creates a new empty VBK file and copies to it all data blocks from the full backup file. As a result, the full backup file gets defragmented, its size reduces and the speed of writing and reading to/from the file increases.

Note: The Remove deleted VMs data after days option applies only to regular backup chains. Veeam Backup & Replication does not remove data for deleted VMs from weekly, monthly, quarterly and yearly backups.

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

113

Module 4: Protect

Compact of Full Backup File The backup copy job constantly transforms the full backup file in the backup chain to meet retention policy settings. The transformation process, however, has a side effect. In the long run, the full backup file grows large and gets badly fragmented. The file data occurs to be written to noncontiguous clusters on disk, and operations of reading and writing data from and to the backup file slow down.

ib ut e

To resolve the fragmentation problem, you can instruct Veeam Backup & Replication to compact the full backup file periodically. During the file compact operation, Veeam Backup & Replication creates a new empty VBK file and copies to it all data blocks from the full backup file. As a result, the full backup file gets defragmented, its size reduces and the speed of reading and writing from and to the file increases.

D

is

tr

To compact the full backup file periodically, you must enable the Defragment and compact full backup file option in the backup copy job settings and define the compact operation schedule. By default, the compact operation is performed on the last Saturday of every month. You can change the compact operation schedule and instruct Veeam Backup & Replication to perform it weekly or monthly on specific days.

or

The full backup file compact has the following limitations:

o

N

ot

D

up

lic

at

e

The Defragment and compact full backup file option can be enabled only for the simple retention policy scheme. The target backup repository must have enough space to store a file of the full backup size. During the compact process, Veeam Backup & Replication creates an auxiliary VBK file that exists in the backup repository until the end of the compact operation. If the full backup file contains data for a VM that has only one restore point and this restore point is older than 2 days, during the compact operation Veeam Backup & Replication will not copy data for such VM to the newly created full backup file. Veeam Backup & Replication will extract data for this VM from the full backup file and write this data to a separate backup file. The file will be displayed under the Backups > Disk (imported) node in the Backup & Replication view. This mechanism helps remove data for VMs that are no longer processed with the backup copy job from the full backup file and reduce the size of the full backup file. The mechanism works if the following conditions are met: The Remove deleted VMs data option is not enabled in the backup copy job settings. The Use per-VM backup files option is not enabled in the settings of the target backup repository.

D

Active Full Backup Copies You can manually create an ad-hoc full backup for the backup copy job — active full backup copy, and add it to the backup chain on the target backup repository. To do this, you can use the Active Full button on the ribbon or the Active Full command from the shortcut menu. Active full backup copy can be helpful if you want to change backup copy job settings, for example, define a new encryption password. Veeam Backup & Replication will apply new settings starting from this full backup. 114

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 4: Protect

Veeam Backup & Replication treats archive full backups created with the active full backup method as regular backups and applies regular retention policy rules to maintain the necessary number of restore points.

ib ut e

If you create active full backups for backup copy jobs, Veeam Backup & Replication applies to the backup chain retention rules of the forward incremental backup method. Veeam Backup & Replicationwaits until the number of restore points in the new backup chain is equal to the retention policy setting, and then removes the previous backup chain on the whole.

is

tr

If you additionally use the GFS retention scheme for the backup copy job, Veeam Backup & Replication behaves in a different way. After the number of restore points in the new backup chain is equal to the retention policy setting, Veeam Backup & Replication merges restore points in the previous backup chain to the restore point that must be marked as an archive backup. When the archive restore point is set aside, Veeam Backup & Replication uses the standard scheme described above.

D

4.5. Replication

at

e

or

With Veeam, you can not only back up, but also replicate your VMs. When you replicate a VM, Veeam Backup & Replication creates an exact copy of a production VM in the native format on a spare host and maintains this copy in sync with the original VM. If the primary VM goes down for some reason, you can immediately fail over to the VM replica, and restore critical services with minimum downtime.

up

Replication Overview

lic

4.5.1. Insight into replication

D

o

N

ot

D

Just like backup, replication is a job-driven process. During the first run of a replication job, Veeam Backup & Replication copies the whole VM image and registers a replicated VM on the target host. During subsequent runs of a job, Veeam Backup & Replication copies only incremental changes, and creates restore points for a VM replica – so you can recover your VM to the necessary state. Every restore point is in fact a snapshot. When you perform incremental replication, data blocks that have changed since the last replication cycle are written to the snapshot delta file next to a full VM replica. The number of restore points in the chain depends on your retention policy settings.

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

115

at

e

or

D

is

tr

ib ut e

Module 4: Protect

up

lic

To provide extremely fast incremental replication for VMware, Veeam Backup & Replication leverages the vSphere functionality – ESXi Changed Block Tracking (or CBT). With CBT, you can replicate much faster as the replication job can be set to run Continuously. So you get near-CDP at only a fraction of the cost of traditional CDP solutions.

N

ot

D

For VMs on Microsoft Hyper-V Servers 2012 R2 and earlier, Veeam & Backup & Replication uses its proprietary Hyper-V changed block tracking mechanism (CBT). The CBT mechanism is implemented as a file system filter driver. Veeam CBT driver is installed on every Hyper-V host added to the list of managed servers in Veeam Backup & Replication. The driver is activated when the host is first addressed by a job with enabled CBT. The Veeam CBT driver keeps track of changing data blocks in virtual disks. Information on data blocks that have changed is registered in special .ctp files. When a job is run, Veeam Backup & Replication uses .ctp files to learn what blocks of data have changed since the last run of this particular job, and copies only changed data blocks from the disk image.

D

o

For VMs on Microsoft Hyper-V Server 2016, Veeam Backup & Replication uses a Microsoft technology, Resilient Changed Tracking. When replicating, you can select a path for VM data transfer: Direct: To transport data directly from the backup proxy to the target host. Through built-in WAN accelerators: To transport VM data via WAN accelerators. With Veeam Backup & Replication, you can perform both onsite replication for HA and offsite replication for DR scenarios. For replication over WAN or slow links, Veeam Backup & Replication provides a number of means to optimize data transmission – it performs inline deduplication and

116

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 4: Protect

compresses replica traffic. You can also configure network throttling rules to prevent replication jobs from consuming the entire bandwidth in your environment, and perform replica seeding. Replication generally provides the best RTOs and RPOs as you actually have a copy of your VM in a ready-to-start state. If a primary VM goes down, you just need start a VM replica to recover the VM. That is why replication is most commonly used for VMs running tier 1 applications.

ib ut e

Note: When using Veeam Replication to achieve business continuity, there will be networking and DNS challenges that must be overcome for a working solution. You may want to consult your network architect to define those changes.

tr

Creating Replication Jobs

or

D

is

To create replicas, Veeam Backup & Replication uses VMware/Hyper-V VM snapshot capabilities. Snapshot replica is similar in many respects to forward incremental backup. During the first run of a replication job, Veeam Backup & Replication copies the VM running on the source host and creates its full replica on the target host. All subsequent replication jobs are incremental: Veeam Backup & Replication copies only those data blocks that have changed since the last replication cycle. For each new incremental run of the replication job, Veeam Backup & Replication triggers a regular snapshot of the replica. Thus, the created replica snapshot acts as a new restore point.

at

e

As a result, for every replicated VM, Veeam Backup & Replication produces a full replica and a chain of snapshots, or restore points.

up

lic

All replication infrastructure components engaged in replication make up a data pipe. VM data is moved over this data pipe block by block, with multiple processing cycles. For vSphere, it’s important that there is a proxy at the destination side, so that the target data mover service could write data directly to the target storage, not passing it over network. Veeam Backup & Replication creates and maintains the following types of replica files:

N

ot

D

Full VM replica (a set of VM configuration files and virtual disks) Replica restore points (VM snapshot files) Replica metadata (.vbm files) that stores VM replica digests (used to quickly detect changed blocks of data between two replica states)

D

o

The full VM replica along with its restore points is stored in a dedicated folder on the target datastore. Replica metadata files are stored on a backup repository.

Important! Replica metadata can only be stored on Simple Backup Repositories. Scale-Out Backup Repository is not supported for storing replica metadata.

4.5.2. Reducing Amount of Transferred Data A replication job helps to avoid data loss. It is generally desired that low RPO is enabled and offsite data protection is facilitated. To reduce the amount of traffic sent over the network during replication,

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

117

Module 4: Protect

one of the following options can be used: Remote replica from backup

Replica mapping

The backup file placed at the remote site

A backup chain on the backup repository

Source of data for the subsequent runs

Already existing VM in the DR site

Production VM

ib ut e

Source of data for the first run

Replica seeding

Point in time when the backup was created

Latest state

Benefits

Reduces the workload on the production environment

Only differences between mapped machine/backup “seed” state and production VM are transferred over the network

D

is

tr

VM state

or

4.5.3. Resume on Disconnect

at

e

A dropped network connection used to be one of reasons for replication job failures. If a connection was interrupted even for several seconds in the middle of data transfer, the replication job failed reporting a connection reset error. In such situation, a failed job would have to be retried or re-run and the data transfer process would start from the very beginning.

lic

Resume on Network Disconnect

Resume on WAN Disconnect

If a network connection drops for a short period of time during the replication process

Characteristics

- Dramatically improves the reliability of remote replication - Reduces the backup window - Minimizes the network/WAN link load

ot N o D

How it works

118

If you replicate VMs over WAN accelerators and a WAN connection drops during VM data transfer

D

up

When it happens

Veeam Backup & Replication does not create a new restore point upon resume: VM data is written to the same restore point that was created for the current replication session.

- After a WAN connection is resumed, Veeam Backup & Replication starts a new data transfer cycle: data transported with every new cycle is written to a new working snapshot on a VM replica. - In order to avoid keeping long snapshot chains, Veeam Backup & Replication merges earlier snapshots and maintains only two working snapshots for a VM replica. - Once all of the VM data is transferred to the target host, the two working snapshots are also merged to create one fully functional VM restore point.

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 4: Protect

Note: Resume on network disconnect is offered for the replication, backup, backup copy, full VM restore processes and all Cloud Connect-related activities. It is not available for tape operations.

4.6. Creating VM/File Copy Jobs

ib ut e

This topic will cover Veeam Backup & Replication VM copy and file copy jobs, which will enable you to: move your data center or mirror your production environment to test lab storage with VM copying

D

is

tr

deliver image files to hosts, make backup copies of existing VMs and exchange VMs and templates between servers or move backups across repositories using a file copy job.

or

4.6.1. VM copy

lic

at

e

With a VM copy job, you can create a fully-functioning copy of a VM that will require no manual editing or adjustments. VM copying can be helpful if you want to move your datacenter, mirror your production environment to test lab storage, and so on. Just like backup and replication jobs, a VM copy job can be performed using the Direct SAN Access, Virtual Appliance, or Network transport modes, supports VSS options, and can be run on demand or scheduled.

up

This section will guide you through all steps of the VM Copy wizard and provide explanations for available options.

ot

D

Prior to creating a VM copy job, make sure you have set up all the necessary infrastructure components. Open the Infrastructure view and check that source and destination hosts are available under the Managed servers node in the management tree and that backup proxies and backup repositories are available under the Backup Proxies and Backup Repositories nodes and properly configured. You will not be able to add VM copy infrastructure components or change their configuration once the VM Copy Job wizard is launched.

D

o

N

During every job run, Veeam Backup & Replication checks disk space on the destination storage. If the disk space is below a specific threshold value, Veeam Backup & Replication will display a warning in the job session log. To specify the disk space threshold, select Options from the main menu. On the Notifications tab, specify the amount of free disk space required in a percentage.

4.6.2. File Copy Veeam Backup & Replication includes file copy possibilities which provides a natural way to deliver image files to hosts, make backup copies of existing VMs, and exchange VMs and templates between servers or move backups across repositories. Using Veeam Backup & Replication, you can copy files and folders between and within servers connected to the Veeam Backup Server.

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

119

Module 4: Protect

D

o

N

ot

D

up

lic

at

e

or

D

is

tr

ib ut e

Note: When the file copy destination is located on a server managed by Veeam Backup & Replication, traffic compression can be used to minimize network bandwidth and improve performance of file copy activities.

120

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 4: Protect

Labs for Module 4: Protect

ib ut e

Now you need to deliver the promised value. To reliably protect the data center, this module's labs will showcase how to configure backup and replication jobs using the advanced settings based on the infrastructure and business continuity plan requirements and complement successful data protection with a disaster recovery plan while complying with the 3-2-1 Rule by copying your backups off site.

Get into the Lab Lab

Action

Purpose

Creating backups

Create a set of backup jobs to protect the virtual machines used in the lab environment.

4.2

Creating backups with VeeamZIP

Quickly create a point-in-time copy of one of your virtual machines using VeeamZIP™.

4.3

Creating an off-site backup copy job

Create an off-site backup copy job using a WAN accelerator to provide the necessary level of safety by complying with the 3-2-1 Rule.

Creating replicas

Ensure efficient data protection in your virtual environment with the best RTO and RPO by setting up a VM replica for several of the VMs in the infrastructure.

D

o

N

ot

D

up

lic

4.4

at

e

or

D

is

tr

4.1

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

121

D

o

N

ot

D

up

lic

at

e

or

D

is

tr

ib ut e

Module 4: Protect

122

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module P: Preparation for day 2

Labs for Module P: Preparation for day 2

ib ut e

This module must be performed before you start the other labs of day two. You will delete a VM from the datastore to recover it later in the course flow, deploy a second Veeam Backup & Replication instance and review the backups and replicas created overnight.

Get into the Lab Lab

Action

Purpose

Day 1 overview

Make sure the retention policy was applied correctly.

P.2

Deploying a second Veeam backup server

Install a second Veeam Backup & Replication instance. We will use it later on in the course to showcase configuration restore and decryption without a password.

P.3

Deleting VMs

Delete a VM to test out Veeam Backup & Replication restore capabilities later in the course.

P.4

Deleting SQL table

Delete a SQL table to force the creation of transaction logs to test out Veeam Backup & Replication restore capabilities later in the course.

D

o

N

ot

D

up

lic

at

e

or

D

is

tr

P.1

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

123

D

o

N

ot

D

up

lic

at

e

or

D

is

tr

ib ut e

Module P: Preparation for day 2

124

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 5: Entire VM Recovery

5. Entire VM Recovery Veeam Backup & Replication offers a number of recovery options for various disaster recovery scenarios. In this module, you will learn how to recover the entire virtual machine and when to utilise which recovery option.

ib ut e

5.1. Recovery from a Backup

If a production VM has failed and you need to recover it from the backup, Veeam Backup & Replication offers a number of recovery options for various disaster recovery scenarios. Purpose

tr

Scenario

Instantly start a VM directly from a backup file

Full VM Recovery

Recover a VM from a backup file to its original or another location

VM file Recovery

Recover separate VM files (virtual disks, configuration files and so on)

Windows File-Level Recovery

Recover individual Windows guest OS files (from FAT, NTFS and ReFS file systems) For most commonly used file systems on Windows, Linux, Solaris, BSD, Novell Netware, Unix and Mac machines

lic

MultiOS File-Level Recovery

at

e

or

D

is

Instant VM Recovery

up

Veeam Explorers

Recover application objects directly from backup files

D

Universal Application-Item Recovery (U-AIR)

D

o

N

ot

Note: For VMware vSphere, restores are done via network or VIX (VMware Tools VIX Channel), if Veeam Backup & Replication fails to connect to the VM guest OS over the network. Also, if your backup proxy is a VM with HotAdd access to the source datastore, during the full VM restore, Veeam Backup & Replication will use the Virtual Appliance transport mode to write the VM data from the backup proxy back to the datastore. This speeds up the restore process and reduces the load on the network.

5.1.1. Instant VM Recovery With Instant VM Recovery, you can immediately restore a VM into your production environment by running it directly from the compressed and deduplicated backup file. Instant VM Recovery helps improve recovery time objectives and minimize disruption and downtime of production VMs. It’s like having a 'temporary spare' for a VM: users remain productive while you troubleshoot issues with the failed VM.

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

125

Module 5: Entire VM Recovery

VMware When Instant VM Recovery is performed, Veeam Backup & Replication uses the Veeam vPower technology to mount a VM image to an ESX(i) host directly from a compressed and deduplicated backup file. Because there is no need to extract the VM from the backup file and copy it to production storage, you can restart a VM from any restore point (incremental or full) in a matter of minutes.

ib ut e

The archived image of the VM remains in read-only state to avoid unexpected modifications. By default, all changes to virtual disks that take place while the VM is running are logged to auxiliary redo logs residing on the NFS server (Veeam backup server or backup repository). These changes are discarded as soon as a restored VM is removed, or merged with the original VM data when VM recovery is finalized.

is

tr

To improve I/O performance for a restored VM, you can redirect VM changes to a specific datastore. In this case, instead of using redo logs, Veeam Backup & Replication will trigger a snapshot and put it in the Veeam IR directory on the selected datastore along with metadata files holding changes to the VM image.

or

D

Either original location or different one can be selected for restore. To finalize Instant VM Recovery, you have to migrate it to production with one of the following options:

D

o

N

ot

D

up

lic

at

e

Use VMware Storage vMotion to quickly migrate the restored VM to the production storage without any downtime. In this case, original VM data will be pulled from the NFS datastore to the production storage and consolidated with VM changes while the VM is still running. Veeam recommends to execute this via the Backup & Replication UI, rather than the VMware vSphere UI. Use VMware Cross-Host vMotion (XvMotion) to quickly migrate the restored VM to the production storage without any downtime. In this case, original VM data will be pulled from the NFS datastore to the production storage and consolidated with VM changes while the VM is still running. VMware Storage vMotion, however, can only be used if you select to keep VM changes on the NFS datastore without redirecting them. This option is only available from the VMware vSphere Web Client and requires a vMotion license. Use replication or VM copy functionality of Veeam Backup & Replication to create a copy of a VM and fail over to it during the next maintenance window. In contrast to VMware Storage vMotion, this approach requires you to schedule some downtime while you clone or replicate the VM, power it off, and then power the cloned copy or replica on. Use Quick Migration (SmartSwitch) to perform a two-stage migration procedure – instead of pulling data from the vPower NFS datastore, it will restore the VM from the backup file on the production server, then move all changes and consolidate them with the VM data. If you move a VM between two hosts with compatible CPUs, Veeam Backup & Replication uses SmartSwitch. Veeam Backup & Replication suspends the VM to move its state file and changes made after snapshot creation. The VM is then resumed on the new host. This method ensures minimum possible VM downtime during migration.

Beside disaster recovery matters, instant VM recovery can also be used for testing purposes. Instead of extracting VM images to the production storage to perform regular DR testing, you can run a VM directly from the backup file, boot it and make sure the VM guest OS and applications are functioning properly.

126

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 5: Entire VM Recovery

Hyper-V In the Hyper-V environment, Instant VM Recovery is performed in the following way:

up

lic

at

e

or

D

is

tr

ib ut e

1. Veeam Backup & Replication reads the VM configuration from the backup file in the repository and creates a dummy VM with the same settings and empty disks on the destination host. 2. Veeam Backup & Replication initiates the creation of a protective snapshot for the dummy VM and the VM is started. If the Instant VM Recovery process fails for some reason, the protective snapshot guarantees no data is lost. 3. On the backup repository and on the destination host, Veeam Backup & Replication deploys a pair of Veeam data mover services that are used to mount the VM disks from the backup file to the dummy VM. 4. On the destination host, Veeam Backup & Replication starts a proprietary Veeam driver. The driver redirects requests to the file system of the recovered VM (for example, when a user accesses some application) and reads the necessary data from the backup file on the backup repository via the pair of Veeam data mover services which maintain the disk mount.

N

ot

D

To finalize VM recovery, you can migrate the VM to the production storage. When you begin the migration process, Veeam Backup & Replication starts another pair of Veeam data mover services on the backup repository and on the destination host. The second pair of Veeam data mover services copies the recovered VM’s data from the backup repository to the destination host in the background, and populates disks of the VM started on the destination host.

D

o

The driver on the destination host knows which data has already been restored permanently and does not redirect requests to it, reading it directly from the disks of the restored VM. Thus, performance of the instantly recovered VM will increase as more of the data is copied. When the VM is restored completely, all Veeam data mover services are stopped.

Important! Before you start Instant VM Recovery in the Hyper-V environment, make sure that Changed Block Tracking is enabled for a host to which you plan to restore a VM. If Changed Block Tracking is disabled for the host, the driver required for work of Instant VM Recovery will be disabled. If you do not perform VM migration, all operations on the file system of the recovered VM will be Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

127

Module 5: Entire VM Recovery

carried out via the disk mount connection. This is helpful if you will only need the instantly recovered VM for a short period of time, to perform one or two tasks (for example, look up some information stored on the backed up VM).

5.1.2. Full VM Recovery

ib ut e

With Veeam Backup & Replication, you can restore an entire VM from a backup file to the latest state or to any good-to-know point in time if the primary VM fails.

tr

In contrast to Instant VM Recovery, Full VM Restore (also referred to as Entire VM restore) requires you to fully extract the VM image to the production storage. Though Full VM Restore takes more resources and time to complete, you do not need to perform extra steps to finalize the recovery process. Veeam Backup & Replication pulls the VM data from the backup repository to the selected storage, registers the VM on the chosen ESXi or Hyper-V host and, if necessary, powers it on.

or

D

is

A VM can be restored to its original location or to a new location. And you can restore several VMs at once. When you restore a VM to its original location, the primary VM is automatically turned off and deleted before the restore. This type of restore ensures the quickest recovery and minimizes the number of mistakes which can potentially be caused by changes in VM settings.

at

e

Incremental Restore

up

lic

For VMware vSphere, when you restore a full VM or VM hard disk to the original location, Veeam Backup & Replication performs incremental restore (Quick Rollback) by default, leveraging VMware Changed Block Tracking technology. Instead of restoring an entire VM or VM disk from a backup file, Veeam Backup & Replication recovers only those data blocks that are necessary to revert the VM or VM disk to an earlier point in time. Incremental restore:

D

Significantly reduces the recovery time. Has little impact on the production environment.

N

ot

It is recommended that you use quick rollback if you restore a VM after a problem that has occurred at the level of the VM guest OS: for example, there has been an application error or a user has accidentally deleted a file on the VM guest OS. Do not use incremental restore if the problem has occurred at the VM hardware level, storage level or due to a power loss.

o

Requirements for incremental restore:

D

VM is restored to its original location. The backup file from which you plan to restore a VM is created with the Changed block tracking option enabled.

There are also some limitations for incremental restore: After you restore a VM or VM disk with quick rollback, the CBT on the original VM is reset. During the subsequent backup job session, Veeam Backup & Replication will read all data of the original VM.

128

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 5: Entire VM Recovery

is

tr

ib ut e

[For VMware vSphere VMs] Quick rollback can be performed in the Direct NFS access, Virtual appliance, Network transport mode. The Direct SAN access transport mode cannot be used for quick rollback due to VMware limitations. [For Microsoft Hyper-V 2016] You cannot run two restore sessions with quick rollback subsequently. After you restore a VM with quick rollback, the CBT on the original VM is reset. You must run at least one incremental backup job session to be able to perform quick rollback again. Use quick rollback and VM guest OS file exclusion wisely. If you exclude specific files and folders from the VM guest OS during backup and use quick rollback to restore the VM or VM disk from such backup, Veeam Backup & Replication will restore only the content of the backup file. The excluded data will not be restored. For example, if you exclude C:\Folder from the backup, data in this folder will not be backed up and will not be available in the resulting backup file. After some time, data in C:\Folder may change but the folder will still not be backed up (since the job excludes this folder). For this reason, when you perform quick rollback, Veeam Backup & Replication will restore all data that have changed except the excluded C:\Folder.

D

5.1.3. VM File Recovery

at

e

or

Veeam Backup & Replication can help you to restore specific VM files (.vmdk, .vmx/.vhd, .vhdx, .xml and others) if any of these files are deleted or the datastore/volume is corrupted. This option provides a great alternative to Full VM Restore, for example, when your VM configuration file is missing and you need to restore it. Instead of restoring the whole VM image to the production storage, you can restore the specific VM file only.

up

lic

When you perform VM file restore, VM files are restored from regular image-level backups. Veeam data mover (also referred to as “transport”) services deployed on the backup repository and the backup proxy retrieve VM data from the backup file and send it to the original VM location, or to a new location specified by the user.

D

5.1.4. Restore to Microsoft Azure

ot

Veeam Backup & Replication lets you restore physical and virtual machines from backups residing in the on-premises environment to Microsoft Azure. You can use Veeam Backup & Replication to complete the following tasks:

D

o

N

Restore machines from Veeam backups to Microsoft Azure. Migrate machines from the on-premises infrastructure to the cloud. Create a test environment in the cloud for troubleshooting, testing patches and updates and so on.

You can restore machines from the following types of backups: Backups files of Microsoft Windows and Linux VMs created with Veeam Backup & Replication You can use backups of VMware vSphere VMs and VMware vCloud Director VMs. Backups of Microsoft Windows machines created with Veeam Endpoint Backup. Backups must be created at the volume level. Backups of Linux machines created with Veeam Agent for Linux. Backups must be created at the volume level. Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

129

Module 5: Entire VM Recovery

or

D

is

tr

ib ut e

For restore to Microsoft Azure, Veeam Backup & Replication can employ the Microsoft Azure Resource Manager or classic deployment model. Veeam Backup & Replication supports batch restore — you can launch the restore process for several VMs at a time.

Limitations for Restore to Microsoft Azure

o

N

ot

D

up

lic

at

e

Veeam Backup & Replication supports restore to Microsoft Azure for the following machines: Microsoft Windows machines running Windows Server 2008/Windows Vista and later. Linux machines (see the Supported Distributions & Versions section: https://docs.microsoft.com/en-us/azure/virtual-machines/virtual-machines-linux-e ndorsed-distros). The maximum size of one disk of a VM restored to Microsoft Azure must not exceed 1023 GB. You cannot restore a machine that has disks of a greater size. If the system disk of an initial machine uses the GPT partitioning scheme, the number of partitions on the disk cannot exceed 4. During restore such disk will be converted to a disk with the MBR partitioning scheme. Veeam Backup & Replication does not support restoring VMs to the following Azure regions: Azure Germany https://azure.microsoft.com/en-us/overview/clouds/germany/ Azure China https://www.azure.cn/ The restore to Microsoft Azure functionality does not support the Azure Hybrid Use Benefit program.

D

Important! You must set up correct time on the backup server. Otherwise you may not be able to add a Microsoft Azure account to Veeam Backup & Replication, or the restore process may be failing.

Restore of Microsoft Windows Machines To restore a Microsoft Windows machine, Veeam Backup & Replication performs the following steps: 1. If you use an Azure proxy for restore, Veeam Backup & Replication powers on the Azure proxy. For more information about the Azure proxy, see Configuring Azure Proxies. 130

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 5: Entire VM Recovery

ib ut e

2. Veeam Backup & Replication converts disks of a backed up machine to the VHD format and uploads converted disks to blob storage in Microsoft Azure. 3. Veeam Backup & Replication mounts uploaded disks to the backup server. 4. Veeam Backup & Replication prepares disks for VM restore. As part of this process, it enables Remote Desktop rules, configures firewall rules, prepares disks for Microsoft Azure agent installation and so on. 5. Veeam Backup & Replication unmounts prepared disks from the backup server. 6. If you use an Azure proxy for restore, Veeam Backup & Replication powers off the Azure proxy after a timeout. 7. Veeam Backup & Replication registers a Microsoft Azure VM with the prepared machine disks. After the registration process is complete, the Microsoft Azure VM is powered on immediately, and the Microsoft Azure agent is installed on the machine.

tr

Restore of Linux Machines

D

is

For restore of Linux machines, Veeam Backup & Replication uses a helper appliance. The helper appliance is a small auxiliary Linux-based VM in Microsoft Azure registered by Veeam Backup & Replication. During the restore process, Veeam Backup & Replication mounts disks of a backed up machine to the helper appliance to prepare disks for restore.

or

You can set up a helper appliance when you configure initial settings for restore to Microsoft Azure. If you plan to restore Linux machines to different locations, you must set up several appliances — one appliance in every location.

lic

at

e

The helper appliance is persistent. After you set up the appliance, it remains in Microsoft Azure in the powered off state. Veeam Backup & Replication starts the helper appliance for a short period of time during the restore process and powers the appliance off when the restore process is complete. To restore a Linux machine, Veeam Backup & Replication performs the following steps:

D

o

N

ot

D

up

1. If you use an Azure proxy for restore, Veeam Backup & Replication powers on the Azure proxy. For more information about the Azure proxy, see Configuring Azure Proxies. 2. Veeam Backup & Replication converts disks of a backed up machine to the VHD format and uploads converted disks to blob storage in Microsoft Azure. 3. Veeam Backup & Replication mounts uploaded disks to the helper appliance that resides in the location to which you restore the Linux machine. 4. Veeam Backup & Replication starts the helper appliance with mounted disks. 5. Veeam Backup & Replication prepares disks for VM restore. As part of this process, it enables remote connection rules, configures firewall rules and so on. 6. Veeam Backup & Replication unmounts prepared disks from the helper appliance and powers off the helper appliance. 7. If you use an Azure proxy for restore, Veeam Backup & Replication powers off the Azure proxy after a timeout. 8. Veeam Backup & Replication registers a Microsoft Azure VM with the prepared machine disks. After the registration process is complete, the VM is powered on immediately.

5.2. Extract Utility Veeam Backup & Replication comes with an extract utility that can be used to recover VMs from a full

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

131

Module 5: Entire VM Recovery

backup file – VBK. The utility can be used as an independent tool on Linux and Windows computers as it does not require any interaction with Veeam Backup & Replication. The extract utility can be helpful; for example, if it is written to the tape next to backup files, you can possibly recover VMs from backups even if backups are removed from Veeam Backup & Replication or the application is uninstalled. The extract utility can be utilized via two interfaces:

ib ut e

Graphic user interface (can be started on Microsoft Windows machines only) Command-line interface working in the interactive or regular mode

tr

The installation folder of Veeam Backup & Replication (by default: %PROGRAMFILES%\Veeam\Backup and Replication\Backup) contains three files for the extract utility:

or

D

is

Veeam.Backup.Extractor.exe – The utility working via the graphic user interface(Microsoft Windows machines only) extract.exe – The utility working via the command-line interface(version for Microsoft Windows) extract – The utility working via the command-line interface(version for Linux)

Important! The extract utility always restores a VM from the full backup file.

at

e

5.3. Recovery from a Replica

up

5.3.1. Failover

lic

The next section will familiarize you with the various ways that you can utilize replicas for the disaster recovery or other scenarios.

N

ot

D

If a primary VM in the production site becomes unavailable, you can quickly restore services by failing over to its replica. When you perform failover, the VM replica takes over the role of the original VM and you switch from the production VM to its replica and shift your I\O and processes from the production host to a secondary host. As a result, you have your VM up and running within minutes, and your users can access the services and applications they need with minimum disruption.

o

In Veeam Backup & Replication, you can fail over to the latest state of a replica or to any of its good to know restore points.

D

Failover itself is an intermediate step that needs to be finalized. Depending on the disaster recovery scenario, you can do one of the following:

132

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 5: Entire VM Recovery

1. Perform permanent failover

2. Perform failback

3. Undo failover

Switch back to the original VM after the problem in the production site is eliminated.

Switch back to the original VM and work with it in the normal operation mode.

How changes to VM replica are handled

No transferring because all changes are initially made to a replica VM

Transferred to the original VM

Discarded

Replica Site Location

Same as original VM

Disaster Recovery (DR)

Testing environment (e.g. dedicated resource pool)

When this scenario is recommended

This is best when the original VM and a VM replica are located in the same site, and hosts and storage are nearly equal in terms of resources. In this case, your users will not experience any latency in ongoing operations.

This is best when the VM replica is located in a DR site and is running on a lower tier host and storage, which is not intended for continuous operations.

This is best when you want to perform some testing and troubleshooting of the VM replica without affecting the production environment in any way.

up

lic

at

e

or

D

is

tr

ib ut e

Operations flow

Switch from the original VM to a VM replica and use this replica as the original VM.

ot

D

Note: Veeam Backup & Replication supports failover and failback operations for one VM or for a number of VMs at the same time. If you have a problem with an ESXi host, you can restore its work with minimum downtime.

N

5.3.2. Failback

o

Veeam Backup & Replication streamlines and automates disaster recovery by providing replica failback capabilities.

D

Failback is the process of switching from the VM replica to the production VM. During failback, Veeam Backup & Replication uses the working replica to recover the original VM and switch back to it. If you managed to restore the operation of the source host, you can switch back to the original VM on the source host. However, if the source host is not available, you can restore the original VM to a new location and switch back to it. Veeam Backup & Replication offers three failback options: Failback to a VM in the original location on the source host Failback to a VM that has been restored up-front from a backup in a new location Failback to an entirely new location by transferring all replica files to the selected destination Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

133

Module 5: Entire VM Recovery

The first two options help you decrease recovery time and network traffic, as Veeam Backup & Replication will transfer only differences between the two VMs. The third option is used in cases when there is no way to use the original VM or restore the VM before performing failback. During failback, Veeam Backup & Replication protects a running VM replica with a failback snapshot. The snapshot acts as a restore point and saves the pre-failback state of a replica to which you can return afterwards.

ib ut e

In Veeam Backup & Replication, failback is considered a temporary stage that should be further finalized. That is, after you test the recovered original VM and make sure it is running correctly, you should take another step to commit failback. However, while the replica is still in the failback state, you also have the option to undo failback and return the replica to the failover state. Undo failback

tr

Commit failback

The production VM is not working as expected after failback.

Operations flow

Veeam Backup & Replication removes the protective snapshots and unlocks replica disk files. The original VM in the production site or at a new location starts to perform the role of the primary VM.

VM replica state after the operation

The VM replica returns to the normal state.

D

is

Scenario

You want to finalize recovery of the original VM in the production site.

up

5.3.3. Failover Plan

The VM replica returns to the failover state.

lic

at

e

or

Operations switch back to a VM replica.

D

If you have a number of VMs running interdependent applications, you need to failover them one by one, as a group. To do this automatically, you can prepare a failover plan.

N

ot

In a failover plan, you set the order in which the VMs should be processed and the delay time needed to start each VM. The delay time helps to ensure that some VMs, such as a DNS server, are already running at the time the dependent VMs start.

D

o

The failover plan should be created in advance. In case the primary VM group goes offline, you start the corresponding failover plan manually. When you start the procedure, you can choose to fail over to the latest state of a replica or to any of its good known restore points.

134

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

tr

ib ut e

Module 5: Entire VM Recovery

is

Because failover is a temporary intermediate step that needs to be finalized, the finalizing options for a group failover are similar to a regular failover: undoing failover, permanent failover or failback.

D

If you decide to commit failover or failback, you need to process every VM individually, although you can undo failover for the whole group using the undo failover plan option.

lic

at

e

or

Undoing the failover switches the replica back to the primary VM, discarding all changes that were made to the replica while it was running. When you undo group failover, Veeam Backup & Replication uses the list of VMs that were failed over during the last failover plan session and switches them back to the primary VMs. If some of the VMs were already failed back, manually by a user, they are skipped from processing.

5.3.4. Planned Failover

ot

D

up

If you know that your primary VMs are going to go offline (e.g. you plan to have the production host patched), you can proactively switch the workload to their replicas. A planned failover is a smooth manual switch from a primary virtual machine to its replica with minimum interrupting in operation. You can use the planned failover, for example, to perform maintenance or software upgrades to the primary VMs, or in case you have an advance notice of a disaster approaching that will require taking the primary servers offline. When starting the planned failover:

D

o

N

1. The failover process triggers the replication job to perform an incremental backup and copy the un-replicated changes to the replica. 2. The VM is powered off. 3. The failover process triggers the replication job to perform another incremental backup run and copy the portion of last-minute changes to the replica. The replica becomes fully synchronized with the source VM. 4. The VM is failed over to its replica.

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

135

tr

ib ut e

Module 5: Entire VM Recovery

is

Because the procedure is designed to transfer the current workload to the replica, it does not suggest selecting a restore point to switch.

or

D

During the planned failover, Veeam Backup & Replication creates 2 helper restore points that are not deleted afterwards. These restore points will appear in the list of restore points for this VM; you can use them later to roll back to the necessary VM replica state.

D

o

N

ot

D

up

lic

at

e

When your primary host is online again, you can switch back to it. The finalizing options for a planned failover are similar to those of an unplanned failover: undoing failover, permanent failover or failback.

136

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 5: Entire VM Recovery

Labs for Module 5: Entire VM Recovery

ib ut e

You should now be able to use the methods covered in Module 5 to restore the entire VM with Veeam Backup & Replication in disaster recovery scenarios. Choosing from Instant VM Recovery® or failing over to a VM replica will depend on the situation. In the lab, we will simulate production failure by deleting some of the VMs from disk, and then we will restore them using previously created backups and replicas.

Get into the Lab Action

Purpose

tr

Lab

Instant VM Recovery

Perform Instant VM Recovery to restore a VM directly from a backup in just a few clicks.

5.2

Full VM recovery

Perform full VM recovery to distinguish the ways the full VM recovery option differs from Instant VM Recovery and what its use cases are.

5.3

Using extract utility

Restore a VM via Veeam extract utility to get acquainted with the ways you can use it in case of disaster or for troubleshooting.

Bringing a replica back

5.5

Failover plan

Perform failover and failback, commit failback of a replica and undo failover to familiarize yourself with the various ways that you can utilize replicas for disaster recovery or other scenarios.

D

up

lic

5.4

at

e

or

D

is

5.1

Perform planned failover

Perform a planned failover to minimize data loss and downtime when you know in advance that you are going to need a failover.

D

o

N

ot

5.6

Configure and run a failover plan to fail over a group of VMs running interdependent applications.

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

137

D

o

N

ot

D

up

lic

at

e

or

D

is

tr

ib ut e

Module 5: Entire VM Recovery

138

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 6: Objects Recovery

6. Objects Recovery

ib ut e

There are plenty of situations when, instead of restoring an entire VM, you would prefer to recover an individual file or an individual application item from a backup file or replica to the most recent state or to any point in time in just a few seconds. In this module you will learn how to use the Veeam Backup & Replication features that allow file- and item-level restore.

6.1. Application-Item Recovery

D

The technical process behind the user interface

is

tr

Veeam Explorers allow the user to browse the database of a certain application and restore items to production without fully restoring the VM from the backup. This topic details each of the Veeam Explorers, and explains:

or

The specifics and benefits of each Veeam Explorer

at

e

6.1.1. Veeam Explorer for Microsoft Exchange

D

up

lic

Veeam Explorer for Microsoft Exchange is a free tool available to users of Veeam Backup & Replication. It allows you to browse Microsoft Exchange database files and restore necessary items, such as mailboxes, folders, messages, tasks, contacts and so on. Veeam Backup & Replication supports recovery of hard deleted items, including those from public folders and mailboxes, and recovery of items from/to Archive mailbox. Instead of fully restoring and starting the VM with the Microsoft Exchange Server, you can use Veeam Backup & Replication capabilities to extract the necessary Microsoft Exchange database from the backup file and then use Veeam Explorer for Exchange to browse and restore items.

ot

Starting with v9.5, Veeam Backup & Replication supports the Microsoft Exchange features Litigation Hold and In-Place Hold:

D

o

N

In order to preserve all mailbox content (including original versions of modified items, as well as deleted items), the Litigation Hold option can be enabled for a personal mailbox. Veeam Explorer supports the mailboxes with this option enabled: Litigation Hold Items containers (whether empty or not) are displayed in the mailbox store hierarchy, and you can perform restore operations for them. Veeam also supports restore of items from mailboxes and public folders with In-Place Hold enabled – the corresponding containers will be displayed only if they are not empty.

You can use granular browsing and searching capabilities to find any item or a bunch of items stored in any number of Microsoft Exchange database files. Restore options include: Exporting mailbox folders and items as Personal Folder Files (.pst) Saving mailbox items as Microsoft Exchange Mail Documents (.msg)

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

139

Module 6: Objects Recovery

Sending mailbox items as attachments via email Restoring mailbox folders and items (available only with Veeam Backup & Replication Enterprise and Enterprise Plus Editions) Recovery to Online Archive mailbox.

ib ut e

Note: Veeam Explorer for Exchange requires full access to Microsoft Exchange database files for item recovery. This level of access is usually granted to a very limited number of employees within the organization. If you would like to allow less privileged users to perform recovery of Microsoft Exchange items from backups, you can use the Application-Item Recovery (AIR) wizard for Microsoft Exchange.

is

tr

Make sure Veeam Explorer for Microsoft Exchange is aware of the Extensible Storage Engine location. Extensible Storage Engine is required to access the Exchange mailbox database (.EDB). It runs as a special dynamic link library ese.dll supplied by Microsoft.

D

Specify path to the ese.dll in Veeam Explorer for Microsoft Exchange configuration settings:

e

or

1. In the Options window, open the Extensible Storage Engine tab. 2. Click Browse and specify the path to the ese.dll file. The file can be found on the Microsoft Exchange Server distribution CD at X:\Setup\ServerRoles\Common\ese.dll, or in the installation directory of Microsoft Exchange Server. For example:

up

lic

at

for Microsoft Exchange 2010 default path is: %ProgramFiles%\Microsoft\Exchange Server\V14\Bin for Microsoft Exchange 2013 and Microsoft Exchange 2016 default path is: %ProgramFiles%\Microsoft\Exchange Server\V15\Bin

ot

D

Important! Only Microsoft Exchange 2010 SP1 or later is supported, because Veeam Explorer for Exchange leverages the UploadItems operation which was only supported in Microsoft Exchange Web Services starting with 2010 SP1. See https://msdn.microsoft.com/en-us/library/office/bb409286(v=exchg.150).aspx#bk_bulk_transfe r for additional details.

N

6.1.2. Veeam Explorer for Microsoft SharePoint

D

o

Veeam Explorer for SharePoint allows you to browse Microsoft SharePoint content and recover items (such as library documents, images, webpages and so on) without needing to fully restore and start the virtual machine hosting the SharePoint content database. Instead, you can use Veeam Backup & Replication data recovery options to quickly extract the necessary Microsoft SharePoint content database file (.MDF) from the virtualized server image-level backup, and then use Veeam Explorer for SharePoint to find and restore the Microsoft SharePoint documents you need. Available with all editions of Veeam Backup & Replication, Veeam Explorer for SharePoint provides granular browsing and searching capabilities to find any item or a bunch of items stored in any number of Microsoft SharePoint content databases. You can save items/lists to a local folder or network drive, or send restored items as e-mail attachments. 140

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 6: Objects Recovery

With Veeam Backup & Replication Enterprise and Enterprise Plus edition, you can also use Veeam Explorer for SharePoint to restore Microsoft SharePoint items in the way you need; authorized users (for example, Microsoft SharePoint administrators) can also import content database files (exported by Veeam Explorer for SharePoint) to SharePoint database using PowerShell cmdlets.

ib ut e

Note: If there is a SharePoint server which has a database larger than 10GB, you’ll need fully functional (commercial) version of Microsoft SQL Server, Express version is not going to be able to mount this database.

tr

Note: All of Veeam Explorers can be launched both from Veeam Backup & Replication UI and independently, from the server menu.

D

is

The following versions and editions of Microsoft SharePoint Server (virtualized either on VMware or Hyper-V platform) are suppported:

or

Microsoft SharePoint 2016 Microsoft SharePoint 2013 Microsoft SharePoint 2010

e

All editions are supported (Foundation, Standard, Enterprise).

lic

at

To perform Microsoft SharePoint item recovery, Veeam Explorer requires a Microsoft SQL Server that will be used as a staging system. On this staging system, Veeam Explorer creates temporary Microsoft SharePoint content databases by attaching restored content database files. Below are the requirements for staging server:

ot

D

up

1. The staging Microsoft SQL Server can run on the machine where Veeam Explorer for Microsoft SharePoint is installed, or on another machine. 2. The staging system must have the same or a later version of Microsoft SQL Server as the server that hosts restored Microsoft SharePoint content databases. For example, if the Microsoft SharePoint server uses Microsoft SQL Server 2008, then the staging system can run Microsoft SQL Server 2008 or later.

N

You can use Veeam Explorer for Microsoft SharePoint options to configure staging Microsoft SQL Server settings.

D

o

To be able to work with remote BLOB stores (RBS) of the SharePoint content database, make sure that you have your remote BLOB store virtualized on the corresponding platform (VMware or HyperV). Also, make sure that it is either included in the SharePoint backup created by Veeam Backup & Replication (for automated discovery), or stored on the local machine running Veeam Explorer and staging SQL server (for manual discovery). Make sure the staging SQL Server configuration meets the following requirements: 1. FILESTREAM should be enabled on the database server, and filestream settings should be enabled at database level, as described in Microsoft documentation: For SQL Server 2016 Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

141

Module 6: Objects Recovery

For SQL Server 2014 For SQL Server 2012 For SQL Server 2008R2 2. RBS Client Library should be installed on the database server. For Microsoft SQL Server 2014 and later, the Remote Blob Store setup is included in the installation media; for other versions you can use corresponding Microsoft SQL Server Remote Blob Store setup package (RBS.msi) available at Microsoft website:

ib ut e

For SQL Server 2012: http://www.microsoft.com/en-us/download/details.aspx?id=35580 For SQL Server 2008R2: http://www.microsoft.com/en-us/download/details.aspx?id=16978

tr

6.1.3. Veeam Explorer for Microsoft Active Directory

or

D

is

Veeam Explorer for Microsoft Active Directory is a new tool that extends the functionality of Veeam Backup & Replication, allowing you to browse Active Directory database and recover items (objects and containers) and their attributes from domain controller backup into production. For that, you do not need to fully restore and start the virtual machine hosting the domain controller. Instead, you can use Veeam Backup & Replication data recovery options to quickly extract the necessary Active Directory database file (.DIT) from the domain controller backup, and then use Veeam Explorer for Microsoft Active Directory to find and restore the required objects:

lic

at

e

Use Veeam Explorer for Microsoft Active Directory granular browsing and searching capabilities to find any object/container stored in Active Directory database. Export objects/containers to a local folder or network drive. Restore them to the original or different location.

ot

D

up

Note: Veeam Explorer for Microsoft Active Directory requires full access to Active Directory database files for item recovery. This level of access is usually granted to a very limited number of employees within the organization. If you would like to allow less privileged users to perform recovery of Active Directory objects from backups, you can use the Application-Item Recovery (AIR) wizard.

D

o

N

When viewing the backup in Veeam Explorer for Microsoft Active Directory browser, it’s possible detect the attributes that were changed, moved, or deleted since the Active Directory backup via Compare with Original menu command that allows you to compare Active Directory objects in the backup with those in the production database.

142

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

or

D

is

tr

ib ut e

Module 6: Objects Recovery

at

e

6.1.4. Veeam Explorer for Microsoft SQL Server

up

lic

Veeam Explorer for Microsoft SQL Server is a tool that extends the functionality of Veeam Backup & Replication, allowing you to view and recover databases from within Microsoft SQL server VM backup. For that, you do not need to fully restore and start the virtual machine hosting the SQL server. Instead, you can use Veeam Backup & Replication data recovery options to mount the selected restore point (image-level backup or replica) of the Microsoft SQL server

D

VM to the Veeam backup server and then specify how you want your database to be restored. Veeam Explorer for Microsoft SQL Server offers the following capabilities:

o

N

ot

Browsing SQL server instances and databases Exporting the database to a local folder or network drive, including quick and easy 1-Click Export Restoring the database to the original server or different server Restoring SQL tables

D

Veeam supports database restore to the current restore point (that is, to the state when the backup or replica that is currently mounted to the Veeam backup server was created), restore to the certain point in time (transaction log replay will bring the database to the desired state), and restore to the state before selected transaction.

Note: Availability of these options depends on Microsoft SQL server VM logging and recovery settings and on the backup job settings. Consider that log backups are required to restore your database to the certain point in time or to a state before the selected transaction. Log files are

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

143

Module 6: Objects Recovery

copied from the repository to the Windows machine hosting the target SQL server, and log replay is performed to bring the database to the desired state. Log backups functionality is available in Enterprise and Enterprise Plus version of Veeam Backup & Replication.

ib ut e

In most scenarios, Veeam installs a runtime component named Veeam SQL Restore Service to the VM guest OS (target or staging server, depending on selected restore or export scenario) - to support restore activities on the SQL server VM guest.

Note: If you are restoring the database to the local SQL server instance, this runtime component is not installed on the SQL server guest OS.

D

is

tr

This service runs during the restore session; it checks the rights assignment required for database restore, gets information about databases that should be restored, performs the necessary file operations (including database and transaction log copy) and so on. When restore session ends, the service is stopped and removed from guest. Then a new session starts, and the service is installed again.

at

e

or

The Veeam SQL Restore Service operates under the Local System account. All service activities are logged to the Veeam.SQL.Service_.log file stored in the Temp folder of the system directory, next to the Veeam.SQL.Service_.exe file (runtime component installed per session). Communication between Veeam Explorer and the service is performed using RPC; default TCP port range that should be open on the guest for inbound traffic includes ports 1025 - 1034. If you need to change this port range, then do the following:

D

up

lic

1. Open Veeam Explorer configuration file named Config.xml located at C:\ProgramData\Veeam\Backup\SQLExplorer\on the machine hosting Veeam Explorer (create the file if it is not present). 2. Locate the <SQLExplorer> tag (create the tag if it is not present) 3. Supply the necessary values for Agent MinimumPort and MaximumPort.

ot

SQL Server Logs Backup and Restore

o

N

For highly transactional servers and applications, many organizations need to back up both the application VM and its transaction logs in order to ensure recoverability to any point in time. Among such VMs there are, for example, Microsoft Exchange server and SQL server. Another important requirement is that backup process does not affect the production infrastructure.

D

Veeam Backup & Replication supports transaction log backups for the following systems: Microsoft SQL Server 2005 SP4 Microsoft SQL Server 2008 Microsoft SQL Server 2008 R2 Microsoft SQL Server 2012 Microsoft SQL Server 2014 Microsoft SQL Server 2016

All editions of Microsoft SQL Server are supported. AlwaysOn Availability Groups are supported for 144

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 6: Objects Recovery

Microsoft SQL Server 2012 and later.

ib ut e

Important! To provide for recoverability of your SQL server, make sure that Full or Bulk-logged recovery model is enabled for that server. Then all the changes to the SQL server state will be written to transaction logs, and you will be able restore from any previous state backup to the current state by applying a sequence of logged transactions (transaction log replay). You can specify the frequency at which you want your database transaction logs to be processed when setting up a job. In the backup repository, logs are stored as .VLB files (Veeam proprietary format) co-located with corresponding SQL server VM backups (.VBK/.VIB/.VRB files).

is

tr

Important! The Backup Job must be scheduled, otherwise transaction logs will not be backed up.

at

e

or

D

For export to selected point in time and for export/restore to the state before selected transaction, Veeam Explorer for Microsoft SQL Server uses a staging Microsoft SQL Server. By default, local Microsoft SQL Server deployed with Veeam backup server will be used as a staging system. If you plan to use another server as a staging Microsoft SQL Server, then it should have the same or later version as the original Microsoft SQL Server. Besides, if the source database uses any editionspecific features, then staging system should be of the same or higher edition than the original SQL Server.

lic

6.1.5. Veeam Explorer for Oracle

up

Veeam Explorer for Oracle extends the functionality of Veeam Backup & Replication, allowing you to view and recover databases from within Oracle server VM backup. Veeam Explorer can restore databases from backups created by backup jobs, from imported backups and from storage. Both Windows-based and Linux-based VMs are supported.

ot

D

For database-level recovery, you do not need to fully restore and start the virtual machine hosting your Oracle system. Instead, you can use Veeam recovery capabilities to mount the selected restore point of Oracle server VM to Veeam backup server and then specify how you want your database to be restored.

N

Veeam Explorer for Oracle offers the following capabilities:

D

o

Browsing Oracle system hierarchy Restoring databases to the original server or different server, including quick and easy 1-Click Restore Veeam supports several database restore options: To the current point in time (that is, to the moment when currently selected Oracle VM backup was created) To the selected point in time (here log replay will bring the database to the desired point) To the state before selected transaction

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

145

Module 6: Objects Recovery

Note: Availability of these scenarios depends on Oracle database logging mode and on the VM backup.

ib ut e

Veeam Explorer for Oracle is installed together with Veeam backup server and management console or with the Standalone Console. The basic procedures of restoring Oracle database with Veeam Explorer for Oracle are very similar for restore to current restore point and for restore to point in time or selected transaction. When restoring to the state as of selected restore point, the following takes place:

or

D

is

tr

1. Administrator uses Veeam Backup & Replication console to initiate mount of Oracle VM file system from the backup stored in the repository. 2. Mount is performed using Veeam Mount Server associated with this repository. Typically, target (production) Oracle server is used as a staging system. When a VM is mounted to the specified server, c:\VeeamFLR folder is created on it. 3. Veeam Explorer for Oracle obtains Oracle system hierarchy information and presents it to user. A user chooses the database to restore and specifies target location (original or another server) and settings required to access that server. Database files are copied from the repository to the target machine, database is ‘re-created’ on the Oracle server and becomes ready for use.

lic

at

e

Note: User account that you specify for guest processing of the Oracle VM in the backup job requires the SYSDBA rights on that Oracle system. For Linux system – the root account or account included in sudoers file can be used. During the restore process, this account will be automatically assigned privileges for database restore; after the restore process is finished, these privileges will be automatically recalled

D

up

Staging server is used to fine-tune the restore point in case a user needs to restore database to the state before specific transaction. At the first launch of Veeam Explorer it tries to obtain the staging Oracle server settings using the built-in algorithm. You can specify another staging server, either local (for Windows VMs only) or remote (for both Windows and Linux VMs). The following requirements apply to staging server:

D

o

N

ot

1. A staging server must have the same Oracle database version as the source (original) and target Oracle server. 2. If you plan to restore databases with Automatic Storage Management enabled, the staging and target servers should have ASM enabled, too. 3. Oracle Database Express Edition cannot be used as a staging system.

Oracle Logs Backup and Restore Restore to the selected point in time or to the state before selected transaction requires Oracle database redo log replay, so make sure the backup was created with appropriate log processing settings: ARCHIVELOG mode is enabled for the Oracle database Database logs are not truncated due to VM backup job settings 146

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 6: Objects Recovery

6.2. Universal Application-Item Recovery (U-AIR)

D

up

lic

at

e

or

D

is

tr

ib ut e

For recovery of application objects, U-AIR leverages the vPower technology. It starts the application and all required components in an isolated virtual lab directly from compressed and deduplicated backup files. Once the VM is started, U-AIR provides transparent access to the backed up VM image through a proxy appliance that has visibility of both the virtual lab and production environment. Users can then extract the necessary application objects from the earlier VM images and bring them back to the production environment.

N

ot

U-AIR does not require any special backups or additional tools – the application is started directly from the image-level backup file and users can restore application objects with the native management tools.

D

o

U-AIR offers a universal wizard, that is, Veeam Backup & Replication starts the application and all required components in the virtual lab so that users can connect to that application with the native management tools and restore items manually. U-AIR wizards are standalone components that can be installed and updated independent of the product. You can install U-AIR wizards on any machine in your production environment from which you plan to perform the restore process. To perform the U-AIR process, you can follow a typical workflow or a simplified workflow. Note that in both cases you need your application group, virtual lab and SureBackup job configured. Typical Workflow Commonly, the restore procedure requires specific knowledge and is performed by application Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

147

Module 6: Objects Recovery

administrators or users working with applications. At the same time, management tasks are controlled by Veeam Backup administrators who know about all available resources in the backup infrastructure and user access permissions. For this reason, in the typical U-AIR workflow, two groups of users are engaged:

ib ut e

Users who need to restore specific items from applications Veeam Backup administrators who work with Veeam Backup & Replication and Veeam Backup Enterprise Manager

N

ot

D

up

lic

at

e

or

D

is

tr

To help users who requested virtual labs manage their requests, Veeam Backup & Replication offers a special tool – Virtual Lab Manager. Virtual Lab Manager runs on the machine from which the user sends the request and on which the user plans to perform application-item recovery.

o

The typical restore procedure includes the following steps:

D

1. The user who needs to restore an application item downloads the necessary U-AIR wizard and installs it on his or her machine. The user starts the U-AIR wizard and submits a virtual lab request. The submitted request is sent over to Veeam Backup Enterprise Manager and is registered there. (1) 2. The Veeam Backup Enterprise Manager Administrator receives an e-mail about a new lab request submitted by the user. The e-mail is sent automatically once a new request is registered at Veeam Backup Enterprise Manager. (1) 3. The Veeam Backup Enterprise Manager Administrator makes sure that the user who submitted the request is eligible to access application data from the corresponding backup. 4. The Veeam Backup Enterprise Manager Administrator approves or denies access to requested

148

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 6: Objects Recovery

ib ut e

data using Veeam Backup Enterprise Manager. If the request is approved, the administrator uses the request approval wizard to select the necessary SureBackup job that should be started in order to create the required virtual lab. The SureBackup job that the administrator selects should be pre-configured on one of Veeam Backup servers connected to Veeam Backup Enterprise Manager. (2,3) 5. If necessary, the Administrator can manage virtual labs. For example, the Administrator can extend the time for the virtual lab lease or stop the lab leased by the user to let somebody else perform emergency restore using the same virtual lab. 6. Once the lab is ready, the user receives a notification from Virtual Lab Manager. (4) 7. The user can now start application-item recovery. If necessary, the user can extend the time for which the virtual lab should be running. (5)

tr

After the recovery process is finished, the administrator can manually power off the virtual lab. If this does not happen, the virtual lab will be powered off automatically once the time for virtual lab lease is exceeded.

is

Simplified Workflow

D

If you plan to restore application items in a small environment or use U-AIR for evaluation purposes, you can use a simplified U-AIR workflow.

or

In this case, you can skip the step of creating and approving the virtual lab request and immediately start working with the necessary U-AIR wizard.

ot

D

up

lic

at

e

To be able to use simplified workflow, make sure that the necessary U-AIR wizard is installed on the Veeam Backup server, and that a corresponding SureBackup job is configured on that server.

o

N

To launch application item recovery from the Veeam Backup console using simplified workflow, a user needs to do the following:

D

1. Right-click the necessary SureBackup job and select Realtime Statistics, or double-click the SureBackup job. 2. In the displayed window, select the VM needed to perform the application item recovery. Make sure that the VM is started and the application running inside is initialized. 3. Right-click the VM and select Active Directory item recovery, Exchange item recovery or SQL item recovery to start the corresponding U-AIR wizard.

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

149

Module 6: Objects Recovery

6.3. Guest OS File Recovery The Guest OS File Recovery topics shows you how the guest VM OS files are restored by Veeam Backup & Replication depending on the operating system they belong to.

ib ut e

6.3.1. Guest OS File Recovery With Veeam's Instant File-Level Recovery (IFLR), you can recover an individual file from a backup file or replica to the most recent state or to any point in time in just a few seconds. IFLR does not require you to extract a VM image to the local drive or to start up the VM prior to restore – you can recover files directly from a regular image-level backup or replica.

is

tr

IFLR is available for any virtualized file system, although, Veeam Backup & Replication provides different approaches for different file systems:

at

e

or

D

For Windows-based VMs with NTFS, FAT and ReFS file systems, Veeam Backup & Replication uses built-in Windows file-level recovery. For the most commonly used file systems on Windows, Linux, Solaris, BSD, Novell Netware, Unix and Mac (OS X) machines, Veeam Backup & Replication offers multiOS file-level recovery. For any other file system, Veeam Backup & Replication enables you to leverage Instant VM Recovery to perform manual file-level recovery.

lic

6.3.2. Windows File-Level Recovery

up

For FAT, NTFS and ReFS guest OS systems, Veeam Backup & Replication uses built-in file-level restore functionality. When you perform file-level restore, Veeam Backup & Replication performs the following operations:

D

o

N

ot

D

1. Veeam Backup & Replication mounts disks of the VM from the backup or replica to the backup server or machine on which the Veeam Backup & Replication console is installed, under the C:\veeamflr\ folder. For accessing VM disks content, Veeam Backup & Replication uses a separate program — Virtual Disk Driver (VDK) that is provided with the product. VM disks are not physically extracted from the backup file or VM replica. Veeam Backup & Replication emulates their presence on the backup server or Veeam Backup & Replication console. The backup file or VM replica itself remains in the read-only state. 2. Veeam Backup & Replication launches the Veeam Backup browser where mounted VM disks are displayed. You can browse the VM guest file system in the Veeam Backup browser. 3. If you restore files to the original location, Veeam Backup & Replication creates an additional mount point on the mount server associated with the backup repository on which the backup file resides. The mount server is typically located close to the backup repository. The second mount point lets Veeam Backup & Replication route for VM data in an optimal way and reduce load on the network. As a result, restored files data travels in the following way: 1. In the restore to original scenario — from the mount server to the original location. The first mount point here is used only for browsing the VM guest file system. 2. In the restore to new location scenario — from the backup server

150

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 6: Objects Recovery

or Veeam Backup & Replication console to the specified new location. 4. When the restore process is finished or the Veeam Backup browser is closed by timeout, Veeam Backup & Replication removes mount points from the backup server or machine on which the Veeam Backup & Replication console is installed and from the mount server (if the second mount was used).

ib ut e

Depending on the restore scenario, Veeam Backup & Replication may create mount points on different backup infrastructure components. This can be a mount server, machine running the Veeam Backup & Replication console or the original VM itself.

6.3.3. Multi-OS File-Level Recovery

is

tr

Because Windows cannot read other file systems natively, Veeam Backup & Replication additionally provides multiOS file-level recovery that allows reading data from different file systems: OS

Supported File Systems

Linux

- ext2, ext3, ext4 - ReiserFS - JFS - XFS - Btrfs

BSD

UFS, UFS2

Mac

HFS, HFS+ (volumes up to 2 TB)

Solaris

- UFS - ZFS (except any pool versions of Oracle Solaris) The FLR appliance uses module ZFSonLinux version 0.6.3. For this reason, Veeam Backup & Replication supports only those versions of pools and features that are available in ZFSonLinux version 0.6.3.

N

ot

D

up

lic

at

e

or

D

Windows

- FAT, FAT32 - NTFS - ReFS (ReFS is supported only if Veeam Backup & Replication is installed on Microsoft Windows Server 2012 and later).

D

o

Novell OES

File-level restore is supported for Novell Open Enterprise Server (Novell OES). Novell NetWare is not supported (Veeam Backup & Replication may fail to detect NSS volumes). AD-enabled NSS volumes on Open Enterprise Server 2015 are supported. Restore of NSS file/folder permissions is not supported.

In addition to basic disks, MultiOS file-level recovery understands Linux LVM (Logical Volume Manager) and Windows LDM (Logical Disk Manager) partitions and ZFS pools. MultiOS file-level recovery is a wizard-driven process. To restore files from VM guest OS, Veeam Backup & Replication uses a helper appliance. The helper appliance is a helper VM running a stripped down Linux kernel that has a minimal set of components. The appliance is quite Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

151

Module 6: Objects Recovery

small — around 50 MB. It requires 1024 MB RAM and takes around 10 seconds to boot. When you perform file-level restore, Veeam Backup & Replication performs the following operations:

is

tr

ib ut e

1. Veeam Backup & Replication deploys a helper appliance on the ESX(i) host in the virtual infrastructure. 2. Veeam Backup & Replication mounts disks of the VM from the backup or replica to the helper appliance. The backup file or VM replica itself remains in the read-only state on the backup repository or datastore. 3. Veeam Backup & Replication launches the Veeam Backup browser where mounted VM disks are displayed. You can browse the VM guest file system in the Veeam Backup Browser and restore files or folders to the original VM or to another location. Alternatively, you can enable an FTP server on the virtual appliance and allow VM owners to restore files themselves. 4. When the restore process is finished or the Veeam Backup browser is closed by timeout, Veeam Backup & Replication unmounts the content of the backup file or replica from the helper appliance and unregisters the helper appliance on the ESX(i) host.

or

D

Tip: When you perform recovery directly to a Linux host, you can recover files with correct permissions.

e

6.3.4. File-Level Recovery for Any File System

at

With the vPower technology, Veeam extends IFLR to any file system, not just Microsoft Windows FAT, NTFS, ReFS and file systems supported by the multi-OS File-Level Restore wizard.

lic

To restore files and folders from file systems not supported by file-level restore wizards, you must perform the following actions:

D

o

N

ot

D

up

1. Use Instant VM Recovery to publish the VM from the backup file on the ESX(i) or Hyper-V host in the virtual infrastructure. Do not start the recovered VM. 2. Mount the disks of the restored VM to any VM that can read the file system of the original VM. 3. Restore files or folders using native file management tools. Alternatively, you can mount the VM disks to a Microsoft Windows VM and use file management tools such as Portlock Explorer.

152

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 6: Objects Recovery

Labs for Module 6: Objects Recovery

ib ut e

A lot of daily disaster recoveries do not require an entire VM to be restored. Veeam Backup & Replication enables you to save time and network bandwidth by performing item-level and file-level restore. Try them on your own using the lab environment.

Get into the Lab Action

Purpose

6.1

Perform Microsoft Exchange items recovery

Restore Microsoft Exchange items from the backups created with Veeam Backup & Replication.

6.2

Perform Microsoft SharePoint items recovery

Restore Microsoft SharePoint items from the backups created with Veeam Backup & Replication.

6.3

Perform Oracle items recovery

Restore Oracle items from the backups created with Veeam Backup & Replication.

6.4

Perform Microsoft Active Directory items recovery

Restore Microsoft Active Directory items from the backups created with Veeam Backup & Replication.

6.5

Perform Microsoft SQL Server items recovery

6.6

Guest files recovery

at

e

or

D

is

tr

Lab

lic

Restore Microsoft SQL Server databases from the backups created with Veeam Backup & Replication.

D

o

N

ot

D

up

Restore Windows and Linux guest files.

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

153

D

o

N

ot

D

up

lic

at

e

or

D

is

tr

ib ut e

Module 6: Objects Recovery

154

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 7: Verification

7. Verification To guarantee recoverability of your data, Veeam Backup & Replication offers the SureBackup technology.

ib ut e

7.1. SureBackup Recovery Verification

tr

SureBackup is intended to automate and simplify the backup verification process – one of the most crucial parts of data management and protection. SureBackup lets validate backups of your VMs without impacting the production infrastructure. You can automatically verify every created restore point of every VM and ensure that they will function as expected in case a disaster strikes.

D

is

7.1.1. How It Works

at

e

or

SureBackup is Veeam’s technology that lets you test a VM backup and ensure that you will be able to recover data from it. To validate a VM backup, Veeam Backup & Replication performs its “live” verification: it automatically boots the VM from the backup in the isolated environment, performs tests against it, and then powers the VM off and creates a report on the VM backup state. You can verify a VM from the latest backup or from any necessary restore point. A SureBackup job also can be scheduled to be executed immediately after a specific backup job completes.

up

lic

Note: SureBackup, or automatic recovery verification, is available in Enterprise and Enterprise Plus Editions of Veeam Backup & Replication. If you use the Standard Edition, you can manually verify VM backups with Instant VM Recovery.

D

SureBackup recovery verification uses a regular image-based backup created with Veeam Backup & Replication. The procedure of the VM verification is the following:

D

o

N

ot

1. Veeam Backup & Replication leverages the Instant VM Recovery technology to publish a VM in the isolated virtual environment. The VM is started directly from the compressed and deduplicated backup file residing on the backup repository. 2. Veeam Backup & Replication performs a number of tests against the verified VM. 3. When the recovery verification process is over, Veeam Backup & Replication unpublishes the VM and creates a report on its state. The report is sent to the backup administrator by email.

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

155

tr

ib ut e

Module 7: Verification

D

is

During verification, a backed up VM image remains in read-only state. All changes that take place when a VM is running are written to redo log files that are stored on a selected datastore in the production environment. Once the recovery verification process is complete, the redo logs are removed.

or

To perform VM verification, you need to create the following entities:

D

up

lic

at

e

1. Application group. During recovery verification, the verified VM is not started alone: it is started together with VMs on which it is dependent. Starting the verified VM in conjunction with other VMs enables full functionality of applications running inside the VM and lets you run these applications just like in the production environment. 2. Virtual lab. SureBackup leverages the virtual lab technology to verify a VM backup. The virtual lab is the isolated virtual environment in which the verified VM and VMs from the application group are started and tested. 3. SureBackup job. The SureBackup job is a task to run the recovery verification process. You can run the SureBackup job manually or schedule it to run automatically according to some schedule.

ot

Veeam vPower NFS Service

o

N

The Veeam vPower NFS Service is a Windows service that runs on a Windows backup repository server and enables it to act as an NFS server. vPower NFS allows Veeam Backup & Replication to mount a compressed and deduplicated backup file as a regular VMDK file directly to the ESX(i) host via NFS, so ESX(i) hosts get transparent access to backed up VM images.

D

If you store backups on a Windows repository, it is highly recommended to enable the vPower NFS Server on this repository. In this case, the vPower NFS Service will run on the managing Windows server. Besides Windows-based backup repository servers, Veeam vPower NFS Service can run on any Windows server you choose, including the Veeam backup server itself. However, in this case, performance may be much lower because instead of a direct connection between the ESX(i) host and the backup repository, the connection will be split into two parts: ESX(i) host to NFS server and NFS server to backup repository.

156

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 7: Verification

The vPower technology is used to enable the following features:

ib ut e

SureBackup: Recovery Verification Instant VM Recovery On-Demand Sandbox Multi-OS File-Level Recovery Universal Application-Item Recovery (U-AIR)

vPower-Specific Settings

To establish a connection between the ESX(i) host and vPower NFS server, you must make sure that the ESX(i) host has a proper network interface configuration and can access the vPower NFS server.

is

tr

When connecting to the vPower NFS server, the ESX(i) host uses a VMkernel interface. For this reason, the ESX(i) host must have a VMkernel interface. Otherwise, Veeam Backup & Replication will fail to mount the vPower NFS datastore on the ESX(i) host.

or

D

By default, VMkernel interfaces are not available for non-ESXi versions of VMware vSphere hosts. You will have to add them manually.

lic

at

e

If the vPower NFS server and ESX host are located in the same network, the ESX host must have a VMkernel interface in the same IP network as the vPower NFS server. If the vPower NFS server and ESX host are located in different networks and use a router for network access, in addition to creating a new VMkernel interface, you will have to manually specify routing settings in the IP routing table on the ESX host.

7.1.2. Recovery Verification Tests

up

To verify a VM started in the virtual lab, you can run Veeam’s predefined tests or perform your own tests against VMs. The predefined tests include the following ones:

D

o

N

ot

D

1. Heartbeat test. As soon as the VM is started, Veeam Backup & Replication performs a heartbeat test. It waits for a heartbeat signal from VMware Tools/Hyper-V Integration Services installed inside the VM to determine that the guest OS inside the VM is running. If the signal comes regularly at specific time intervals, the test is passed. 2. Ping test. During the ping test, Veeam Backup & Replication checks if the VM in the virtual lab can respond to the ping requests. If VM responds to ping requests from the Veeam backup server, the test is passed. 3. Application test. Veeam Backup & Replication waits for applications inside the VM to start and runs a script against these applications. Veeam Backup & Replication uses two types of predefined scripts: For DNS servers, domain controllers, Global Catalog servers, mail servers and web servers, Veeam Backup & Replication uses a script that probes an application-specific port. For example, to verify a domain controller, Veeam Backup & Replication probes port 389 for a response. If the response is received, the test is passed. For Microsoft SQL Server, Veeam Backup & Replication uses a script that attempts to connect to instances and databases on the Microsoft SQL Server. For more information, see Microsoft SQL Server Checker Script.

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

157

Module 7: Verification

Beside these predefined tests, you can use custom scripts to verify the VM backup.

ib ut e

Important! To run ALL the recovery verification tests, you must have VMware Tools/Hyper-V Integration Services installed inside the vSphere VM you start from the backup and Hyper-V Integration Services for the Hyper-V VM. Otherwise these tests will be skipped; Veeam Backup & Replication will display a warning in the SureBackup job session results.

7.1.3. Backup File Validation

D

o

N

ot

D

up

lic

at

e

or

D

is

tr

In addition to recovery verification tests, Veeam Backup & Replication allows you to perform backup file validation (also referred to as backup file verification) – a CRC check that runs for backup files of VMs verified by the SureBackup job. The option to validate backup files is selected in the recovery verification job settings. You can also optionally validate backup files for VMs from the application group.

For validation of a backup file, Veeam Backup & Replication uses the checksum algorithm. When 158

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 7: Verification

Veeam Backup & Replication creates a backup file for a VM, it calculates a checksum for every data block in the backup file and stores this data together with VM data. During the backup file validation test, Veeam Backup & Replication de-compresses the backup file, re-calculates checksums for data blocks in the uncompressed backup file, and compares them with initial checksum values. If the results match, the test is passed.

ib ut e

Note: The result of the backup file validation test impacts the state of the SureBackup job session. If the validation tests are completed successfully but the backup validation is not passed, Veeam Backup & Replication marks the SureBackup job session with the Warning status.

7.1.4. Application Group

D

is

tr

In most cases, a VM works in cooperation with other services and components. To verify such VMs, you first need to start all services and components on which the VM is dependent. To this aim, Veeam Backup & Replication uses the notion of the application group.

lic

VM backups VM replicas Storage snapshots

at

You can add VMs from different sources:

e

or

The application group creates the “surroundings” for the verified VM. The application group contains one or several VMs on which the verified VM is dependent. These VMs run applications and services that must be started to enable fully functional work of the verified VM. Typically, the application group contains at least a domain controller, DNS server and DHCP server.

up

Veeam Backup & Replication supports mixed application groups. You can add VMs from backups, storage snapshots and VM replicas to the same application groups. Keep in mind the following limitations:

D

o

N

ot

D

VMs must belong to the same platform — VMware vSphere or Microsoft Hyper-V. VMs must have at least one valid restore point or must reside on a storage snapshot. You cannot add the same VM twice. For example, if you add a VM from the storage snapshot, you will not be able to add the same VM from the backup.

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

159

at

e

or

D

is

tr

ib ut e

Module 7: Verification

lic

When you set up an application group, you specify the role of every VM, its boot priority and boot delay. Additionally, you specify what tests must be performed for VMs in the application group.

ot

D

up

When a SureBackup job is launched, Veeam Backup & Replication first starts in the virtual lab VMs from the application group in the required order (as specified in the application group settings) and performs necessary tests against them. This way, Veeam Backup & Replication creates the necessary environment to start the verified VM. After all the VMs from the application group are started and tested, Veeam Backup & Replication starts the verified VM in the virtual lab.

D

o

N

For example: If you want to verify a Microsoft Exchange Server, you need to test its functionality in cooperation with other components: domain controller and DNS server. Subsequently, you must add to the application group a virtualized domain controller and DNS server. When Veeam Backup & Replication runs a SureBackup job, it will first start and verify the domain controller and DNS server in the virtual lab to make verification of the Exchange Server possible.

Note: All VMs added to the application group must belong to the same platform – VMware vSphere or Microsoft Hyper-V. Mixed platform application groups are not supported.

7.1.5. Virtual Lab The virtual lab is an isolated virtual environment in which Veeam Backup & Replication verifies VMs. 160

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 7: Verification

In the virtual lab, Veeam Backup & Replication starts a verified VM and VMs from the application group. The virtual lab is used not only for the SureBackup verification procedure, but also for U-AIR and On-Demand Sandbox processing.

ib ut e

Note: On-Demand Sandbox refers to using the Virtual Lab to run as an isolated environment for patch deployment testing or troubleshooting. A virtual lab does not require provisioning of additional resources. You can deploy it on the existing ESX(i) host in your virtual environment.

tr

The virtual lab is fully fenced off from the production environment. The network configuration in the virtual lab mirrors the network configuration of the production environment.

o

N

ot

D

up

lic

at

e

or

D

is

For example: If verified VMs are located in two logical networks in your production environment, the virtual lab will also have two networks. The networks in the virtual lab will be mapped to corresponding production networks.

D

Tip: You can optionally connect VMs to the same network in the virtual lab, even if corresponding VMs in the production environment are connected to different networks.

VMs in isolated networks have the same IP addresses as in the production network. This lets VMs in the virtual lab function just as if they would in the production environment.

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

161

Module 7: Verification

Proxy Appliance

lic

at

e

or

D

is

tr

ib ut e

To enable communication between the production environment and the isolated networks in the virtual lab, Veeam Backup & Replication uses a proxy appliance. The proxy appliance is a Linuxbased auxiliary VM created on the host where the virtual lab is created. The proxy appliance VM is assigned an IP address from the production network and placed in the dedicated virtual lab folder and resource pool created on the host.

D

up

The proxy appliance is connected to the production network and to the isolated network so it has visibility of the production environment and the virtual lab. In essence, the proxy appliance acts as a gateway between the two networks, routing requests from the production environment to VM replicas in the virtual lab.

N

ot

The proxy appliance connects to isolated networks using network adapters. Veeam Backup & Replication adds to the proxy appliance one network adapter per each isolated network.

D

o

For example: If there are two networks in the virtual lab, Veeam Backup & Replication will add two network adapters to the proxy appliance. The network adapter gets an IP address from the isolated network. Typically, this IP address is the same as the IP address of the default gateway in the corresponding production network.

Note: The proxy appliance is an optional component. Technically, you can create a virtual lab without a proxy appliance. However, in this case, you will not be able to perform automatic recovery verification of VMs. VMs will be simply started from backups in the virtual lab; you will have to access them using the VM console and perform necessary tests manually.

162

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 7: Verification

IP Masquerading To let the traffic into the virtual lab, Veeam Backup & Replication uses masquerade IP addressing . Every VM in the virtual lab has a masquerade IP address, along with the IP address from the production network. The masquerade IP address resembles the IP address in the production network: for example, if the IP address of a VM is 172.16.1.13, the masquerade IP address may be 172.18.1.13.

D

up

lic

at

e

or

D

is

tr

ib ut e

The masquerade IP address can be thought of as an entry point to the VM in the virtual lab from the production environment. When you want to access a specific VM in the virtual lab, Veeam Backup & Replication addresses it by its masquerade IP address.

N

ot

The rules routing requests to VMs in the virtual lab are specified in the routing table on the server from which you want to access VMs in the virtual lab. The routing table can be updated on the following servers:

D

o

Veeam backup server. Veeam Backup & Replication automatically creates the necessary static route in the routing table on the Veeam backup server the moment you launch a SureBackup job and Veeam Backup & Replication starts the virtual lab. Client machine. If you want to provide your users with access to VMs in the virtual lab, you need to manually update routing tables on their machines and add a new static route.

The added static route destines the masquerade network traffic to the proxy appliance. The proxy appliance here acts as a NAT device: it resolves the masquerade IP address, replaces it with the “real” IP address of a VM from the production network and then directs the request to the necessary VM in the virtual lab. The static route is non-persistent: when you power off the virtual lab, the route is removed from the routing table on the Veeam backup server or client machine.

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

163

e

or

D

is

tr

ib ut e

Module 7: Verification

up

lic

at

For example: When trying to access a VM with IP address 172.16.10.10 in the isolated network during recovery verification, Veeam Backup & Replication sends a request to the masquerade IP address 172.18.10.10. According to the routing rule added to the IP routing table, all requests are first sent to the next hop – the proxy appliance. The proxy appliance performs address translation, substitutes the masquerade IP address with the IP address in the isolated network, and forwards the request to the necessary VM in the isolated network – in the given example, to 172.16.10.10.

D

Static IP Mapping

N

ot

Sometimes it is necessary to provide many clients with access to a restored VM, especially for userdirected application item-level recovery.

D

o

For example: You may want to provide your users with access to the Exchange Server started in the virtual lab using web-based access (like Outlook Web Access). Technically, you may update the routing table on every client machine; however, this will demand a lot of administrative effort.

For such situations, Veeam Backup & Replication enables you to get access to a VM in the virtual lab directly from the production environment. To be able to access to a VM in the virtual lab, you should reserve a static IP address in the pool of production IP addresses and map this IP address to the IP address of a VM in the virtual lab. The static IP address is assigned to the proxy appliance network adapter connected to the production network. IP traffic directed to the specified static IP address is routed by the proxy appliance to the 164

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 7: Verification

at

e

or

D

is

tr

ib ut e

VM powered on in the isolated network.

up

lic

For example: For a VM with IP address 192.168.1.20 in the isolated network, you can reserve IP address 192.168.1.99 (a free IP address from the production network). As a result, you will be able to use IP address 192.168.1.99 to access the VM in the virtual lab from the production side.

D

You can also register an alias record in the production DNS server for the reserved IP address. For example, you can register backup.exchange.local as an alias for the IP address 192.168.1.99.

ot

Virtual Lab Configuration

N

For SureBackup recovery verification, Veeam Backup & Replication offers two types of the virtual lab configuration:

D

o

Basic single-host virtual lab Advanced single-host virtual lab

However, when verifying VM replicas that are located on different hosts, you cannot use the singlehost virtual lab configuration (either basic or advanced) as it has specific configuration limitations. So for SureReplica recovery verification, Veeam Backup & Replication offers three types of the virtual lab configuration: Basic single-host virtual lab Advanced single-host virtual lab Advanced multi-host virtual lab Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

165

Module 7: Verification

Basic Single-Host Virtual Labs The basic single-host virtual lab (formerly known as the virtual lab with basic networking configuration) should be used if all the VMs you want to verify, VMs from the application group, and the Veeam backup server are connected to the same network.

lic

at

e

or

D

is

tr

ib ut e

For the basic single-host virtual lab, Veeam Backup & Replication creates one virtual network that is mapped to the corresponding production network.

up

Advanced Single-Host Virtual Labs

D

The advanced single-host virtual lab (formerly known as the virtual lab with advanced networking configuration) should be used if the VMs you want to verify and/or the VMs from the application group are connected to different networks.

N

ot

In the advanced single-host virtual lab, Veeam Backup & Replication creates several virtual networks for the virtual lab. The number of virtual networks corresponds to the number of production networks to which verified VMs are connected. Networks in the virtual lab are mapped to corresponding production networks.

D

o

When you create an advanced single-host virtual lab, Veeam Backup & Replication configures basic settings for networks that should be created in the virtual lab. You need to review these settings and manually adjust them if needed.

166

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

or

Limitations of Single-Host Virtual Labs (VMware)

D

is

tr

ib ut e

Module 7: Verification

at

e

If VM replicas are located on different hosts, you cannot use the single-host virtual lab configuration (either basic or advanced). A single-host virtual lab, both basic and advanced, uses standard vSwitches (vSS) that have specific configuration limitations.

up

lic

When you create or edit a virtual lab, Veeam Backup & Replication creates a new port group for each isolated network in the virtual lab. All VMs from the isolated network are added to this port group. Such configuration helps differentiate the traffic passing through the VSS to the isolated network in the virtual lab.

D

o

N

ot

D

However, the VSS has a specific restriction: it is “limited” to a certain ESX(i) host. A VSS is configured on a specific ESX(i) host. The configuration of the VSS, such as information about port groups, resides on the ESX(i) host where it is configured. Other ESX(i) hosts in the virtual environment do not have access to this information.

Therefore, the single-host configuration can only be used if all VM replicas are registered on the same ESX(i) host. If you start VM replicas registered on different ESX(i) hosts in the single-host virtual lab, VMs from different port groups will not be able to “see” each other and communicate with each other.

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

167

Module 7: Verification

Advanced Multi-Host Virtual Labs (VMware) The advanced multi-host virtual lab configuration should be used if your DR site is configured in the following way:

ib ut e

All VM replicas you want to verify are located on the different ESX(i) hosts VM replicas you want to verify are connected to one or several networks

tr

Note: DVS is limited to one datacenter. For this reason, all verified VM replicas and VM replicas from the application group that you plan to start in the virtual lab must belong to the same datacenter. If VM replicas belong to different datacenters, you will still be able to start them in the virtual lab, but Veeam Backup & Replication will not be able to automatically verify them with SureBackup.

up

lic

at

e

or

D

is

To verify VM replicas registered on different ESX(i) hosts, you should use the advanced multi-host configuration of the virtual lab. The advanced multi-host virtual lab leverages the VMware Distributed vSwitch (DVS) technology.

ot

D

When you configure an advanced multi-host virtual lab, you should select an ESX(i) host on which the proxy server will be created and a DVS on which Veeam Backup & Replication will create isolated network(s). Veeam Backup & Replication does not offer an option to automatically configure the DVS. The DVS you plan to use must be pre-configured in your virtual environment.

N

The DVS port groups created on the DVS must be isolated from the production environment. To isolate port groups, you can use one of the following methods:

D

o

1. Connect DVS uplinks to an isolated network. You can link the DVS you plan to use for recovery verification to an external, isolated network using uplink adapters. Note that these network configurations must be performed manually by the backup administrator. 2. Use VLAN tagging. This method can be used only if your router supports VLAN ID tagging. When specifying settings for isolated networks in Veeam Backup & Replication, you can define different VLAN IDs for different isolated networks. Setting VLAN IDs restricts communication of VM replicas in the isolated network with the production environment. If your network does not support VLAN ID tagging or the virtual lab is configured incorrectly, VM replicas will be started in the virtual lab but Veeam Backup & Replication will not be able to automatically verify them.

168

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 7: Verification

With Veeam Backup & Replication, you can optionally connect VMs from different production networks to one network in the isolated virtual lab. In this case, all VM replicas in the virtual lab will be started in the same network.

7.1.6. SureBackup Job

ib ut e

A SureBackup job is a task for VM backup recovery verification. The SureBackup job aggregates all the settings and policies of a recovery verification task, such as the application group and virtual lab, VM backups that should be verified in the virtual lab, and so on. The SureBackup job can be run manually or be scheduled to run automatically.

tr

When a SureBackup job runs, Veeam Backup & Replication first creates an environment for VM backup verification:

at

e

or

D

is

1. Veeam Backup & Replication starts the virtual lab. 2. In the virtual lab, it starts VMs from the application group in the required order. VMs from the application group remain running until the verified VMs are booted from backups and tested. If Veeam Backup & Replication does not find a valid restore point for any of VMs from the application group, the SureBackup job will fail. 3. Once the virtual lab is ready, Veeam Backup & Replication starts verified VMs from the necessary restore point, tests and verifies them one by one or, depending on the settings, creates several streams and tests a number of VMs simultaneously. If Veeam Backup & Replication does not find a valid restore point for any of the verified VMs, verification fails, but the job continues to run.

up

lic

By default, when using the Linked Jobs option in a SureBackup job, you can start and test up to three VMs at the same time. You can also increase the number of VMs to be started and tested simultaneously. Keep in mind that if these VMs are resource-intensive, performance of the SureBackup job as well as performance of the ESX(i) host holding the virtual lab may decrease.

ot

D

Once the verification process is complete, VMs from the application group are powered off. Optionally, you can leave the VMs from the application group running to perform manual testing or enable user-directed application item-level recovery. This should be indicated when you configure a SureBackup job.

D

o

N

Note: In some cases, the SureBackup job schedule may overlap with the schedule of the backup job linked to it. The backup file may be locked by the backup job and the SureBackup job will be unable to verify it. In this situation, Veeam Backup & Replication will not start the SureBackup job until the corresponding backup job is over. To overcome job overlapping, you may chain the backup and SureBackup jobs.

SureBackup Job Processing The recovery verification process includes the following steps: 1. Getting virtual lab configuration. Veeam Backup & Replication gets information about the configuration of the virtual lab where verified VMs should be started. Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

169

Module 7: Verification

D

o

N

ot

D

up

lic

at

e

or

D

is

tr

ib ut e

2. Starting the virtual lab routing engine. Veeam Backup & Replication starts a proxy appliance used as a gateway to provide access to the virtual lab. 3. Publishing. Veeam Backup & Replication creates an NFS datastore with a VM backup and registers it on the selected ESX server. Veeam Backup & Replication does not deploy the whole VM from the backup file, it deploys VM configuration files only. Virtual disks are deployed per force and per required data blocks. 4. Reconfiguring. Veeam Backup & Replication updates configuration files for VMs that should be run in the isolated network. 5. Registering. Veeam Backup & Replication registers the verified VM on the selected ESX(i) host. 6. Configuring DC. If a verified VM has the Domain Controller or Global Catalog role, the VM is reconfigured. 7. Powering on. Veeam Backup & Replication powers on the verified VM in the isolated network (using the order of priority as specified in the application group settings). 8. Running the heartbeat test. Veeam Backup & Replication checks whether or not the VMware Tool/Hyper-V Integration Services s heartbeat signal (green or yellow) is coming from the VM. If the VM has no VMware Tools, the test will not be performed, and a notification will be written in the session details. 9. Running ping tests. Veeam Backup & Replication checks if the VM responds to the ping requests. If the VM has no NICs and mapped networks for them and/or has no VMware Tools/Hyper-V Integration Services installed, the ping test will not be performed, and a notification will be written in the session details. 10. Application initialization. Veeam Backup & Replication waits for the applications installed in the VM (for example, SQL Server, web server, mail server) to start. The application initialization period is defined in the corresponding properties of the SureBackup job, and by default equals to 120 sec. However, depending on the software installed in a VM, the application initialization process may require more time than specified in the SureBackup job settings. If applications installed in a VM are not initialized within the specified period of time, test scripts can be completed with errors. If such an error situation occurs, you will need to increase the application initialization timeout value and start the job once again. 11. Running test scripts. Veeam Backup & Replication runs scripts to test whether or not the applications installed in the VM is working correctly. If the VM has no VMware Tools/Hyper-V Integration Services installed and/or there are no NICs and mapped networks for them, Veeam Backup & Replication will skip tests that use variables %vm_ip% and %vm_fqdn% as the IP address and fully qualified domain name of the VM cannot be determined. 12. Powering off. After all tests have been performed, Veeam Backup & Replication powers off the verified VM. 13. Unregistering. Veeam Backup & Replication unregisters the verified VM on the selected ESX(i) host. 14. Clearing redo logs. Veeam Backup & Replication deletes redo logs from the datastore in the production environment. Redo logs store changes made to the VM while it is running from the backup file. 15. Unpublishing. Veeam Backup & Replication unpublishes the content of the backup file on the ESX(i) host. 16. Running backup validation test. After a VM has been verified, powered off and unpublished, Veeam Backup & Replication runs a CRC check to verify the VM backup at the file level and make sure that this file is not corrupted. 17. Stopping virtual lab engine. Veeam Backup & Replication powers off the proxy appliance in the virtual lab. 18. Deleting network routes. Veeam Backup & Replication deletes added network routes from the routing table on the backup server.

170

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 7: Verification

Stabilization Algorithm In order to perform tests for a verified VM without errors, Veeam Backup & Replication needs to know that the VM is ready for testing. To determine this, Veeam Backup & Replication waits for the VM to reach a stabilization point: that is, it waits for the VM to boot completely and report it is ready for tests. After the stabilization point has been established, Veeam Backup & Replication can start performing heartbeat tests, ping tests and running test scripts against the VM.

ib ut e

Veeam Backup & Replication establishes the stabilization point with the help of the VMware parameters that it gets from the VM. It can use one of three algorithms to do that, depending on the VM configuration:

at

e

or

D

is

tr

Stabilization by IP. This algorithm is used if the VM has VMware Tools installed and there are NICs and mapped networks for these NICs. In this case, Veeam Backup & Replication waits for the IP address of the VM for mapped networks, which is sent by VMware Tools running in the VM. The sent IP address should be valid and should not change for a specific period of time. Stabilization by heartbeat. This algorithm is used if the VM has VMware Tools installed but there are no vNICs or mapped networks for them. In this case Veeam Backup & Replication waits for a corresponding heartbeat signal (green or yellow) to come from the VM. Just like in the first case, the signal is sent by VMware Tools running in the VM. Stabilization by Maximum allowed boot time. This algorithm is used if the VM has neither VMware Tools installed, nor NICs and mapped networks for them. In this case, Veeam Backup & Replication will simply wait for the time specified in the Maximum allowed boot time field, which is considered to be a stabilization period for the VM. Once this time interval is exceeded, Veeam Backup & Replication will consider that the VM is successfully booted and is ready for testing.

up

lic

Veeam Backup & Replication establishes a stabilization point with the help of the Hyper-V parameters that it gets from the VM. Depending on the VM configuration, it uses one of the four algorithms:

D

o

N

ot

D

Stabilization by IP. This algorithm is used if the VM has network adapters and there are mapped networks for these network adapters. In this case, Veeam Backup & Replication waits for an IP address of the VM for mapped networks that is sent by Hyper-V Integration Services running in the VM or by the Hyper-V host via the proxy appliance. The sent IP address must be valid and must not change for a specific period of time. For more information, see Recovery Verification Tests. Stabilization by heartbeat. This algorithm is used if the VM has Hyper-V Integration Services installed but there are no network adapters and mapped networks for them. In this case, Veeam Backup & Replication waits for a heartbeat signal from Hyper-V Integration Services installed inside the VM. Hybrid heartbeat/IP algorithm. Veeam Backup & Replication uses both the heartbeat signal (if available) and an IP of the VM to stabilize the VM boot process. Stabilization by Maximum allowed boot time. This algorithm is used if the VM has neither Hyper-V Integration Services installed, nor network adapters and mapped networks for them. In this case, Veeam Backup & Replication simply waits for the time specified in the Maximum allowed boot time field, which is considered to be a stabilization period for the VM. Once this time interval is exceeded, Veeam Backup & Replication considers that the VM is successfully booted and is ready for testing.

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

171

Module 7: Verification

7.1.7. Manual Recovery Verification Beside automatic recovery verification, you can perform manual verification of VM backups. Manual verification can be performed with all editions of Veeam Backup & Replication. Boot Test

ib ut e

To perform a VM boot test, perform Instant VM Recovery for the verified VM. Power on the VM but do not connect the VM to the production network to avoid conflicts with the original VM. Application Test To perform an application test:

D

is

tr

1. Create an isolated network. 2. Use the Instant VM Recovery wizard to restore the verified VM. At the Ready to Apply step of the wizard, clear the Connect VM to network check box. 3. When the VM is started, connect it to the isolated network.

e

or

The same procedure must be performed for all VMs that run applications on which the verified VM is dependent such as domain controller and DNS. All VMs must be connected to the same isolated network and started in the correct order: for example, DNS > domain controller > verified VM.

at

7.2. SureReplica Recovery Verification

D

up

lic

To guarantee recoverability of your data, Veeam Backup & Replication complements the SureBackup recovery verification technology with SureReplica. SureReplica is similar to the SureBackup recovery verification in many respects. It lets you validate your DR environment without impacting the production infrastructure: you can automatically verify every created restore point of every VM replica and ensure that they are functioning as expected when you set up a SureReplica recovery verification to be triggered automatically after a replica job creates a new restore point.

N

ot

Important! SureReplica is only available for VMware vSphere - it is not available for Microsoft Hyper-V.

o

The SureReplica technology is not limited only to VM replica verification and, similar to SureBackup, provides the following capabilities: Purpose

D

Capability

SureReplica

Automated VM replica verification

On-Demand Sandbox

An isolated environment for testing VM replicas, training and troubleshooting

U-AIR

Recovery of individual items from applications running on VM replicas

172

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 7: Verification

Note: As there is no need to publish the VM from the backup file, the SureReplica processing is typically faster than SureBackup. Correspondingly, the U-AIR and On-Demand Sandbox operations are faster, too. The procedure of the VM replica verification is the following: Action

Notes

2

Veeam Backup & Replication starts the VM replica in the isolated virtual environment.

3

Veeam Backup & Replication performs a number of tests against the verified VM replica.

4

When the verification process is over, Veeam Backup & Replication: 1. Removes delta files from the VM replica snapshot 2. Powers off the VM replica 3. Creates a report on its state

All changes made to the VM replica are written to delta files.

The report is sent to the backup administrator by email.

at

e

or

D

is

tr

1

Veeam Backup & Replication triggers a protective snapshot for a VM replica.

ib ut e

Step

D

up

lic

Note: Veeam Backup & Replication verifies only VM replicas that are in the Normal state. If a VM replica is in the Failover or Failback state, the verification process will fail. When Veeam Backup & Replication verifies the VM replica, it puts the VM replica to the SureBackup state. You cannot perform failback or failover operations for a VM replica in the SureBackup state until the recovery verification or U-AIR process is over and the VM replica returns to the Normal state.

ot

To perform VM replica verification, the same wizard is used as for backup verification. You need to create the following similar entities:

N

Application Group

D

o

During recovery verification, the VM replica is started with VMs on which the VM replica is dependent. This enables full functionality of applications running inside the VM replica and allows you to start required applications just like in the production environment.

Virtual Lab

SureBackup Job

The virtual lab is an isolated virtual environment in which the VM replica and VMs from the application group are started and tested. SureReplica leverages the virtual lab technology to verify the VM replica.

The SureBackup job is a task which runs the replica verification process. This kind of SureBackup job is often referred to as a SureReplica job. It can be run manually or scheduled to run automatically.

To verify a VM replica started in the virtual lab, you can run Veeam’s predefined tests or perform your Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

173

Module 7: Verification

own tests against VMs. The predefined tests include the following: Heartbeat test

Ping test

Application test

As soon as the VM replica is started

As soon as the VM replica is started (after heartbeat test)

As soon as applications inside the VM replica are started

How it works

Waits for a heartbeat signal from VMware Tools installed inside the VM to determine that the guest OS inside the VM replica is running

Sends ping requests to the VM replica started in the virtual lab

Runs a script that checks application-specific network ports

How results are measured

Passed: The yellow and green signals display. Failed: The red signal displays.

If the VM replica can respond to ping requests from the Veeam backup server, the test is passed.

Notes

You must have VMware Tools installed inside the VM being verified. Otherwise all tests will be skipped; Veeam Backup & Replication will display a warning in the SureBackup job session results.

is

tr

ib ut e

When performed

lic

at

e

or

D

It depends on the applicationspecific script. For example, to verify a Domain Controller, Veeam Backup & Replication probes port 389 for a response. If the response is received, the test is passed.

up

Beside these predefined tests, you can use custom scripts to verify the VM replica.

D

7.3. On-Demand Sandbox

N

ot

If you need to perform tests for production VMs, you can create and use an On-Demand SandboxTM. The On-Demand Sandbox is an isolated virtual environment where you can start one or more VMs from backups, VM replicas or VMs from storage snapshots. You can use the On-Demand Sandbox to perform the following tasks:

D

o

Troubleshoot problems with VMs Test software patches and upgrades Install new software

To create the On-Demand Sandbox, you must configure the following objects: A virtual lab in which VMs will be started. An application group. The application group must include all VMs and/or VM replicas that you want to start in the On-Demand Sandbox. This can be one VM or a group of VMs that work together. Veeam Backup & Replication supports mixed application groups. You can add to the same application groups both VMs from backups and VMs from replicas. Keep in mind that all

174

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 7: Verification

VMs from the application group must belong to the same platform – VMware or Hyper-V, and must have at least one valid restore point created by the time the SureBackup job starts. A SureBackup job. The virtual lab and application group must be linked to this job.

ib ut e

The difference between using these three entities for automated verification purposes and for OnDemand Sandbox purposes is that for On-Demand sandbox purposes you should enable the Keep the application group running once the job completes check box when configuring a SureBackup job. With this option enabled, the lab will not be powered off when the SureBackup job completes and you will be able to manually test VMs started in the virtual lab. You can also choose to move the VMs straight to production from the Virtual Lab (e.g if the upgrade works as expected) with a one time replication job.

D

o

N

ot

D

up

lic

at

e

or

D

is

tr

Note: The source backup or replication job has a higher priority than the SureBackup job. If a backup or replication job starts when the SureBackup job is running, and this job requires to modify the restore point from which the VM is started (i.e create a new snapshot on the replica, or perform a transform operation), Veeam Backup & Replication automatically powers off VMs in the virtual lab and terminates the SureBackup job.

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

175

D

o

N

ot

D

up

lic

at

e

or

D

is

tr

ib ut e

Module 7: Verification

176

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 7: Verification

Labs for Module 7: Verification

It’s time to try out setting up the reviewed validation processes in the lab.

Action

Purpose

is

Lab

tr

Get into the Lab

ib ut e

After completing the theoretical part of Module 7: Verification, you are familiar with configuring an application group, Virtual Lab and SureBackup jobs, and you can name the interactions that happen throughout the backup or replica verification.

Familiarize yourself with the components that you need to create in the interface so that you can automatically validate VM backups without affecting the production infrastructure.

7.2

Using SureBackup

Configure a backup verification process for one of the VMs of the infrastructure.

7.3

Using SureReplica

Verify a replica of a VM to review the specifics of the process, especially when compared with the backup verification.

D

o

N

ot

D

up

lic

at

e

or

D

7.1

Preparing the infrastructure

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

177

D

o

N

ot

D

up

lic

at

e

or

D

is

tr

ib ut e

Module 7: Verification

178

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 8: Introduction to Agents

8. Introduction to Agents If you have the Veeam backup infrastructure deployed in the production environment, you can use Veeam Agent for Microsoft Windows together with Veeam Backup & Replication.

ib ut e

The subsequent sections describe tasks available for Veeam Agent for Microsoft Windows operating in the standalone mode. For information about Veeam Agent management in Veeam Backup & Replication, see the Veeam Agent Management Guide at: https://www.veeam.com/documentation-guides-datasheets.html.

tr

If you plan to use Veeam Agent for Microsoft Windows with Veeam Backup & Replication, you must install Veeam Backup & Replication 9.5 Update 3 or later on the Veeam backup server.

D

is

8.1. Why agents?

or

Extending Availability to Microsoft Windows and Linux workloads Delivering Availability for physical and cloud-based servers and workstations — on-premises or remote — presents challenges all organizations must overcome, including:

lic

at

e

Cumbersome and expensive processes involved in backing up and recovering Windows and Linux instances that reside in the cloud Catering to complex hardware configurations or regulatory compliance requirements when providing robust backup for physical servers and workstations that cannot be virtualized Providing low RPOs for roaming laptops and tablets belonging to traveling users and those in home offices

up

What’s more, everyday occurrences such as lapses in connectivity, hardware failures, file corruption — even ransomware or theft — can leave an organization’s data at risk.

D

Veeam Agents for Microsoft Windows and Linux solve these challenges by enabling you to:

o

N

ot

Reduce cost and complexity while ensuring Availability for Windows and Linux instances in the cloud Achieve Availability for physical servers and workstations that cannot be virtualized Meet RPOs and reduce the risk of data loss for desktops, laptops and tablets outside of the corporate network.

D

8.2. Veeam Agents for Microsoft Windows Free

Workstation

Server

Instant Recovery to Microsoft Hyper-V VM

X

X

X

Direct Restore to Microsoft Azure

X

X

X

Source-side encryption

X

X

X

X

X

Endpoint protection for mobile users

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

179

Module 8: Introduction to Agents

Free

Workstation

Server

Back up directly to Veeam Cloud Connect

X

X

Remote configuration and management API

X

X

Application-aware processing

X

Transaction log backup for databases

X X

ib ut e

X

Guest file indexing and search 24.7.365 technical support

8.3. Veeam Agents for Linux

Workstation

Server

Entire computer, volume-level and file-level imagebased backup

X

X

X

Built-in volume snapshot and changed block tracking drivers

X

File-level, volume-level and bare metal recovery (same or different hardware)

X

Backup and recovery using console UI or command line

is X

X

X

X

X

X

X

X

D

X

e

X X

at

Pre-freeze/post-thaw snapshot scripts for application processing

X

or

Integration with Veeam Backup & Replication Support for multiple jobs

tr

Free

X X

X

up

24.7.365 technical support

lic

Guest file indexing, catalog search and restore with Veeam Backup Enterprise Manager

D

8.4. Veeam Agent Management

N

ot

Starting from version 9.5 Update 3, you can use Veeam Backup & Replication to manage Veeam Agent for Microsoft Windows on computers in your infrastructure. As part of the Veeam Agent management scenario, you can remotely deploy Veeam Agent for Microsoft Windows to your computers, as well as configure and manage Veeam Agent backup jobs in Veeam Backup & Replication.

D

o

You can store backup files created with Veeam Agent for Microsoft Windows and Linux on backup repositories managed by Veeam Backup & Replication. To do this, you must select a backup repository as a target location in the properties of the Veeam Agent backup job. To store Veeam Agent backups, you can use a simple backup repository or a scale-out backup repository. Veeam Agent works with the backup repository as with any other target location. Backup files are stored to a separate folder; you can perform standard restore operations using these files. Information about Veeam Agent backups stored on the backup repositories, backup jobs and sessions becomes available in the Veeam Backup & Replication console: The Veeam Agent backup job is displayed in the list of jobs in Veeam Backup & Replication. 180

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 8: Introduction to Agents

Backup files created with Veeam Agent are displayed in the list of backups, under the Backups > Disk node. Performed job sessions are available in the History view of Veeam Backup & Replication. Backup administrators working with Veeam Backup & Replication can perform a set of operations with Veeam Agent backups:

tr

ib ut e

Perform data protection operations: copy Veeam Agent backups to secondary backup repositories and archive these backups to tape. Perform restore operations: restore individual files and folders, application items from Veeam Agent backups; restore computer disks and convert them to the VMDK, VHD or VHDX format; restore Veeam Agent backups to Microsoft Azure or to Hyper-V VMs. Perform administrative tasks: disable and delete Veeam Agent backup jobs, remove Veeam Agent backups and so on.

or

8.5.1. Creating Protection Groups

D

is

8.5. Protection Groups

lic

at

e

You must add computers that you plan to protect with Veeam Agents to the inventory in the Veeam Backup & Replication console. In Veeam Backup & Replication, protected computers are organized into protection groups. You can create one or more protection groups that contain computers of different types or offer different discovery and deployment options.

D

up

Important! If you do not want to create protection groups, for example, if you plant to manage only a small number of computers in your infrastructure, you can add the necessary computers directly to a Veeam Agent backup job. Veeam Backup & Replicationwill automatically add such computers to the Manually Added protection group Use the New Protection Group wizard to configure a protection group.

ot

Launch the New Protection Group wizard. Specify protection group name and description. Select protection group type. Specify protection scope for the protection group. Exclude objects from the protection group. Specify credentials. Specify discovery and deployment options. Review components. Assess results. Finish working with the wizard.

D

o

N

1. 2. 3. 4. 5. 6. 7. 8. 9. 10.

8.5.2. Protection Group Types You can select one of the following types: Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

181

Module 8: Introduction to Agents

or

D

is

tr

ib ut e

Individual computers — select this option if you want to define a static protection scope by adding specific computers to the protection group. This option is recommended for smaller environments that do not have Microsoft Active Directory deployed. With this option selected, you will pass to the Computers step of the wizard. Microsoft Active Directory objects — select this option if you want to add to the protection group one or several Active Directory objects: entire domain, container, organization unit, group, computer or cluster. Protection groups that include Active Directory containers and/or organization units are dynamic in their nature. If a new computer is added to a container or organization unit that you have specified in the protection group settings, during the next discovery session, Veeam Backup & Replication will discover this computer and (optionally) deploy Veeam Agent on this computer. With this option selected, you will pass to the Active Directory step of the wizard. Computers from CSV file — select this option if you want to add to the protection scope computers listed in a CSV file that resides in a local folder on the backup server or in a network shared folder. As well as protection groups that include Active Directory containers, protection groups of this type are also dynamic. If a new computer appears in a CSV file after the protection job is created, within the next discovery session, Veeam Backup & Replication will automatically update the protection group settings to include the added computer. With this option selected, you will pass to the CSV File step of the wizard.

lic

8.5.3. Protection Scope

at

e

Important! You can add a Microsoft failover cluster to a protection group based on Microsoft Active Directory objects only. To do this, you must select the Microsoft Active Directory objects option and then add a cluster account or an AD object containing this account at the Active Directory step of the wizard.

up

Specify protection scope for the created protection group:

D

o

N

ot

D

Specify computers — if you have selected the Individual computers option at the Type step of the wizard. Specify Microsoft Active Directory objects — if you have selected the Microsoft Active Directory objects option at the Type step of the wizard. If you want to include a large number of computers in the protection group but do not want to use an account with domain administrator permissions in the protection group settings, consider configuring a protection group based on a list of computers imported from a CSV file. Specify a CSV file — if you have selected the Computers from CSV file option at the Type step of the wizard.

182

Note: After you finish configuring the protection group, Veeam Backup & Replication will perform discovery of computers listed in the CSV file upon schedule defined in the protection group settings. If Veeam Backup & Replication is unable to read the CSV file (for example, after the file was moved or deleted from the specified location), the discovery job will use the list of computers imported from the CSV file during the previous discovery job session.

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 8: Introduction to Agents

8.5.4. Discovery and Deployment Options Veeam Backup & Replication regularly connects to protected computers according to the schedule defined in the protection group settings. At this step of the wizard, you can define the discovery schedule and specify operations that Veeam Backup & Replication must perform on discovered computers. You can also select which server in your backup infrastructure should act as a distribution server for Veeam Agents.

ib ut e

To specify discovery and deployment options:

D

o

N

ot

D

up

lic

at

e

or

D

is

tr

1. In the Discovery section, define schedule for automatic computer discovery within the scope of the protection group: 1. To run the discovery job at specific time daily, on defined week days or with specific periodicity, select Daily at this time. Use the fields on the right to configure the necessary schedule. 2. To run the discovery job repeatedly throughout a day with a specific time interval, select Periodically every. In the field on the right, select the necessary time unit: Hours or Minutes. Click Schedule and use the time table to define the permitted time window for the discovery job. In the Start time within an hour field, specify the exact time when the job must start. 3. To run the discovery job continuously, select the Periodically every option and choose Continuously from the list on the right. A new discovery job session will start as soon as the previous discovery job session finishes. 2. In the Deployment section, from the Distribution server list, select a Microsoft Windows server that you plan to use as a distribution server. Veeam Backup & Replication will use the distribution server to upload Veeam Agent setup archives to computers added to the protection group. By default, Veeam Backup & Replication assigns the distribution server role to the backup server. To learn more, see Distribution Server. 3. If you want to instruct Veeam Backup & Replication to automatically deploy Veeam Agents on all discovered computers in the protection group, in the Deployment section, make sure that the Install backup agent automatically check box is selected. You can also choose to disable automated Veeam Agent installation. In this case, you will need to install Veeam Agent on every computer included in the protection group and discovered by Veeam Backup & Replication. 4. If you want to instruct Veeam Backup & Replication to automatically upgrade Veeam Agent on discovered computers when a new version of Veeam Agent appears on the distribution server, in the Deployment section, make sure that the Auto-update backup agent check box is selected. 5. [For protection groups that include Microsoft Windows servers] Select the Install changed block tracking driver on Windows Server OS check box if you want to install the advanced changed block tracking (CBT) driver on servers protected with Veeam Agent for Microsoft Windows. To learn more, see the Veeam Changed Block Tracking Driver section in Veeam Agent for Microsoft Windows User Guide at: https://www.veeam.com/documentation-guides-datasheets.html. If you included workstations and servers in the created protection group, Veeam Backup & Replication will install the Veeam CBT driver on servers only. 6. Select the Perform reboot automatically if required check box to allow Veeam Backup & Replication to reboot a protected computer. In particular, the reboot operation is required as part of the Veeam CBT driver installation process.

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

183

Module 8: Introduction to Agents

Note: You cannot create a protection group without defining schedule for automatic discovery. However, you can disable automatic discovery for a specific protection group, if needed.

8.6. Agent Jobs

ib ut e

Creating Veeam Agent Backup Jobs To back up data of your protected computers, you must configure a Veeam Agent backup job in Veeam Backup & Replication. The Veeam Agent backup job defines how, where and when to back up data. In Veeam Backup & Replication, you can create Veeam Agent backup jobs of the following types:

at

e

or

D

is

tr

Backup job that runs on the backup server in the similar way as a regular job for VM data backup. The backup job is intended for protected computers that have permanent connection to the backup server. One job can be used to process one or more protection groups and/or individual computers. Backup policy that describes configuration of individual Veeam Agent backup jobs running on protected computers. The backup policy helps speed up the process of configuring backup job settings on protected computers that may have limited connection to the backup server. Settings from a backup policy can be applied to one or more individual computers or computers added to the inventory as a part of a protection group. Veeam Backup & Replication lets you create Veeam Agent backup jobs of both types (the backup job itself and backup policy) for the following types of protected computers:

D

up

lic

Microsoft Windows computers — computers protected with Veeam Agent for Microsoft Windows Linux computers — computers protected with Veeam Agent for Linux If a protection group contains Microsoft Windows computers and Linux computers, you can add this protection group to a Veeam Agent backup job intended for any of these types of protected computers. Veeam Backup & Replication will automatically exclude computers of another type from the backup job and processes only those computers that run an OS of the same type.

o

N

ot

For example, if you add a protection group that contains Microsoft Windows and Linux computers to a Veeam Agent backup job intended for Linux computers, Veeam Backup & Replication will exclude Microsoft Windows computers from this backup job and process only Linux computers within the job.

D

8.6.1. Agent for Windows Job Modes Specify protection settings for the backup job: 1. Select the type of protected computers that you want to add to the backup job. 2. If you choose to configure the backup job for servers, select the job mode that defines how the backup job should be managed: by the backup server or by Veeam Agent running on a protected computer.

184

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 8: Introduction to Agents

To specify protection settings: 1. In the Type field, select the type of protected computers that you want to add to the backup job. The selected type defines what mode(s) will be available for the configured backup job and what job settings will be available at subsequent steps of the wizard. You can select one of the following types:

ib ut e

Workstation — select this option if you want to add to the backup job workstations or laptops that reside in remote locations and may have limited connection to the backup server. For workstations, Veeam Backup & Replication offers backup job settings similar to the settings of the backup job available in the Workstation edition of Veeam Agent for Microsoft Windows.

tr

With this option selected, the backup job will be managed by Veeam Agents installed on protected computers — you do not need to select the job mode.

D

is

Server — select this option if you want to add to the backup job standalone servers that have permanent connection to the backup server. For servers, Veeam Backup & Replication offers backup job settings similar to the settings of the backup job available in the Server edition of Veeam Agent for Microsoft Windows.

or

With this option selected, you can also select the job mode.

at

e

Failover cluster — select this option if you want to add a failover cluster to the backup job. For failover clusters, Veeam Backup & Replication offers the same backup job settings as for servers. With this option selected, the backup job will be managed by the Veeam backup server — you do not need to select the job mode.

lic

2. If you have chosen to configure the backup job for servers, in the Mode field, select the job mode:

ot

D

up

Managed by backup server — with this option selected, you will be able to configure a Veeam Agent backup job itself. A Veeam Agent backup job configured in Veeam Backup & Replication within the Veeam Agent management scenario is in many ways similar to a regular job for VM data backup. You can add one or more individual computers and/or protection groups to the job and instruct Veeam Backup & Replication to create Veeam Agent backups in a Veeam backup repository.

D

o

N

When you create a Veeam Agent backup job managed by the backup server, Veeam Backup & Replication saves the job settings in its database. Veeam Backup & Replication performs all management tasks for the Veeam Agent backup job: starts a job upon the defined schedule, allocates backup infrastructure resources, and so on. Veeam Agents running on protected computers perform data backup operations only, such as creating a VSS snapshot, reading the backed-up data and transferring backed-up data to the target location. To manage a Veeam Agent backup job of this type, you can use the Veeam Backup & Replication console only. The Veeam Agent control panel is not available on a computer that is added to a Veeam Agent backup job managed by the backup server, and you cannot perform operations with Veeam Agent directly on the protected computer. This option is the only available option for failover clusters. It is also enabled by default

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

185

Module 8: Introduction to Agents

for servers.

ib ut e

Managed by agent — with this option selected, you will be able to configure a backup policy. A backup policy describes configuration of a Veeam Agent backup job, and acts as a saved template. Backup policies speed up the process of configuring backup job settings on protected computers: instead of specifying backup job settings manually on each computer, you can apply settings from a backup policy to a group of computers at once.

is

tr

When you create a Veeam Agent backup job managed by Veeam Agent, Veeam Backup & Replication saves the specified backup job settings to a configuration file on the backup server. After that, Veeam Backup & Replication applies these settings to create individual backup jobs directly on Veeam Agent computers. On a Veeam Agent computer, backup job settings are saved to the Veeam Agent database. This allows Veeam Agent to perform all backup job management and data processing tasks by itself even if a connection to the backup server is unavailable.

or

D

For computers specified in the backup policy, in addition to managing backup job settings from the Veeam Backup & Replication console, you can also perform selected operations directly on a protected computer. In particular, you can use the Veeam Agent control panel to start the backup job manually and monitor backup statistics. This allows you create backup of your data in case the protected computer has no connection to the backup server.

lic

at

e

This option is the only available option for workstations. You can also select this option for servers.

up

8.6.2. Agent for Linux Job Modes Specify protection settings for the backup job:

ot

D

1. Select the type of protected computers that you want to add to the backup job 2. If you choose to configure the backup job for servers, select the job mode that defines how the backup job should be managed: by the backup server or by Veeam Agent installed on a protected computer.

N

To specify protection settings:

D

o

1. In the Type field, select the type of protected computers that you want to add to the backup job. The selected type defines what settings will be available for the configured backup job and the job mode. You can select one of the following types: Workstation — select this option if you want to add to the backup job Linux-based workstations or laptops that reside in remote locations and may have limited connection to the backup server. For workstations, Veeam Backup & Replication offers backup job settings similar to the job settings available in Veeam Agent for Linux operating in the Workstation mode. With this option selected, the backup job will be managed by Veeam Agents installed on protected computers — you do not need to select the job mode.

186

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 8: Introduction to Agents

Server — select this option if you want to add to the backup job Linux-based servers that have permanent connection to the backup server. For servers, Veeam Backup & Replication offers backup job settings similar to the job settings available in Veeam Agent for Linux operating in the Server mode. With this option selected, you can also select the job mode.

ib ut e

2. If you have chosen to configure the backup job for servers, in the Mode field, select the job mode:

is

tr

Managed by backup server — with this option selected, you will be able to configure a Veeam Agent backup job itself. A Veeam Agent backup job configured in Veeam Backup & Replication within the Veeam Agent management scenario is in many ways similar to a regular job for VM data backup. You can add one or more individual computers and/or protection groups to the job and instruct Veeam Backup & Replication to create Veeam Agent backups in a Veeam backup repository.

e

or

D

When you create a Veeam Agent backup job managed by the backup server, Veeam Backup & Replication saves the job settings in its database. Veeam Backup & Replication performs all management tasks for the Veeam Agent backup job: starts a job upon the defined schedule, allocates backup infrastructure resources, and so on. Veeam Agents running on protected computers perform data backup operations only, such as creating a volume snapshot, reading the backed-up data and transferring backed-up data to the target location.

lic

at

To manage a Veeam Agent backup job of this type, you can use the Veeam Backup & Replication console only. The Veeam Agent UI is not available on a computer that is added to a Veeam Agent backup job managed by the backup server, and you cannot perform operations with Veeam Agent directly on the protected computer.

up

This option is available for servers only.

D

o

N

ot

D

Managed by agent — with this option selected, you will be able to configure a backup policy. A backup policy describes configuration of a Veeam Agent backup job, and acts as a saved template. Backup policies speed up the process of configuring backup job settings on protected computers: instead of specifying backup job settings manually on each computer, you can apply settings from a backup policy to a group of computers at once. When you create a Veeam Agent backup job managed by Veeam Agent, Veeam Backup & Replication saves the specified backup job settings to a configuration file on the backup server. After that, Veeam Backup & Replication applies these settings to create individual backup jobs directly on Veeam Agent computers. On a Veeam Agent computer, backup job settings are saved to the Veeam Agent for Linux database. This allows Veeam Agent to perform all backup job management and data processing tasks by itself even if a connection to the backup server is unavailable. For computers specified in the backup policy, in addition to managing backup job settings from the Veeam Backup & Replication console, you can also perform selected operations directly on a protected computer. In particular, you can use the Veeam Agent control panel to start the backup job manually and monitor backup statistics. This allows you

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

187

Module 8: Introduction to Agents

create backup of your data in case the protected computer has no connection to the backup server. This option is available for workstations and servers.

ib ut e

8.7. Administrative tasks 8.7.1. Enabling and Disabling Veeam Agent Backup Jobs You can disable and enable Veeam Agent jobs in Veeam Backup & Replication.

D

is

tr

When you disable the job, you prohibit the user to store the resulting backup to the backup repository. If the user starts a disabled job manually or the job starts by schedule, the job session will fail and report the "The job has been disabled by the Veeam Backup & Replication administrator" error. To let Veeam Agent for Microsoft Windows store backups to the backup repository again, you must enable the disabled job.

or

To disable or enable the scheduled backup job in Veeam Backup & Replication:

lic

at

e

1. In Veeam Backup & Replication, open the Home view. 2. In the inventory pane, click the Jobs node. 3. Select the necessary job in the working area and click Disable on the ribbon or right-click the necessary job in the working area and select Disable. To enable the disabled job, click Disable on the toolbar or right-click the job and select Disable once again.

up

8.7.2. Deleting Veeam Agent Backup Jobs You can delete Veeam Agent backup jobs.

N

ot

D

When you delete a Veeam Agent backup job, Veeam Backup & Replication removes all records about the job from its database and console. When the user starts a new Veeam Agent backup job session manually or the job starts automatically by schedule, the job will appear in the Veeam Backup & Replication console again, and records about a new job session will be stored to the Veeam Backup & Replication database. To remove the job permanently, you must delete the job and unassign access rights permissions for this user from the backup repository.

o

To remove a job:

D

1. In Veeam Backup & Replication, open the Home view. 2. In the inventory pane, click the Jobs node. 3. Select the necessary job in the working area and click Delete on the ribbon or right-click the necessary job in the working area and select Delete.

8.7.3. Viewing Veeam Agent Backup Job Statistics You can view statistics about Veeam Agent backup jobs in the Veeam Backup & 188

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 8: Introduction to Agents

Replication console. Veeam Backup & Replication displays statistics for Veeam Agent backup jobs in the similar way as for regular backup jobs. The main differences are the following:

ib ut e

The list of objects included in the job contains a Veeam Agent computer instead of one or several VMs. Detailed statistics become available in the Veeam Backup & Replication console after the Veeam Agent job session completes. For currently running sessions, Veeam Backup & Replication displays duration and the name of the Veeam Agent computer only. To view Veeam Agent backup job statistics:

D

8.7.4. Removing Veeam Agent Backups

is

tr

1. In Veeam Backup & Replication, open the Home view. 2. In the inventory pane, click the Jobs node. 3. In the working area, select the necessary Veeam Agent backup job and click Statistics on the ribbon or right-click the job and select Statistics.

or

You can remove Veeam Agent backups from Veeam Backup & Replication or permanently delete Veeam Agent backups from the backup repository. Removing from Configuration

lic

at

e

When you remove a Veeam Agent backup from configuration, Veeam Backup & Replication deletes all records about the backup from its database and console. The actual backup files remain on the backup repository. You can import the backup to the Veeam Backup & Replication at any time later and restore data from it. To learn more, see Importing Veeam Agent Backups.

up

To remove a Veeam Agent backup from configuration:

N

ot

D

1. In Veeam Backup & Replication, open the Home view. 2. In the inventory pane, click Disk under the Backups node. 3. In the working area, expand the Agents node, select the necessary backup and click Remove from > Configuration on the ribbon or right-click the backup and select Remove from configuration.

D

o

Important! You should not remove a Veeam Agent backup from configuration if Veeam Agent for Microsoft Windows is set up to use the backup cache and the backup cache contains one or several restore points that are not uploaded to the target location yet. If you remove such backup and then import it in the Veeam Backup & Replication console, the backup will receive the new ID in the configuration database. As a result, Veeam Agent for Microsoft Windows will become unable to upload restore points from the backup cache to the target location and to create new restore points in the backup cache. To continue creating backups in the Veeam backup repository, you will need to delete restore points from the backup cache and run the backup job to create a new restore point in the backup repository.

Removing from Backup Repository

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

189

Module 8: Introduction to Agents

When you remove a Veeam Agent backup from backup repository, Veeam Backup & Replication deletes all records about the backup from its database and console. The actual backup files are removed from the backup repository, too. To remove a Veeam Agent backup from the backup repository:

ib ut e

1. In Veeam Backup & Replication, open the Backup & Replication view. 2. In the inventory pane, click Disk under the Backups node. 3. In the working area, expand the Agents node, select the necessary backup and click Remove from > Disk on the toolbar or right-click the backup and select Delete from disk.

8.7.5. Viewing Veeam Agent Backup Statistics

is

To view Veeam Agent backup statistics:

tr

You can view statistics about Veeam Agent backups.

or

D

1. In Veeam Backup & Replication, open the Home view. 2. In the inventory pane, click Disk under the Backups node. 3. In the working area, expand the Agents node, select the necessary backup and click Properties on the ribbon or right-click the backup and select Properties.

at

e

8.7.6. Configuring Global Settings

lic

Global settings configured on the Veeam backup server apply to Veeam Agent backup jobs as well. You can:

D

o

N

ot

D

up

Configure network throttling settings so that Veeam Agent backup job does not consume all network resources. Configure global email settings to get alerted about the Veeam Agent backup job results. Veeam Agent for Microsoft Windows sends email notifications on every type of backup tasks, such as backup job sessions started automatically by schedule, backup job sessions started from the command line and ad-hoc backup tasks.

190

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 8: Introduction to Agents

Labs for Module 8: Introduction to Agents Due to various factors, including complex hardware configurations and regulatory compliance requirements, some physical servers and workstations cannot be virtualized. And everyday occurrences such as lapses in connectivity, hardware failures, file corruption — even ransomware or theft — can leave an organisation's data at risk.

tr

ib ut e

You are now welcome to try out the corresponding labs on Veeam Agents and their capabilities. You will have an opportunity for a hands-on experience when working with deploying the agent, performing a backup and finally performing a bare-metal recovery.

Action

Purpose

D

Lab

is

Get into the Lab

or

Agents

D

o

N

ot

D

up

lic

at

e

8.1

Deploy an agent from the Veeam Backup & Replication Server Console using the Microsoft Active Directory server group. Configure the backup job from the server (full backup) and run it. This is a bare metal restore (for example, the original server had LSI Logic SAS SCSI controller, and the target server had SATA controller).

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

191

D

o

N

ot

D

up

lic

at

e

or

D

is

tr

ib ut e

Module 8: Introduction to Agents

192

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 9: Advanced Data Protection

9. Advanced Data Protection

ib ut e

At this point, you’ve learned most of the basic data protection and disaster recovery features of Veeam Backup & Replication. You are now able to perform backup and replication, verify it and restore entire VMs and granular objects, such as files, Exchange and SharePoint items, and some other options. In addition to those crucial features, Veeam Backup & Replication provides a few more advanced options that allow you to comply with your data protection strategy while improving your RTPO to better protect your data and VMs.

9.1. WAN Acceleration

D

Insufficient network bandwidth to support VM data traffic Transmission of redundant data

is

tr

Offsite backup and replication always involves moving large volumes of data between remote sites. The most common problems that backup administrators encounter during are the following:

e

or

To solve these problems, Veeam Backup & Replication offers the WAN acceleration technology that helps optimize data transfer over the WAN. To enable WAN acceleration and data deduplication technologies, you must deploy a pair of WAN accelerators in your backup infrastructure: on the source site and one on the target site.

up

lic

at

The WAN acceleration technology is specific for remote jobs: backup copy jobs and replication jobs. Being a built-in feature, Veeam’s WAN acceleration does not add complexity to the backup infrastructure and does not require agents. On each WAN accelerator Veeam Backup & Replication, creates the VeeamWAN folder containing the following data: Source WAN

Global cache data.

D

Files with digests required for global deduplication.

Target WAN

N

ot

To deploy a WAN accelerator, you should assign this role to a Microsoft Windows machine added to the list of managed servers in Veeam Backup & Replication. The Microsoft Windows machine must meet the following requirements:

D

o

1. You can use either physical or virtual Microsoft Windows machine as a WAN accelerator. The role can be assigned to backup proxies and backup repositories existing in your backup infrastructure as well. 2. You can use only 64-bit Microsoft Windows machines as WAN accelerators. 32-bit versions of Microsoft Windows are not supported.

Note: WAN acceleration operations are resource intensive. When creating a WAN accelerator, allocate appropriate CPU and RAM resources to the Microsoft Windows machine that you plan to use. It is recommended to assign this role to machines with 8 GB RAM and more. Otherwise the

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

193

Module 9: Advanced Data Protection

WAN acceleration process may fail.

ib ut e

Note: When you run a first session of a remote job, the global cache is empty, and the whole amount of VM data needs to be transferred over the WAN. It is recommended that you populate the global cache before you start a remote job for the first time. You can manually pre-populate the global cache to avoid the situation when the cache remains empty. As a result, by the time a remote job starts, the global cache will contain data blocks that can be used for data deduplication.

9.2. Tape Device Support

D

is

tr

With Veeam Backup & Replication, you can archive to tape both backup files created in backup repositories by a backup or a backup copy job, and regular files you might want to write to tape, such as Windows and Linux files. Veeam Backup & Replication supports file backup from any server which has been added as a managed server to the Veeam Backup console (that is, Windows or Linux server, including physical boxes). You can also archive files residing on NAS devices.

or

Veeam offers the following archiving options: Backup to tape jobs

This option allows you to archive to tape media files from Windows and Linux servers connected to the Veeam backup server. You can create both full and incremental backups of files on tape.

up

lic

at

e

This option allows you to archive to tape media backups created by Veeam Backup & Replication. Using backup to tape jobs, you can implement the ‘3-2-1’ backup approach (3 copies, 2 types of media, 1 off-site location) considered as a best practice for data protection and disaster recovery. Veeam Backup & Replication provides flexible retention and scheduling settings that help automate backup archiving. You can also archive Endpoint backups to tape.

Files to tape jobs

ot

D

Important! The tape job looks only for the Veeam backups that are produced by backup jobs running on your backup server. Other files will be skipped.

N

Veeam Backup & Replication uses the MTF (Microsoft Tape Format) industry format to write data to tape.

D

o

Veeam Backup & Replication offers multiple options for restoring data from tape:

Restoring VMs from tape into the virtual infrastructure

You can restore an entire VM from a backup archive on tape. Veeam Backup & Replication supports all options available for regular full VM recovery, including selecting a restore point, choosing a target location, changing VM configuration settings and so on.

Restoring backup files from tape to disk

You can also restore full backups or even backup chains to a repository or any location of your choice. The restored backup is registered in the Veeam Backup & Replication console so that you can work with it and use it for any restore scenario later on.

194

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 9: Advanced Data Protection

Restoring files and folders from tape to the original location or to another directory

Flexible recovery options allow you to recover files or folders back to the original location or another server, preserving ownership and access permissions.

Component

ib ut e

To back up data to the tape media and restore from tape archives, Veeam Backup & Replication uses several components: Description

Data path

During archiving and restore processes, data is transferred between two terminal points. This process is controlled by two Veeam data mover services: - Source-side Data Mover Service communicates with the source (backup repository or server hosting the files) and initiates reading data from that source. - Target-side Data Mover Service runs locally on the Veeam backup server machine to which a tape device is connected; it initiates writing data to the tape device.

Veeam backup server

The core component in the backup infrastructure that manages all operations and schedules and executes the jobs.

Tape device

The tape device is a physical tape library, a virtual tape library or a stand-alone tape drive.

Tape server

The tape server is a Microsoft Windows server running the Data Mover Service. It sits between data source and tape device and is used to create a communication channel and route traffic to tape devices. The Data Mover Service talks to the Veeam Backup server on one side and backup infrastructure components on the other side, and represents a communication point over which all data between the tape device and the backup repositories or file servers is transferred. All the drivers are installed on the machine that will perform the role of the tape server for the tape library to be visible.

o

N

ot

D

up

lic

at

e

or

D

is

tr

Source

The source is the initial location where backup files or regular files you want to archive to tape reside. This can be a backup repository where Veeam backups are stored or a Windows or Linux server hosting files that should be archived. Regular backup or backup copy job can also be leveraged as a source.

D

Veeam backup database

This component is used to store the following tape-related data: - Tape Catalog stores files/folders archived to tape media, as well as VBK and VIB backup files. It is updated during file-to-tape and VM-to-tape jobs. The content of the Tape Catalog can be examined under the Tape node in the Files view. - Backup Catalog stores information about VMs whose backups were archived to tape media. The content of the Backup Catalog is updated during VM-to-tape jobs and can be examined under the Backups → Tape node in Backup & Replication view.

To manage the tapes, Veeam Backup & Replication uses the following entities:

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

195

Module 9: Advanced Data Protection

Entity

Description

Media Sets

Media sets are separate sets of tapes with data continuously written to them. Use media sets to split your tape archive into distinctly separated groups of tapes.

Backup Sets

Backup sets are sets of files written to tape within one tape job session.

Media Vaults

Media vaults are logical containers for visualizing data stored offline. Create and use media vaults for convenient managing of offline tapes.

Data Retention

Data retention is a user-defined period of time set to protect data from overwriting. When this period ends, the tape can be reused.

lic

at

e

or

D

is

tr

ib ut e

Media Pools

Media pools are logical units that distribute free tapes for writing data and store information about data that was archived to them. To start archiving data, you must create and configure at least one media pool that will serve as a target for tape jobs. The following predefined media pools are available: - Free – a media pool containing empty tapes. You can use this media pool to replenish custom pools with new tapes when needed. - Unrecognized – a media pool containing tapes that were loaded to a tape device. They need further identification by a user which can be done by running the inventory or catalog job. - Imported – a media pool containing non-empty tapes. These are tapes identified by the tape catalog job. - Retired – a media pool containing retired tapes that reached the maximal number of re-writes. This media pool may also contain tapes with some mechanical breakdown. The Veeam GFS media pools are special media pools that store data to tape with the GFS, or the Grandfather-Father-Son backup storage scheme.

N

ot

D

up

In case you have a long chains of increments, for example, if you rarely use forever-incremental backup or create a full backup, restoring from tape may require loading a large number of tapes. To “split” the tape set into shorter series and streamline the restore process, you can schedule a virtual full backup for tape jobs (also referred to as virtual synthesized full backup). When you schedule synthetic full for tape, the tape job creates the synthetic full backup directly on tape and does not require disk space for storing additional full backup files on backup repositories. To create a virtual synthesized full backup, Veeam Backup & Replication uses a small temporary file of the .vsb (Veeam Synthetic Backup) format. The .vsb file does not contain data blocks themselves; instead, it contains pointers to data blocks in restore points of the backup chain.

D

o

Generally, you use retention settings to set the overwrite protection period for tapes. The retention period is set for a media pool and is applied to all tapes that belong to this pool. However, some tapes may contain data for which you may want to set a lifelong protection. To do this, you can use tape protection. Tape protection is an option that sets an endless retention period for particular tapes selected by the user. The protection option overrides the retention settings of the media pool. You can single out tapes that, for example, contain particularly valuable data, and set the never overwrite retention period for them without modifying the settings of the media pool, which would affect other tapes. If the tape protection is no longer needed, it can be switched off at any time. If your tape library has multiple drives, you can enable tape multistreaming/parallel processing. Tape multistreaming/parallel processing allows you to use several drives simultaneously for processing 196

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 9: Advanced Data Protection

tape data. This option is useful if you have a lot of backup to tape jobs or file to tape jobs running at the same time.

ib ut e

This option is enabled for custom media pools. You can set a maximum number of drives that a media pool can use simultaneously. Tape jobs occupy the allowed number of drives and process several file to tape jobs in parallel. For each drive, Veeam selects a tape with maximum free space and starts a new media set. Restore points that refer to one file are always written to one media set.

Note: You cannot set multistreaming for a GFS media pool.

9.2.1. Tape Job Scheduling

tr

The schedule settings are different for simple backup to tape jobs and GFS tape jobs

D

is

For simple backup to tape jobs, select the Run the job automatically check box to specify the job schedule. If this check box is not selected, the job is supposed to be started manually.

or

You can define the following scheduling settings for the job:

at

e

You can choose to run the job at specific time on defined weekdays, monthly and with specific periodicity. You can schedule the backup to tape job when a corresponding backup job completes. To do so, select the After this job option and choose the preceding backup job from the list.

up

lic

Note: The After this job function will only start the tape job if the primary is started automatically by schedule. If the primary job is started manually, jobs chained to it will not be started.

o

N

ot

D

You can schedule the tape job to periodically check the jobs that you have selected as primary for new backups and archive new backups to target media. To do so, select the As new backup files appear option. If this option is selected, the backup to tape jobwill constantly scan the repository in the background mode, monitoring for new backups to appear. As soon as new backups are created, the job will start archiving these backup to tape. If necessary, you can define the time interval during which the backup to tape job must not archive data. These can be hours when backup repositories are busy with other tasks (backup jobs writing to repositories or backup copy jobs reading from repositories). To define prohibited time for the backup to tape job, click the Schedule button and define the time when the job is allowed and prohibited to run.

D

If you have scheduled the job to run at the specific time daily or monthly, consider configuring wait timeout value. Select the If some linked backup jobs are still running, wait for up to … minutes check box and specify the new timeout. When a backup to tape job starts, Veeam Backup & Replication checks the status of the primary jobs. If a primary job is still writing data to the source repository, the backup to tape job will wait for the specified time interval. If the timeout is disabled, the backup to tape job will terminate without waiting for the backup job to complete. The timeout option is unavailable if you schedule the backup to tape job to run after a backup job or if you schedule the backup to tape job to start when new backups appear. Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

197

Module 9: Advanced Data Protection

Sometimes, the primary job may start when the tape job is still running. By default, the primary job has priority. In this case, the tape job terminates with error and no data is written to tape. Select the Prevent this job from being interrupted by primary backup jobs option if you want to give the tape job a higher priority. If this option is selected, the primary job will wait until the tape job finishes. Note that the primary job may start with a significant delay.

ib ut e

For GFS jobs, select a GFS media pool at the Full Backup step of the wizard, then click Schedule to select days for each media set. The GFS job starts at 00:00 on the selected day.

tr

Tip: After you specify necessary schedule settings, you can save them as default. To do this, click Save as Default at the bottom left corner of the Archival Schedule window. When you create a new GFS job, Veeam Backup & Replication will automatically apply default settings to the new job schedule.

e

9.2.2. Tape Job Encryption

or

D

is

Sometimes, the primary job may start when the tape job is still running. By default, the primary job has priority. In this case, the tape job terminates with error and no data is written to tape. Select the Prevent this job from being interrupted by primary backup jobs option if you want to give the tape job a higher priority. If this option is selected, the primary job will wait until the tape job finishes. Note that the primary job may start with a significant delay.

at

Veeam Backup & Replication supports two types of encryption for tape media:

up

lic

Hardware level: Library- and driver-managed encryption mechanisms provided by the tape vendor Software level: The encryption mechanism provided by Veeam Backup & Replication

ot

D

Hardware encryption has a higher priority. If hardware encryption is enabled for the tape media, Veeam Backup & Replication automatically disables its software encryption mechanism for such tape libraries. The Veeam encryption mechanism can only be used if hardware encryption is disabled at the tape device level or not supported.

N

To use the Veeam encryption mechanism, you need to enable encryption at the media pool level. Encryption is supported for both types of tape jobs: backup to tape jobs and file to tape jobs.

D

o

Backup to tape jobs allow double software encryption. A backup to tape job uses a backup file as a source of data. If the backup file is encrypted with the initial backup job and the encryption option is enabled for the backup to tape job, too, so the resulting backup file will be encrypted twice. To decrypt such backup file, you will need to subsequently enter two passwords: Password for a backup to tape job Password for the primary backup job

198

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 9: Advanced Data Protection

9.2.3. VM Restore from Tape to Infrastructure Restoring a VM from tape with Veeam Backup & Replication is a lot like restoring a VM from disk. For example, you can choose a desired restore point, select the target location or change the configuration of the restored VM.

ib ut e

To restore a VM from tape, you can choose between the following options: restore directly to infrastructure or restore through a staging repository. To choose the needed option, select Restore directly to the infrastructure or Restore through the staging repository at the Backup Repository step of the Full VM Restore wizard. Restore Directly to the Infrastructure

D

is

tr

When you restore VMs from tape directly to the infrastructure, the restore process publishes the VMs to the virtual infrastructure copying the VM data directly from tape. This option is recommended if you want to restore one VM or a small number of VMs from a large backup that contains a lot of VMs. In this case, you do not need to provide a staging repository for a large amount of data most of which is not needed to you at the moment.

or

This option is slow if you restore many VMs. The VMs are restored one by one: this requires a lot of rewinding of tape as tapes do not provide random access to data.

e

For restoring a VM directly to the infrastructure, Veeam Backup & Replication performs the following steps:

ot

D

up

lic

at

1. The VM from tape restore job checks the Backup Catalog in the Veeam Backup & Replication database to discover the tapes containing the needed backup files. If the tapes are offline, Veeam Backup & Replication prompts the user to insert the required tapes. 2. Veeam needs to load and read the selected tapes for 3 times. 3. Veeam loads the tapes for the 1st time. 4. Veeam reads metadata and cashes it on the tape server. This requires approximately 100Mb of disk space per 1TB of tape data for the default data block size. 5. Using the cached data, Veeam builds a map of data blocks. The map contains references to the data blocks of the VM you restore: the VM configuration file and the VM disks data. 6. Veeam loads the tapes for the 2nd time. 7. Veeam restores the VM configuration:

o

N

To restore to original location, Veeam synchronizes the VM configuration file up to the backup state. To restore to another location, Veeam copies the VM configuration file and registers the VM on the target host.

D

8. Veeam loads the tapes for the 3rd time. 9. Veeam restores the VM disks. Multiple disks are restored parallely. Veeam reads the tape consequently and, using the map of data blocks, copies the VM disks data.

Restore Through a Staging Repository When you restore VMs from tape through a staging repository, the restore process temporarily copies the whole restore point to a backup repository or a folder on disk. After that Veeam starts a regular VM restore. Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

199

Module 9: Advanced Data Protection

This option is recommended if you want to restore a lot of VMs from a backup as the disk provides a much faster access to random data blocks than tape. For the restore through a staging repository, Veeam Backup & Replication performs the following steps: 1. Veeam starts 2 jobs at background:

ib ut e

Backup restore job: temporarily restores the backup to the repository. VM restore job: restores the VM to the infrastructure.

e

or

D

is

tr

2. The jobs starts simultaneously. The VM restore job starts and remains pending until the backup restore completes. 3. The backup restore job checks the Backup Catalog in the Veeam Backup & Replication database to discover the tapes containing the needed backup. If the tapes are offline, Veeam Backup & Replication prompts the user to insert the required tapes. 4. The backup restore job reads the tapes consequently and copies the backup to the selected staging repository or folder. 5. When the backup is copied, Veeam registers it temporarily as an imported backup. 6. The backup restore job finishes. 7. The VM restore job receives information about the backup restored successfully and launches a standard VM restore process. For details, see Entire VM Recovery. 8. When the VM is successfully restored, the VM restore process finishes. 9. Veeam deletes the backup from the staging repository and from disk.

lic

at

9.2.4. Automated Drive Cleaning

up

You can instruct Veeam Backup & Replication to automatically clean the tape library drives. Assigning the automated cleaning to Veeam Backup & Replication prevents possible overlapping of cleaning tasks and tape jobs. Such overlapping may cause tape jobs failures.

D

To instruct Veeam Backup & Replication to automatically clean the drives:

N

ot

1. Open the Tape Infrastructure view. 2. Expand the Libraries node and select the needed library. Click Properties on the ribbon. You can also right-click the necessary library in the working area and select Properties. 3. In the Properties window, select the Perform drive cleaning automatically option.

D

o

Important! If you enable the automated drive cleaning option in Veeam Backup & Replication, make sure that you disabled the drive cleaning tasks on your tape library device.

Veeam Backup & Replication cleans the drives at the beginning of backup to tape jobs or file to tape job run. The cleaning is not performed during other tape operations such as, for example, cataloging or export. To clean the drives automatically, Veeam Backup & Replication performs the following actions: 1. The tape library alerts Veeam Backup & Replication on a drive that requires cleaning. 2. Veeam Backup & Replication waits for a tape job to start. 200

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 9: Advanced Data Protection

3. When the tape job locks necessary drives for writing data, Veeam Backup & Replication checks which of them requires cleaning. 4. Veeam Backup & Replication ejects the tape from the drive, inserts a cleaning tape and performs the cleaning. 5. Veeam Backup & Replication ejects the cleaning tape and inserts the tape that was reserved for the tape job. 6. The tape job writes the data on tape.

is

tr

ib ut e

The cleaning process does not exceed 2 minutes for a drive. If multiple drives require cleaning, the total time for cleaning does not exceed 5 minutes. The cleaning tapes are located in the Unrecognized media pool. The worn-out cleaning tapes are moved to the Retired media pool automatically. If a tape job locks multiple drives simultaneously for parallel processing, and one or more drives require cleaning, all drives wait until the cleaning is finished. After cleaning, all drives start writing simultaneously.

D

Note: The automated drive cleaning does not affect creation of media sets. Limitations for Automated Drive Cleaning

at

e

or

You cannot enable the automated drive cleaning on standalone tape drives. You cannot start the drive cleaning manually with Veeam Backup & Replication. The drive cleaning is fully automated.

lic

9.3. Storage Integration (VMware)

up

This topic explores using image-based backups and replicas from storage snapshots, with little to no impact on your production environment. You will become acquainted with supported storage vendors and specifics for each of them.

D

9.3.1. SAN Storage Systems Support Overview

D

o

N

ot

When Veeam Backup & Replication is used for VMware vSphere environments, you can take advantages of storage snapshots to build your data protection and disaster recovery plan. Veeam Backup & Replication integrates with your storage system and offers two technologies that will help you decrease impact of backup and replication operations on your production environment and significantly improve RPOs: Backup from Storage Snapshots. You can use storage snapshots to create backups and replicas of VMware vSphere VMs hosted on storage systems. Backup from Storage Snapshots speeds up backup and replication operations and reduces the impact of VMware vSphere snapshot removal on the production environment. If you use NetApp and Nimble storage systems, you can configure backup and replication jobs to use storage snapshots on primary and secondary storage arrays. Veeam Explorer for Storage Snapshots. You can restore VM data directly from storage snapshots. Veeam Explorer for Storage Snapshots automates the process of VM data recovery and reduces recovery time in 10 times or more.

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

201

Module 9: Advanced Data Protection

Snapshot jobs. If you use NetApp or Nimble storage systems, you can configure backup jobs to periodically create storage snapshots on primary and/or secondary storage arrays. On-Demand Sandbox for Storage Snapshots. You can start VMs whose disks are hosted on storage systems in the On-Demand Sandbox. On-Demand Sandbox can be used for testing, training, troubleshooting and so on.

ib ut e

To create storage snapshots for backup and restore operations, Veeam Backup & Replication leverages native APIs and technologies provided by SAN storage vendors. The technologies and procedures of snapshot creation vary for different SAN storage systems. Veeam Backup & Replication supports the following storage systems: Cisco HyperFlex

tr

Cisco HyperFlex 2.0 and later (Backup from Storage Snapshots, Full Integration mode)

is

Dell EMC VNX, VNX2, VNXe and Unity

D

NFS, Fibre Channel (FC) or iSCSI connectivity

e

Fibre Channel (FC) or iSCSI connectivity 3PAR OS 3.1.2 or later

or

HPE 3PAR StoreServ

at

iSCSI VLAN tags are supported. Virtual Domains are supported.

lic

HPE StoreVirtual (LeftHand / P4000 series) and StoreVirtual VSA

up

iSCSI connectivity only LeftHand OS versions 9.5 through 12.6 HPE SV3200 (LeftHand OS version 13) is not supported

D

NetApp FAS, FlexArray (V-Series), Edge VSA and IBM N Series (NetApp FAS OEM)

ot

NFS, Fibre Channel (FC) or iSCSI connectivity. Data ONTAP versions from 8.1 up to 9.2. 7-mode or cluster-mode

N

ONTAP 9.2 application-aware data management and SVM-DR are not supported.

o

Nimble Storage AF-Series and CS-Series

D

Fibre Channel (FC) or iSCSI connectivity Nimble OS 2.3 and later

Depending on the storage system type, you can perform the following operations: Functionality/Storage Dell EMC VNX(e)/ type Unity

HPE 3PAR StoreServ

HPE StoreVirtual

NetApp

HPE Nimble

Cisco HyperFlex

Backup from Storage Snapshots

202

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 9: Advanced Data Protection

Functionality/Storage Dell EMC VNX(e)/ type Unity

HPE 3PAR StoreServ

HPE StoreVirtual

NetApp

HPE Nimble

Cisco HyperFlex

Backup from primary storage arrays













Backup from secondary storage arrays





















Restore from primary storage arrays









Restore from secondary storage arrays









ib ut e

Veeam Explorer from Storage Snapshots





Snapshot in secondary destination job







Other Operations

Snapshot creation and deletion (manual)



















✓ (infrastructure only)









or



e





at

Storage rescan



is



D

Snapshot-only job

tr

Snapshot Jobs

lic

9.3.2. Dell EMC Storage Systems

up

Dell EMC VNX, VNX2, VNXe and Unity families of arrays are supported. This integration includes both the Veeam Explorer for Storage Snapshots recovery technique and Backup from Storage snapshots.

D

Requirements and Limitations for EMC VNX/VNXe

ot

Dell EMC VNX Block

D

o

N

Veeam Backup & Replication supports LUNs that reside on Storage Pools. To take LUN snapshots, Veeam Backup & Replication uses the VNX snapshot technology. Make sure that you have a license that covers this technology. The SnapView snapshot technology is not supported. Dell EMC VNX File A read-only checkpoint can have only 1 writable snapshot. If a read-only checkpoint already has a writable snapshot, Veeam Backup & Replication uses this writable snapshot for restore. Writable snapshots are not detected by the storage rescan process and are not displayed in the storage system hierarchy. Dell EMC VNXe

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

203

Module 9: Advanced Data Protection

Veeam Backup & Replication does not support Dell EMC VNXe Gen 1 OS (2.x.x). Dell EMC VNXe Gen 2 OS (3.x.x) is supported. In EMC VNXe, you cannot export more than 1 storage snapshot for a LUN or LUN group concurrently. For this reason, Veeam Backup & Replication can perform only one task that uses storage snapshots at the same time.

ib ut e

In Veeam Backup & Replication, tasks have the following priority levels (starting with the highest priority): restore task > backup job > rescan task. If you start several jobs or tasks that use storage snapshots, Veeam Backup & Replication will check what priority tasks have and perform the following actions:

or

D

is

tr

If a LUN snapshot is exported for storage rescan and you start a backup job or restore task at the same time, the rescan process will fail. If a LUN snapshot is exported for a backup job and you start another backup job at the same time, the second backup job will be waiting until the first backup job is finished. If a LUN snapshot is exported for a restore task and you start a backup job at the same time, the backup job will fail (or failover to the regular processing mode if corresponding settings are enabled in the backup job). If a LUN snapshot is exported for a backup job and you start a restore task at the same time, the restore task will be waiting until the backup job is finished.

e

Dell EMC VNX(e) Working over NFS

up

lic

at

VMs that you plan to back up or replicate must not have VMware vSphere snapshots. VMs with VMware vSphere snapshots will be skipped from Backup from Storage Snapshots. If you enable the Enable VMware tools quiescence option in the backup job settings, Veeam Backup & Replication will not use Backup from Storage Snapshots to process running Microsoft Windows VMs that have VMware Tools installed.

D

9.3.3. HPE Storage Systems

ot

For HPE storage systems, Veeam Backup & Replication uses the following technologies:

N

Volume snapshot for Backup from Storage Snapshots on HPE StoreVirtual storage systems SmartClone for restore from storage snapshots on HPE StoreVirtual storage systems Virtual Copy for HPE 3PAR StoreServ storage systems

D

o

Volume snapshots, SmartClones and VirtualCopies are created at the per-volume basis. They produce near instantaneous, point-in-time copies of volumes on which VM data is located. As a result, Veeam Backup & Replication can safely perform backup and restore operations without having to risk altering data on the production SAN storage or volume snapshot.

Important! The license for the HPE 3PAR StoreServ storage system must support HPE 3PAR Virtual Copy. Otherwise, you will not be able to perform backup and restore from storage snapshots.

204

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 9: Advanced Data Protection

9.3.4. NetApp Storage Systems For NetApp storage systems, Veeam Backup & Replication uses the following NetApp technologies: Backup from Storage Snapshots

Considerations

Traditional LUN Cloning

- NetApp storage system works over iSCSI or FC. - NetApp storage system runs in the 7-mode. - The FlexClone license is not installed on the NetApp storage system.

Veeam Backup & Replication first triggers NetApp to create a backing snapshot of the LUN that holds data for the necessary VM. After that, NetApp creates a clone of the LUN based on this backing snapshot.

In case of traditional LUN cloning, LUN clones created by Veeam Backup & Replication may be locked or may fail to be deleted automatically by cleanup operations.

FlexClone

- NetApp primary storage system works over iSCSI or FC in 7-mode. - NetApp primary and secondary storage systems work over iSCSI, FC or NFS in cDot operating mode. - The FlexClone license is installed on the NetApp storage system.

Veeam Backup & Replication first triggers NetApp to create a base snapshot of the volume with the LUN that holds data for the necessary VM. After that, NetApp creates a FlexClone of the LUN based on this snapshot.

FlexClones can be created in seconds and require little space on the storage. Unlike traditional LUN clones, FlexClones are not coupled with backing volume snapshots and do not require you to manage these snapshots or delete them.

D

o

N

ot

D

up

lic

at

e

or

D

is

tr

ib ut e

Requirements

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

205

Module 9: Advanced Data Protection

Veeam Backup & Replication triggers NetApp to createa base snapshot of the volume with the LUN that holds data for the necessary VM. After that, NetApp creates a LUN clone via SnapRestore.

When you perform SnapRestore, NetApp does not physically copy data from the storage snapshots. Instead, it updates pointers to data blocks. As a result, the restore procedure is very fast and takes a few seconds to complete.

is

tr

ib ut e

Considerations

at

e

or

SnapRestore

- The NetApp primary storage system works over iSCSI, FC or NFS. - The NetApp secondary storage system (NetApp SnapMirror or SnapVault) works over NFS. - The NetApp primary and secondary storage systems run in the cDot operating mode.

Backup from Storage Snapshots

D

Requirements

lic

During the backup process, Veeam Backup & Replication creates a snapshot of a volume on which the NFS share with VM data resides. The created volume snapshot is used as a source of data.

up

The NetApp storage system runs over NFS.

o

N

ot

D

NFS share copying

- To be able to restore data from the NetApp primary and secondary storage systems running over NFS, you must have a SnapRestore/FlexClone license installed or the NDMP protocol enabled. In the opposite case, VM data processing will fail. - To be able to restore data from the NetApp secondary storage system (NetApp SnapVault) running in the Cmode over NFS, you must have a FlexClone license installed. In the opposite case, VM data restore will fail.

D

Integration with NetApp SnapMirror and SnapVault If the primary NetApp storage array is associated with a secondary array – NetApp SnapMirror and/or SnapVault, you can use the secondary storage array as a data source during backup. Backup from storage snapshots on NetApp SnapMirror or SnapVault reduces impact on the production storage. During backup, operations on VM data reading are performed on the side of NetApp SnapMirror or SnapVault, and the primary NetApp storage array is not affected. To back up VMs from storage snapshots on NetApp SnapMirror and SnapVault, you must configure

206

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 9: Advanced Data Protection

the backup job to build a snapshot chain on the secondary storage array and instruct Veeam Backup & Replication to use the created snapshots as a data source. Before you perform backup from storage snapshots, check the following prerequisites:

tr

ib ut e

NetApp SnapMirror or SnapVault must be configured for the primary NetApp storage array where VMs that you plan to back up reside. A license for storage snapshot export must be installed on NetApp SnapMirror or SnapVault. For NetApp storage systems working over NFS, VMs that you plan to back up must not have VMware snapshots. VMs with VMware snapshots will be skipped from processing. A license for Veeam Backup & Replication Enterprise Plus edition must be installed on the backup server. A properly configured backup proxy must be added to the backup infrastructure. The backup proxy must have access to the backup server and secondary storage array.

is

The host with VMs whose disks are located on the storage system, the primary NetApp storage and NetApp SnapMirror/SnapVault must be added to Veeam Backup & Replication.

at

e

or

D

To configure backing up VMs from storage snapshots on NetApp SnapMirror and SnapVault at the Secondary Target step of the wizard, click Add and select NetApp SnapMirror or NetApp SnapVault. You may specify the number of storage snapshots that you want to maintain in the snapshot chain on the secondary storage in the Number of snapshot copies to retain field. When this number is exceeded, Veeam Backup & Replication will trigger NetApp to remove an earlier snapshot from the chain. Then select the Use as the data source check box.

lic

9.3.5. Nimble Storage Systems

up

Veeam's advanced integration with Nimble Storage provides additional protection and recovery options that are not available without direct integration and joint development efforts that provide the ability to:

N

ot

D

Schedule the creation of Nimble storage snapshots containing application-consistent VM images, and storage snapshot replication orchestration. Restore from Nimble storage snapshots or their Replicated Copies (entire VM, guest files and application items) Backup from Nimble storage snapshots or their Replicated Copies.

o

9.4. Microsoft Hyper-V Off-host Backup Proxy

D

If you plan to perform backup or replication operations in the off-host mode, you must add Hyper-V off-host backup proxies. In the backup infrastructure, a backup proxy acts as a “data mover.” While the backup server fills the role of the job manager, the off-host backup proxy actually performs main data handling – it retrieves VM data from the source storage, processes it and transfers to the target destination. Using off-host backup proxies enables you to take the job processing off the source Hyper-V host. To add an off-host backup proxy to your backup infrastructure, you must assign this role to a Windows server that is already added to the list of managed servers. When deploying an off-host Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

207

Module 9: Advanced Data Protection

backup proxy, make sure that you meet the requirements.

at

e

or

D

is

tr

ib ut e

You must assign the off-host backup proxy role to a physical machine. For evaluation purposes, you can assign the off-host backup proxy role to a VM. Versions of a Microsoft Hyper-V host and off-host backup proxy must coincide. For example, if you use a Microsoft Windows Server 2012 machine with the Hyper-V role enabled as a Microsoft Hyper-V host, you must deploy the off-host backup proxy on a Microsoft Windows Server 2012 machine with the Hyper-V role enabled. The source Microsoft Hyper-V host and off-host backup proxy must be connected via SAN to the shared storage that supports VSS hardware providers. To create and manage volume shadow copies on the shared storage, you must install and properly configure a hardware VSS provider that supports transportable shadow copies. The hardware VSS provider must be installed on the off-host proxy and source Microsoft Hyper-V host. The hardware VSS provider is typically distributed as a part of client components supplied by the storage vendor. If you plan to perform off-host backup for a Microsoft Hyper-V cluster with CSV, you must deploy an off-host backup proxy on a host that is not a part of the cluster. If the off-host backup proxy is deployed on a node of the cluster, the cluster will fail during VM data processing. [For off-host backup proxies processing VMs on SMB3] The Local System account of the offhost backup proxy must have full access permissions on the Microsoft SMB3 file share. [For off-host backup proxies processing VMs on SMB3] The off-host backup proxy must be located in the same domain where the Microsoft SMB3 server resides. Alternatively, the domain where the Microsoft SMB3 server resides must be trusted by the domain in which the off-host backup proxy is located.

lic

9.5. Support for Deduplicating Storage Systems

up

For disk-to-disk backups, you can use a deduplicating storage system as a target. Veeam Backup & Replication supports the following deduplicating storage appliances:

ot

ExaGrid

D

Dell EMC Data Domain

N

HPE StoreOnce

D

o

9.5.1. ExaGrid Veeam Backup & Replication lets you use ExaGrid deduplicating storage appliance as backup repository. Veeam Backup & Replication works with ExaGrid as with a Linux-based backup repository: the backup repository architecture for the ExaGrid appliance resembles the Linux-based backup repository scenario. To communicate with ExaGrid, Veeam Backup & Replication deploys the Veeam data mover service on the ExaGrid appliance. The data mover (transport) service establishes a connection with the source-side Data Mover Service on the backup proxy and enables efficient data 208

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 9: Advanced Data Protection

transfer over LAN or WAN.

ib ut e

Note: If you Per-VM Backup Files feature is not enabled on the Backup Repository, maximum concurrent tasks must be limited to 1 for an Exagrid Backup Repository. If Per-VM Backup Files feature is enabled on the Backup Repository, maximum concurrent tasks must be limited to 10 or less.

D

is

tr

Important! If there are multiple Backup Repositories in play, the administrator must limit the number of concurrent tasks so that there is at most 10 tasks going into an ExaGrid server at any given time. For example, if you have two Backup Repositories each with maximum concurrent tasks set to 10 on the same ExaGrid server, you can potentially end up with 20 tasks running on the same ExaGrid server. This could potentially have a negative impact on performance. The administrator should reduce the concurrency setting of these repositories to no more than 5 each (no more than 10 in total).

or

9.5.2. HPE StoreOnce

at

e

You can use HPE StoreOnce storage appliances as a backup repository. Depending on the storage configuration and type of backup target, HPE StoreOnce can perform source-side or target-side data deduplication.

lic

Source-Side Data Deduplication

D

up

HPE StoreOnce performs source-side deduplication if the backup target meets the following requirements: - You have a Catalyst license installed on HPE StoreOnce. - You use a Catalyst store as a backup repository. - The Catalyst store is configured to work in the Low Bandwidth mode (Primary Transfer Policy). - The HPE StoreOnce Catalyst is added to the backup repository as a deduplicating storage appliance, not as a shared folder.

D

o

N

ot

Requirements

Target-Side Data Deduplication For a Catalyst store: - The Catalyst store works in the High Bandwidth mode (Primary Transfer Policy is set to High Bandwidth). The Catalyst license is installed on the HPE StoreOnce (required). The Catalyst store is added to the backup repository as a deduplicating storage appliance, not as a shared folder. For a CIFS store: - The Catalyst license is not required. The CIFS store is added as a shared folder backup repository to the backup infrastructure.

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

209

Module 9: Advanced Data Protection

To deduplicate data on the source side, HPE StoreOnce uses the HPE StoreOnce Catalyst agent. The HPE StoreOnce Catalyst agent is a component of the HPE StoreOnce Catalyst software; it is installed on the gateway server communicating with the HPE StoreOnce appliance. HPE StoreOnce deduplicates data on the source side before writing it to target. During the first backup job session, HPE StoreOnce analyzes data incoming to the HPE StoreOnce appliance in chunks and computes a hash value for every data chunk. Hash values are stored in an index on disk. During subsequent backup job sessions, the HPE StoreOnce Catalyst agent on the gateway server calculates hash values for data chunks in a new data flow and sends these hash values to target. HPE StoreOnce identifies which data blocks are already saved on disk, and the HPE StoreOnce Catalyst agent sends only unique data blocks to target. As a result, the load on the network reduces, the backup job performance improves and you can save on disk space.

During the first backup job session, HPE StoreOnce analyzes data incoming to the HPE StoreOnce appliance in chunks and creates a hash value for every data chunk. Hash values are stored in an index on the target side. During subsequent backup job sessions, HPE StoreOnce analyzes VM data transported to target and replaces identical data chunks with references to data chunks that are already saved on disk. As a result, only new data chunks are written to disk, which helps save on disk space.

is

tr

ib ut e

Target-Side Data Deduplication

D

For source-side deduplication, Veeam Backup & Replication leverages the HPE StoreOnce Catalyst technology and two HPE StoreOnce components.

ot

How Veeam works with it

up

lic

at

e

or

D

Description

Source-Side Data Deduplication

Veeam Backup & Replication works with HPE StoreOnce as with a shared folder backup repository. To communicate with HPE StoreOnce, Veeam Backup & Replication uses two Data Mover Services.

N

HPE StoreOnce Schemes

Target-Side Data Deduplication

D

o

Source-Side Data Deduplication

210

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 9: Advanced Data Protection

The gateway server is a backup infrastructure component that “bridges” the backup server and HPE StoreOnce storage system. The gateway server must meet the following requirements:

at

e

or

D

is

tr

ib ut e

The server must run a 64-bit version of Microsoft Windows. The server must be added to the backup infrastructure. The server must have access to the backup server and HPE StoreOnce appliance.

Several Backup Repositories on HPE StoreOnce

up

Consider the following:

lic

You can configure several backup repositories on one HPE StoreOnce appliance and associate them with different gateway servers.

D

o

N

ot

D

If you configure several backup repositories on HPE StoreOnce and add them as extents to a scale-out backup repository, make sure that all backup files from one backup chain are stored on one extent. If backup files from one backup chain are stored to different extents, the transform operations performance will be lower. HPE StoreOnce has a limit on the number of opened files that applies to the whole appliance. Tasks targeted at different backup repositories on HPE StoreOnce and run in parallel will equally share this limit. For HPE StoreOnce working over Fibre Channel, there is a limitation on the number of connections from one host. If you connect several backup repositories to one gateway, backup repositories will compete for connections. Deduplication on HPE StoreOnce works within the limits of one object store.

Limitations for HPE StoreOnce If you plan to use HPE StoreOnce as a backup repository, mind the following limitations. Limitations apply only if you use HPE StoreOnce in the integration mode, not the shared folder mode. Backup files on HPE StoreOnce are locked exclusively by a job or task. If you start several tasks at a time, Veeam Backup & Replication will perform a task with a higher priority and will Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

211

Module 9: Advanced Data Protection

e

or

D

is

tr

ib ut e

skip or terminate a task with a lower priority. In Veeam Backup & Replication, tasks have the following priority levels (starting with the top priority): restore > backup job > backup copy. For example, if the backup and backup copy jobs start simultaneously, Veeam Backup & Replication will terminate the backup copy task. When you create a backup job targeted at HPE StoreOnce, Veeam Backup & Replication will offer you to switch to optimized job settings and use the 4 MB size of data block for VM data processing. It is recommended that you use optimized job settings. Large data blocks produce a smaller metadata table that requires less memory and CPU resources to process. The HPE StoreOnce backup repository always works in the Use per-VM backup files mode. For more information, see Per-VM Backup Files. HPE StoreOnce does not support the reverse incremental backup method. The HPE StoreOnce backup repository does not support the Defragment and compact full backup file option (for backup and backup copy jobs). You cannot use HPE StoreOnce backup repositories as targets for Veeam Endpoint backup jobs. Backup copy jobs, however, can be targeted at HPE StoreOnce backup repositories. You cannot use HPE StoreOnce backup repositories as sources or targets for file copy jobs. You cannot copy backup files (VBK, VIB and VRB) manually to the HPE StoreOnce backup repository. To copy such files, use backup copy jobs. You cannot use the HPE StoreOnce backup repository as a cloud repository. HPE StoreOnce has a limit on the number of concurrently opened files. Due to this limit, the maximum length of backup chains (chains that contain one full backup and a set of subsequent incremental backups) on HPE StoreOnce is also limited and depends on the particular storage model: Product

at

Maximum number of restore points per backup chain

6600

42 (per node)

5500

35

5100

up

lic

Current Products

21 14

D

3500

7

N

VSA

7

ot

3100

Previous Products

D

o

6500

28 (per node)

6200

14 (per node)

4900

28

4700

14

4500

14

2900

14

212

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 9: Advanced Data Protection

2700

7

VSA

7

9.5.3. EMC Data Domain Boost

Feature

ib ut e

Veeam Backup & Replication provides support for Dell EMC Data Domain storage systems with Data Domain Boost (DD Boost). The DD Boost technology offers a set of features for advanced backup. Description

tr

With Distributed Segment Processing enabled, operations on data segmentation, filtering and compression are performed on the side of the backup application. The Data Domain system receives only unique data blocks and writes them to disk. Distributed Segment Processing provides the following benefits: - Improved network throughput: only unique data blocks are transmitted across the network - Reduced backup window - Increased backup job performance

Advanced Load Balancing and Link Failover allow you to balance data transfer load and perform automatic link failover in case of network outage problems.

e

Advanced Load Balancing

or

D

is

Distributed Segment Processing

at

Link Failover

lic

Currently for Veeam Backup & Replication Managed File Replication is not supported.

D

Managed File Replication

up

Virtual Synthetics

Virtual Synthetic Fulls lets you synthesize a full backup without physically copying data. To construct a full backup file, the Data Domain uses pointers to existing data segments on the storage system. Virtual Synthetic Fulls reduce the workload on the network and backup infrastructure components and increase the backup job performance.

N

ot

To support the DD Boost technology, Veeam Backup & Replication leverages two Dell EMC Data Domain components that communicate with each other:

D

o

DD Boost server is a target-side component running on the Data Domain OS on the Data Domain storage system. DD Boost library is a source-side component integrated with Veeam Backup & Replication.

The DD Boost library is embedded into the Veeam Data Mover Service setup. When you add a Microsoft Windows server to Veeam Backup & Replication, the DD Boost Library is automatically installed on the added server with the Veeam Data Mover Service. To communicate with the Data Domain storage appliance, Veeam Backup & Replication uses the DD Boost library deployed on a gateway server. The gateway server is a proxying backup infrastructure component that “bridges” the Veeam backup server and the Data Domain storage system.

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

213

is

tr

ib ut e

Module 9: Advanced Data Protection

D

Veeam Backup & Replication supports EMC Data Domain storage systems working over the following protocols:

lic

at

e

or

TCP/IP protocol: Veeam Backup & Replication communicates with the Dell EMC Data Domain server by sending commands over the network. Fibre Channel protocol: Veeam Backup & Replication communicates with the Dell EMC Data Domain Fibre Channel server by sending SCSI commands over Fibre Channel. DD Boost is required to use Fibre Channel.

D

up

Important! The length of forward incremental and forever forward incremental backup chains (chains that contain one full backup and a set of subsequent incremental backups) cannot be greater than 60 restore points. To overcome this limitation, schedule full backups (active or synthetic) to split the backup chain into shorter series. For example, to perform backups at 30minute intervals 24 hours a day, you must schedule synthetic fulls every day. In this scenario, intervals immediately after midnight may be skipped due to duration of synthetic processing.

o

N

ot

When configuring backup jobs to land on the backup repository that supports Dell EMC Data Domain Boost, the critical decision on backup jobs will be whether to do an active full backup or leverage synthetic full backups. For most environments, it is recommended to do synthetic full backups when leveraging Dell EMC Data Domain Boost. This will save stress on primary storage for the vSphere and Hyper-V VMs and the Boost-enabled synthesizing is very fast.

D

If a Backup Copy job is going to be used and GFS retention (Monthly, Weekly, Quarterly and/or Annual restore points) implemented as well, the first consideration is to ensure that the gateway server is closest to the Data Domain server, since the Backup Copy job frequently involves an offsite transfer. When the Data Domain server is designated in the repository setup, ensure that consideration is given to the gateway server if it is being used off site as GFS transformations can leverage Dell EMC Data Domain Boost for quicker processing during synthetic full backup file creation. There are supplementary benefits to using DD Boost with Veeam Availability Suite that provide 214

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 9: Advanced Data Protection

ib ut e

performance and resiliency improvements in other areas of the VM backup process. The first of these applies to VMs that may have multiple backup jobs and will land on the same DD Boost Storage Unit. The first time that VM is backed up with the first of the two (or more) jobs, it will function like a full backup as expected. The next time that VM is backed up with the second job, it will have to perform a full backup as it is the first time the Veeam job is called. Because the first job has the bulk of the blocks of the vSphere or Hyper-V VM on the DD Boost Storage Unit, it will only need to transfer metadata and any possible changed blocks. This can be a significant improvement on the active full backup process when there is a fast source storage resource in place. Still, the time of recovery can be somewhat longer when using a deduplicating appliance due to the transform operations combined with deduplication.

is

tr

Additionally when using Dell EMC Data Domain Boost, there is Advanced Load Balancing and Link Failover for connectivity to the Data Domain server. When multiple network interfaces are in use, the Data Domain server will distribute connections from Veeam components over these links. This provides improved data transfer performance with Veeam jobs operating in parallel and additional resiliency by transparently switching failed links to active links if there is an interruption in connectivity.

D

Accelerated Restore of Entire VM

up

lic

at

e

or

To speed up entire VM restore on Dell EMC Data Domain, Veeam Backup & Replication uses the mechanism of sequential data reading from backups and parallel VM disks restore. Dell EMC Data Domain storage systems are optimized for sequential I/O operations. However, data blocks of VM disks in backup files are stored not sequentially, but in the random order. If data blocks of VM disks are read at random, the restore performance from backups on Dell EMC Data Domain degrades. To accelerate the restore process, Veeam Backup & Replication creates a map of data blocks in backup files. It uses the created map to read data blocks of VM disks from backup files sequentially, as they reside on disk. Veeam Backup & Replication writes data blocks to target in the random order, restoring several VM disks in parallel. This accelerated restore mechanism is enabled by default, and is used for the entire VM restore scenario.

ot

D

Note: To further accelerate the process of entire VM restore, Veeam Backup & Replication reads VM data from Dell EMC Data Domain in multiple threads.

N

Entire VM restore from backups on Dell EMC Data Domain is performed in the following way:

D

o

1. Veeam Backup & Replication opens all backup files in the backup chain, reads metadata from these backup files and caches this metadata on the backup proxy that is assigned for the restore task. 2. Veeam Backup & Replication uses the cached metadata to build a map of data blocks. The map contains references to VM data blocks, sorted by VM disks. 3. Every VM disks is processed in a separate task. For every task, Veeam Backup & Replication starts a separate Veeam Data Mover on the backup proxy. Veeam Data Movers read data blocks of VM disks from the backup repository sequentially, as these blocks reside on disk, and put read data blocks to the buffer on the backup proxy. 4. Data blocks are written to target in the order in which they come from the target Veeam Data Mover.

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

215

at

Backup Proxy for Accelerated Restore

e

or

D

is

tr

ib ut e

Module 9: Advanced Data Protection

up

lic

Veeam Backup & Replication restores all disks of a VM through one backup proxy. If you instruct Veeam Backup & Replication to select a backup proxy for the restore task automatically, it picks the least loaded backup proxy in the backup infrastructure. If you assign a backup proxy explicitly, Veeam Backup & Replication uses the selected backup proxy. For every VM disk, Veeam Backup & Replication starts a separate Veeam Data Mover on the backup proxy. For example, if you restore a VM with 10 disks, Veeam Backup & Replication starts 10 Veeam Data Movers on the backup proxy.

ot

D

The backup proxy assigned for the entire VM restore task must have enough RAM resources to be able to restore VM disks in parallel. For every VM disk, 200 MB of RAM is required. The total amount of required RAM resources is calculated by the following formula: Total amount of RAM = Number of VM disks * 200 MB

D

o

N

Before starting the restore process, Veeam Backup & Replication checks the amount of RAM resources on the backup proxy. If the backup proxy does not have enough RAM resources, Veeam Backup & Replication displays a warning in the job session details and automatically fails over to a regular VM disks processing mode (data of VM disks is read at random and VM disks are restored sequentially). Limitations for Accelerated Restore The accelerated restore of entire VM has the following limitations: Accelerated restore works on Dell EMC Data Domain systems with DD Boost. If you restore a VM with dynamically expanding disks, the restore process may be slow. If you restore a VM using the Network transport mode, the number of VM disks restored in 216

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 9: Advanced Data Protection

parallel cannot exceed the number of allowed connections to an ESXi host.

Important! If Dell EMC Data Domain is added as an extent to a scale-out backup repository, you must set the backup file placement policy to Locality. If the backup file placement policy is set to Performance, parallel VM disk restore will be disabled.

ib ut e

9.6. Veeam Cloud Connect

Service providers (SP) can use Veeam Backup & Replication to deliver backup repository as a service to their customers (tenants). Veeam Backup & Replication lets SPs set up the cloud storage so that tenants can send their VM data offsite in an easy and secure way.

ot

D

up

lic

at

e

or

D

is

tr

Veeam Backup & Replication does not create its own cloud for storing VM data. Instead, it uses SP storage resources to configure cloud repositories – storage locations in the cloud. Tenants who want to keep their data in the cloud can connect to the SP and write their VM backups to cloud repositories. Cloud repositories can be used as primary storage locations and secondary storage locations to follow the 3-2-1 backup strategy.

D

o

N

All data protection and disaster recovery tasks targeted at the cloud repository are performed by tenants on their own. Tenants set up necessary jobs and perform tasks using Veeam backup servers deployed on their side. Tenants can perform the following operations: Back up VMs to the cloud repository Copy VM backup files to the cloud repository Restore VM data from the cloud repository (Full VM, VM hard disk, VM files and VM guest OS files restore for Windows) Perform file copy operations between tenant’s side and the cloud repository (Manual operations only. Scheduled file copy jobs are not supported.)

Veeam Backup & Replication establishes a secure channel to transfer data to and from the cloud repository and offers data encryption capabilities to protect tenants’ data stored in the cloud.

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

217

is

tr

ib ut e

Module 9: Advanced Data Protection

Tenant

D

SP

An SP’s customer who copies VM data offsite and stores backups in the cloud repository on the SP side

An organization that provides the cloud repository service to tenants

Roles

- Configuring the Veeam Cloud Connect infrastructure as the environment needed to provide repository as a service to tenants. As part of this process, the SP takes the following steps: - Decides what backup repositories must be used as cloud repositories - Sets up SSL certificates to enable secure communication in the Veeam Cloud Connect infrastructure - Creates cloud gateways. - Registers user accounts for tenants - Managing tenants’ accounts and data to ensure flawless work of the Veeam Cloud Connect infrastructure

- Connect to the Veeam Cloud Connect infrastructure to be able to use cloud repositories - Configure and run jobs and perform restore tasks targeted at cloud repositories

- SP Veeam backup server - Cloud repository - Cloud gateway (a network appliance that resides on the SP side and acts as a communication point in the cloud) - [Optional] Target WAN accelerator

- Tenant’s Veeam backup server - [Optional] Source WAN accelerator

Veeam Cloud Connect service provider license

Any paid license

N

ot

D

up

lic

at

e

or

Definition

D

o

Cloud connect components

Veeam license type

Note: Veeam Cloud Connect supports parallel processing. The service provider can specify the 218

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 9: Advanced Data Protection

maximum number of concurrent tasks that can be performed within tenant jobs targeted at the cloud repository and cloud host. Task limitation settings are specified individually for each tenant.

9.6.1. Lease and Quota

ib ut e

When the SP configures a user account for a tenant, the SP assigns quota and, optionally, lease settings for the tenant. Lease and quota settings help the SP control how tenants consume storage resources on the cloud repository.

tr

Quota is the amount of space (specified in GB or TB) assigned to one tenant on one cloud repository. It is a chunk of storage resources that the tenant can use for storing backups on the cloud repository. The SP can assign quotas on different cloud repositories to one tenant. A quota can be valid for indefinite time or can be restricted in time. To limit the quota lifetime, the SP must set a lease for the tenant.

or

D

is

Lease is a period of time for which tenants have access to their quotas on the cloud repository. The lease settings help the SP restrict for how long a tenant should be able to use cloud repository resources.

9.6.2. Deleted Backups Protection

up

lic

at

e

In some situations, keeping primary or additional backups in a cloud repository may be not enough to ensure data security for a tenant. The backed-up data may become unavailable, for example, after a hacker gains access to the tenant Veeam Backup & Replication console and deletes all backups created by the tenant — both on site and in the cloud repository. Or a backup administrator on the tenant side can accidentally delete a necessary backup from a cloud repository. To protect tenants against such cases, starting from Veeam Backup & Replication 9.5 Update 3, the SP can use the deleted backups protection functionality.

D

Veeam Backup & Replication offers the deleted backups protection functionality for the following types of tenant backups:

N

ot

VM backups created by backup copy jobs configured in Veeam Backup & Replication Backups of physical or virtual machines created by Veeam Agent backup jobs configured in Veeam Agent for Microsoft Windows and/or Veeam Agent for Linux Backups copies of VM backups or Veeam Agent backups created by backup copy jobs configured in Veeam Backup & Replication.

D

o

The SP can enable the deleted backups protection option individually for a specific tenant. To enable the option, the SP must select the Keep deleted backup files for days check box in the properties of the tenant account. With this option enabled, when a backup or a specific restore point in the backup chain is deleted from the cloud repository, Veeam Backup & Replication does not immediately delete the actual backup files. Instead, Veeam Backup & Replication moves backup files to the "recycle bin". Technically, a "recycle bin" is a folder on the backup repository in the SP backup infrastructure whose storage resources are exposed to tenants as cloud repositories. Veeam Backup & Replication automatically creates this folder at the time when a tenant backup file is moved to the

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

219

Module 9: Advanced Data Protection

"recycle bin" for the first time. Backup files in the "recycle bin" do not consume the tenant quota. However, these backup files consume disk space on the SP storage where the cloud repository is configured. Thus, if the SP plans to offer deleted backups protection to tenants, it should consider allocating sufficient storage resources in the Veeam Cloud Connect infrastructure.

ib ut e

For the tenant, backup files moved to the "recycle bin" appear as actually deleted. The tenant cannot access backup files in the "recycle bin" and perform operations with them. If a tenant needs to restore data from a deleted backup whose backup files still reside in a "recycle bin", the tenant must contact the SP to obtain the necessary backup file(s).

tr

Important! If the SP offers the deleted backups protection to a tenant, it is recommended that the tenant uses the latest versions of Veeam products: Veeam Backup & Replication 9.5 Update 3, Veeam Agent for Microsoft Windows 2.1 and/or Veeam Agent for Linux 2.0.

e

or

D

is

If a tenant renames a job targeted at the cloud repository, and then deletes a backup, Veeam Backup & Replication will move the backup file(s) to a folder with the initial name of the job. As a result, it may become difficult for the SP to find the necessary backup files in case the tenant needs to restore data from backup files in the "recycle bin". To overcome such situations, the SP should recommend tenants who use the deleted backups protection functionality to avoid renaming jobs targeted at the cloud repository of the SP.

lic

at

Veeam Backup & Replication keeps tenant backup files in the "recycle bin" for a specific number of days defined by the SP. After this period expires, Veeam Backup & Replication completely deletes tenant backup files from the "recycle bin".

up

How Deleted Backups Protection Works

D

Veeam Backup & Replication performs protection of tenant backup files against accidental or intentional deletion in the following way:

N

ot

1. The SP enables the Keep deleted backup files for days option in the properties of the tenant account. 2. The tenant creates a backup in the cloud repository in one of the following ways:

D

o

Runs a Veeam Backup & Replication backup or backup copy job targeted at the cloud repository. Runs a Veeam Agent backup job targeted at the cloud repository.

3. When a backup or restore point is deleted from the cloud repository, Veeam Backup & Replication moves the backup file(s) to the _RecycleBin folder on the SP backup repository whose storage resources are exposed to tenants as cloud repositories. Veeam Backup & Replication performs this operation in the following cases: When the tenant performs the Delete from disk operation with a backup on a cloud repository.

In this case, Veeam Backup & Replication performs the following operations:

220

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 9: Advanced Data Protection

1. On the tenant side, Veeam Backup & Replication removes the backup from the tenant Veeam Backup & Replication console and database. 2. On the SP side, Veeam Backup & Replication moves backup files pertaining to the deleted backup to the "recycle bin". When the tenant performs the Delete operation with a backup file on the cloud repository in the Files node of the Veeam Backup & Replication console.

ib ut e

When a backup file pertaining to a backup in a cloud repository is automatically deleted from the backup chain according to the retention policy defined in the job settings.

Veeam Backup & Replication moves to the "recycle bin" only backup files of the VBK and VIB types. VBM backup files are deleted from disk immediately.

or

D

is

tr

3. Veeam Cloud Connect Service running on the SP backup server checks the configuration database to get the date when the backup file was moved to the "recycle bin" and compares it to the current date. This operation is performed regularly with an interval of 20 minutes. 4. When the time interval between the date when the backup file was moved to the "recycle bin" and the current date exceeds the number of days specified in the Keep deleted backup files for days setting, Veeam Backup & Replication deletes the backup file from the _RecycleBin folder.

D

up

lic

at

e

Important! If the tenant plans to create off-site copies of backed-up data with a backup copy job, it should enable GFS retention settings in the job properties. This way, Veeam Backup & Replication will be able to protect backups created by the job against an attack when a hacker reduces the job's retention policy and creates a few incremental backups to remove backed-up data from the backup chain. Without GFS retention settings enabled, the backup copy job will complete with a warning. In the job statistics window, Veeam Backup & Replication will display a notification advising to use the GFS retention scheme for the job. Please note that the warning is displayed only if the tenant backup server runs Veeam Backup & Replication 9.5 Update 3. In earlier versions of Veeam Backup & Replication, the warning will not be displayed, and the backup copy job will complete with the Success state.

ot

Data Restore from Deleted Backups

D

o

N

In contrast to backups that reside on the cloud repository, backup files in the "recycle bin" are not intended for regular data restore. However, in a situation when an attacker manages to delete tenant backup(s) from a cloud repository, or if the tenant deletes a backup from a cloud repository by mistake, the tenant may need to restore data from a backup file that was moved to the "recycle bin". Data restore directly from a backup file in the "recycle bin" is not supported in Veeam Backup & Replication. To restore data from such a backup, the tenant needs to obtain backup file(s) from the "recycle bin" first. Veeam Backup & Replication moves to the "recycle bin" only backup files of the VBK and VIB type. VBM files are deleted from disk immediately when a tenant deletes a backup or a backup file is automatically deleted from the backup chain according to the retention policy. As a result, the SP cannot simply move a backup file back to the folder with tenant backups on the cloud repository. Instead, the SP and tenant need to complete the following tasks: 1. The tenant contacts the SP informing that it wants to restore data from a deleted backup. Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

221

Module 9: Advanced Data Protection

ib ut e

2. The SP finds one or more backup files required for data restore in the "recycle bin" and passes them to the tenant, for example, over the network or on a portable drive. 3. The tenant imports the VBK file(s) in the Veeam Backup & Replication console on the tenant backup server. 4. After successful import of a backup, the tenant can restore data from the backup in a regular way. 5. [Optional] The tenant may want to continue the backup chain started with the obtained backup file(s). This operation can be available depending on multiple conditions. For details, consider submitting a support case to the Veeam Support Team.

or

9.6.3. Licensing for Cloud Repositories

D

is

tr

Important! Before restoring data from a deleted backup, the tenant must make sure that a VBM file with metadata of this backup does not remain on the cloud repository. If a tenant needs to restore data from a deleted backup file pertaining to a backup that still exists on the cloud repository, the tenant must delete this backup prior to importing a VBK file in the tenant backup console. For assistance with data restore from a deleted backup, consider submitting a support case to the Veeam Support Team.

at

e

To enable the cloud repository functionality, the SP must install the Veeam Cloud Connect service provider license on the SP Veeam backup server. The cloud repository functionality is licensed per VM. The SP must obtain a license for the total number of VMs that all tenants working with this SP plan to back up.

up

lic

The Cloud Connect Provider license is consumed only by active VMs. An active VM is a VM that has been successfully backed up or copied by a tenant in the past 31 days. The number of restore points created by tenants or the number of jobs that process VMs do not consume the license. For example, if a tenant processes the same VM with several jobs, this VM is considered as 1 active VM.

D

The total number of active VMs must not exceed the total number of VMs in the license. Depending on the number of active VMs, the SP license can be in one of the following states:

ot

Normal: The total number of active VMs does not exceed the total number of VMs in the license. SP tenants can freely back up and copy existing and new VMs to the cloud repository.

o

N

Grace (valid for 60 days): After the total number of active VMs exceeds the total number of VMs in the license, the license is put to the Grace state. Tenants can still back up and copy existing and new VMs to the cloud repository.

D

Post grace: The total number of active VMs exceeds the total number of VMs in the license and the grace period has expired. Tenants can back up and copy only those VMs that have already been backed up and copied in the Normal state. Recovery: During the Grace period, the SP may return to the license limits. This can happen if the SP can performs the following actions: Installs a new license for a greater number of VMs. The number of active VMs must not exceed the number of VMs in a new license. Reduces the number of active VMs (SP disables/ removes a tenant or resets a storage quota 222

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 9: Advanced Data Protection

for the tenant)

e

or

D

is

tr

ib ut e

In this situation, the license it put to the Recovery state. Tenants can back up and copy existing and new VMs to the cloud repository.

at

9.6.4. v9 Cloud Connect Enhancements

ot

D

up

lic

Veeam Availability Suite v9 has brought Veeam Cloud Connect Replication, a fast, secure cloudbased disaster recovery (DR) solution. DR is a great solution to increase the availability of modern datacenter, and does so by leveraging replication technologies and creating an off-site replica of virtual machines. When end users want to design and create a DR site, they are facing a problem: the capital expenses of building and maintaining the secondary site. In a second location, owned or rented, they need to deploy new hardware and software according to the size of their production environments, configure it and even manage it, virtually doubling their IT infrastructure efforts. Also, because production workloads are running for the most part within the primary site, the secondary one is rarely used, thus its cost it’s even higher when compared to its value.

D

o

N

This is the situation where a cloud-based solution fits perfectly. By renting resources from a service provider on a pay-as-you-go model, end users have the same final result (CPU, RAM, storage and networking resources available for failover operations) without any capital costs and the burden of designing and deploying the DR site. Furthermore, VM replication through Veeam Cloud Connect is easy-to-use and simple to set-up, there’s no need to set up and maintain VPN connections, or open multiple ports in firewall. The end user, upon subscribing to the service and connecting to a service provider, will see a virtual cloud host, a multi-tenant view of the assigned DR site resources with CPU, RAM, storage and networking resource allocation. Basically, a cloud host serves as the replication target for the replication jobs set up by the end user. A service provider assigns a hardware plan to a tenant that defines the CPU, memory, storage and network resources available to them.

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

223

is

tr

ib ut e

Module 9: Advanced Data Protection

D

Failover has multiple options:

at

e

or

Full site failover Partial site failover. With that, end users are able to failover to the DR site just a part of their workloads, while other VMs will still be running in the production site. This advanced capability is available thanks to built-in network extension appliances that will simplify networking complexity and preserve communication between running VMs regardless of physical location.

up

lic

Disaster recovery-as-a-service (DRaaS) is no doubt one of the most requested services by end users. With Veeam Cloud Connect Replication, service providers have a complete solution to quickly create and deliver DRaaS services for VMware vSphere and Microsoft Hyper-V environments. The software, thanks to its native multi-tenancy capabilities, allows a complete isolation of end users hosted on the same hardware, as well as built-in network connectivity management for all failover types – all without the need to license, learn and maintain any additional 3rd party software.

D

There are a few more essentials pieces:

D

o

N

ot

Ease of use: once end users register a service provider, they will see the new virtual host added to their B&R. To replicate VMs to the service provider’s infrastructure, the tenant just needs to set up a replication job pointed to the cloud host as a target. Ease of networking configuration. The Network Extension appliances preserve communications with and between running replica VMs during full and partial failovers regardless of their location – without having to make any changes to replica TCP/IP settings before, during or after failover. Fully automated upgrade of network extension appliances with product updates installation. Bandwidth-friendliness. Seeding, compression, replication from backup, Built-in WAN Acceleration are all provided as a part of Veeam Cloud Connect Replication to allow customers with slow or unreliable WAN connections, or large amounts of data, to protect their workloads with RPOs that was never before possible with their available bandwidth. Self-service. This is critical to any cloud service, and Veeam Cloud Connect is not an exception. A web portal is offered, running at the service provider and accessible to the end user from any device and from any location. Using this portal, the end user is able to login and start any failover plan on their own, without requiring any intervention from the service provider.

224

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 9: Advanced Data Protection

9.7. Veeam Backup Enterprise Manager

ib ut e

Veeam Backup Enterprise Manager implements security by limiting access to web management website features and data based on user roles. This empowers administrators to delegate permissions in a very granular way, on an as-needed basis, to the individuals who will complete the restore process. It is possible, for example, to delegate permissions to recover files without actually being able to see the contents of the files. Delegations can be made to users which allows for recovery across the virtual spectrum from individual files all the way through to the recovery of the entire VM.

9.7.1. Veeam plug-in for vSphere Web Client

D

is

tr

Monitor your backup infrastructure directly from the vSphere Web Client, VMware’s next-generation administrative interface for vSphere. This plug-in delivers at-a-glance and detailed views of job status and backup resources, and also simplifies capacity planning and identification of unprotected VMs.

or

Note: The vSphere Web Client plug-in is installed from the vCenter Servers page of Configuration view in Veeam Backup Enterprise Manager.

e

Check the following:

lic

at

To successfully obtain statistics from Veeam Backup Enterprise Manager, the accounts under which users access vSphere web client (and then automatically connect to Enterprise Manager) should be assigned one of the Enterprise Manager security roles.

up

To open Veeam ONE reports (optional capability), these accounts should be also included in Veeam ONE Users or Veeam ONE Administrators group on the machine where Veeam ONE Server component is installed.

ot

D

Now IT admins can quickly create a restore point for selected VM using VeeamZIP (full backup) or Quick Backup (incremental backup) right from VMware vSphere web client, with no need to use Veeam backup management console. To utilize these capabilities, a user account under which you log on to vSphere web client needs the following:

o

N

1. A security role assigned in Veeam Backup Enterprise Manager. This can be Portal Administrator or Restore Operator with sufficient scope. 2. Minimal privileges on vCenter level: VirtualMachine.Interact.Backup, Task.Create, Task.Update.

D

To configure the settings for VeeamZIP (.VBK file creation), do the following: 1. In vSphere web client, open vCenter Inventory and in the inventory tree select the VM you need to backup. 2. Right-click the VM and from its shortcut menu select Backup > VeeamZIP to. Alternatively, use the Actions > Backup > VeeamZIP to menu command.

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

225

D

o

N

ot

D

up

lic

at

e

or

D

is

tr

ib ut e

Module 9: Advanced Data Protection

You will be taken to the VM’s Manage tab where you should specify VeeamZIP settings which then will be used as default for VeeamZIP backup.

226

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

D

is

tr

ib ut e

Module 9: Advanced Data Protection

or

3. Select Veeam backup server to process the VM.

lic

at

e

Note: To be visible in this list, Veeam backup server should be added to Veeam Backup Enterprise Manager. Connected repositories from Veeam backup infrastructure will be shown automatically. Select the repository where to store the VeeamZIP file. If necessary, specify the encryption key. Specify whether this backup should be automatically deleted after certain time interval. Select the necessary compression level for the backup. By default, guest OS quiescence is deactivated. If you need the backup to be crash-consistent, clear the Disable guest quiescence check box. 9. Now you can click the VeeamZIP button to create a full VM backup (.VBK file) using the specified settings. You can view the backup creation progress in the Recent Tasks pane on the right.

N

ot

D

up

4. 5. 6. 7. 8.

o

9.7.2. Required Permissions

D

To be able to log in to the Veeam Backup Enterprise Manager website, the user must be assigned either the Portal Administrator, Restore Operator or Portal User role. Portal Administrators have full access to all administrative functions and configuration settings; they can browse, search and restore all VMs (please note that such actions as Instant VM Recovery and restores from the replica are not available though), files, and application items. The Configuration area is not accessible to Restore Operators and Portal Users. Portal Users and Restore Operators can access their restore scope – a list of VMs that can be recovered by appropriate personnel. For example, database administrators can restore database servers (SQL, Oracle, or other) – this is their restore scope. Exchange administrators’ Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

227

Module 9: Advanced Data Protection

restore scope will include Exchange server VM, and so on. Depending on the role configuration, non-administrative users can access the VMs and/or Files tab of Enterprise Manager website.

Important! Restore scope (list of available VMs) can be customized if you have Enterprise Plus edition of Veeam Backup & Replication. In other editions, this list includes all VMs and cannot be customized. However, you can delegate recovery of entire VMs, guest files, or selected file types.

ib ut e

Restore Operators can access VMs from their restore scope in VMs and/or Files tab and perform restore operations as permitted by their settings. Portal Users can access VMs from their restore scope in VMs and/or Files tab, as well as reports for these VMs; they also can perform restore operations as permitted by their settings.

is

tr

9.7.3. Restore of Application Items

or

D

Now authorized personnel, for example, restore operators at Help Desk, can restore the necessary Exchange items (emails, tasks, calendars) and the necessary SQL databases from backups created with Veeam Backup & Replication using Enterprise Manager.

at

e

Note: To recover items from your Exchange or SQL database, make sure you have an application-consistent backup (with VSS enabled) of your server VM. Also, if you plan to restore the SQL database to a certain point in time (not necessarily the restore point), then transaction log processing should be configured as described in Truncation of transaction logs section.

lic

Exchange items

At least Restore Operator

up

Role that needs to be assigned to a responsible user

Exchange Administrator rights and Administrator rights for all mailboxes

Restore Operator or Portal User

The “dbo” user

ot

D

Permissions that need to be assigned to a corresponding user

SQL items

o

N

Note: If your organization’s policy does not allow for administrative rights assignment to restore operators, it is recommended that Application Item Restore wizard (U-AIR) is used.

D

9.7.4. Self-restore portal Veeam Backup Enterprise Manager allows users with local administrative rights for infrastructure VMs to browse, search and restore guest OS files within restore points of the those VMs. This capability is supported by Veeam’s runtime process, which perform guest system indexing and also identifies local administrative accounts. This approach streamlines delegation of restore capabilities: Instead of multiple role assignments and restore scope fine-tuning, the Enterprise Manager administrator can simply provide users with a link

228

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 9: Advanced Data Protection

to web UI displaying exactly the controls required for file-level restore of their VMs. Communication with that personalized web page is performed using HTTPS or HTTP. Enterprise Managers can access both the Enterprise Manager web UI and the self-restore page. All other users will be forwarded to the self-restore page upon the login.

ib ut e

9.7.5. Managing Encryption Keys Enterprise Manager keys help you to restore encrypted data in case of a lost or forgotten password used for encryption. For safety’s sake, it is recommended to periodically generate new Enterprise Manager keys for the encryption process. Regularly changing the encryption keys raises the encryption security level.

is

tr

When you create new Enterprise Manager keys, Veeam Backup Enterprise Manager generates a keyset of two matching keys:

or

D

Public Enterprise Manager key that encrypts storage keys on Veeam backup servers connected to Veeam Backup Enterprise Manager Private Enterprise Manager key that decrypts storage keys in case a password for encrypted backup or tape is lost

e

Enterprise Manager keys are created in the inactive state. To make the keys active and use them for encryption and decryption, you need to activate the keys.

lic

at

In some cases, government regulations and internal company policies require that you regularly change encryption keys. The shorter the lifetime of an encryption key, the smaller the amount of data encrypted with that key. And the smaller the amount of data encrypted with a single encryption key, the higher the level of encryption security.

D

up

The lifetime of Enterprise Manager keys is controlled by a key retention period. The key retention period defines for how long Enterprise Manager keys must remain in effect and used for encryption and decryption.

ot

You can specify a retention period for an Enterprise Manager keyset. Once the retention period is over, the keyset is marked as inactive and is no longer used for encryption or decryption.

o

N

It is important to regularly back up your Enterprise Manager keys or save their copies in a safe place. If you lose a password for an encrypted backup or tape, you can unlock this backup or tape with the private Enterprise Manager key and the Enterprise Keys Restore wizard.

D

However, in some situations, a matching private Enterprise Manager key may be not available. This can happen, for example, if your Veeam Backup Enterprise Manager database has failed or you use a new installation of Veeam Backup Enterprise Manager and a new database. In this case, Veeam Backup Enterprise Manager will not find a matching private Enterprise Manager key in the database and will be unable to unlock the backup or tape encrypted with the public Enterprise Manager key. You can create a backup copy of an Enterprise Manager keyset with the export operation in Veeam Backup Enterprise Manager. The exported keyset is saved as a PEM file and contains private and public Enterprise Manager keys. You can save the exported keyset on the local disk or on a network share. An exported keyset can be imported back to Veeam Backup Enterprise Manager any time you Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

229

Module 9: Advanced Data Protection

need.

ib ut e

Important! Create backup copies of Enterprise Manager keysets and keep them in a safe place. If your installation of Veeam Backup Enterprise Manager goes down for some reason, you will lose private Enterprise Manager keys. As a result, you will not be able to use the Veeam Backup Enterprise Manager functionality to recover data from backups and tapes.

9.7.6. Decrypting Data without a Password

tr

If you have lost or forgotten a password, you can unlock an encrypted file with the help of Veeam Backup Enterprise Manager.

is

You can restore data without a password only if your backup infrastructure meets the following requirements:

e

or

D

1. You use Enterprise or Enterprise Plus Edition of Veeam Backup & Replication. 2. The Veeam backup server on which you encrypted the data are added to Veeam Backup Enterprise Manager. 3. The Veeam backup server on which you generated a request for data decryption is added to Veeam Backup Enterprise Manager.

up

lic

at

To decrypt data without a password, connect the Veeam backup servers to Veeam Backup Enterprise Manager. In this case, Veeam Backup & Replication will employ Enterprise Manager keys in the encryption process, which will let you recover data from encrypted backups and tapes even if the password is lost or forgotten.

N

ot

D

9.7.7. Veeam Backup Enterprise Manager RESTful API

D

o

Veeam Backup Enterprise Manager exposes its objects via the Web Service API based on the REST (Representational State Transfer) framework. Veeam Backup Enterprise Manager RESTful API lets developers communicate with Veeam Backup Enterprise Manager to query information about objects and perform basic operations with them using HTTP and HTTPS protocols and the principles of REST. Since the HTTP protocol is very popular and widespread, REST API is platform-agnostic and can be used with practically any programming language. REST API relies on the client-server model: 1. The client makes requests to the server, Veeam Backup Enterprise Manager, over the HTTP 2. protocol.

230

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 9: Advanced Data Protection

3. The server processes the request and returns either a successful operation status or error. In case of success, the server returns a response in the form of an XML document. 4. The client accepts the response, parses it and retrieves the information it needs from the response. To work with Veeam Backup Enterprise Manager RESTful API, you can use any browser or client application that supports HTTP and HTTPS protocols.

tr

ib ut e

Veeam Backup Enterprise Manager additionally offers its own client, Veeam Backup Enterprise Manager Web Client that you can use to evaluate and test capabilities of Veeam Backup Enterprise Manager RESTful API. Veeam Backup Enterprise Manager Web Client is a web-based client. It can be accessed via the Internet browser on the machine where Veeam Backup Enterprise Manager is installed by the following URL: http://<enterprise-manager>:9399/web

D

is

9.8. Standalone Console

or

The Veeam Backup & Replication console is a client-side component that provides access to the backup server. The console lets you log in to Veeam Backup & Replication and perform all kind of data protection and disaster recovery operations as if you work on the backup server.

at

e

The console does not have a direct access to the backup infrastructure components and configuration database. Such data as user credentials, passwords, roles and permissions are stored on the backup server side. To access this data, the console needs to connect to the backup server and query this information periodically during the work session.

up

lic

To make users' work as uninterrupted as possible, the remote console maintains the session for 5 minutes if the connection is lost. If the connection is re-established within this period, you can continue working without re-logging to the console.

D

Backup & Replication Console Deployment

ot

The console is installed locally on the backup server by default. You can also use it in a standalone mode — install the console on a dedicated machine and access Veeam Backup & Replication remotely over the network.

D

o

N

You can install and connect as many remote consoles as you need so that multiple users can access Veeam Backup & Replication simultaneously. Veeam Backup & Replication prevents concurrent modifications on the backup server. If several users are working with Veeam Backup & Replication at the same time, the user who saves the changes first has the priority. Other users will be prompted to reload the wizard or window to get the most recent information about the changes in the configuration database. If you have multiple backup servers in the infrastructure, you can connect to any of them from the same console. For convenience, you can save several shortcuts for these connections. Backup & Replication Console Components When you install a remote console on a machine, Veeam Backup & Replication installs the following components: Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

231

Module 9: Advanced Data Protection

Veeam Backup PowerShell Snap-In Veeam Explorer for Microsoft Active Directory Veeam Explorer for Microsoft Exchange Veeam Explorer for Oracle Veeam Explorer for Microsoft SQL Veeam Explorer for Microsoft SharePoint Mount server

ib ut e

Backup & Replication Console User Access Rights

tr

To log in to Veeam Backup & Replication via the console, the user must be added to the Local Users group on the backup server or a group of domain users who have access to the backup server. The user can perform the scope of operations permitted by his or her role in Veeam Backup & Replication.

is

Requirements for Backup & Replication Console

or

The machine must meet the system requirements.

D

A machine on which you install the Veeam Backup & Replication console must meet the following requirements:

at

e

The remote console can be installed on a Microsoft Windows machine (physical or virtual). If you install the console remotely, you can deploy it behind NAT. However, the backup server must be outside NAT. The opposite type of deployment is not supported: if the backup server is deployed behind NAT and the remote console is deployed outside NAT, you will not be able to connect to the backup server.

lic

Limitations for Backup & Replication Console

up

The Veeam Backup & Replication console has the following limitations:

N

ot

D

You cannot perform restore from the configuration backup via the remote console. The machines on which the remote console is installed are not added to the list of managed servers automatically. For this reason, you cannot perform some operations, for example, import backup files that reside on the remote console machine or assign roles of backup infrastructure components to this machine. To perform these operations, you must add the remote console machine as a managed server to Veeam Backup & Replication.

o

9.9. vCloud Director Support

D

Backup and restore of vCloud Director vApps and VMs has always been a hot topic. Up to now, backup tools offered no backup option in the vCloud Director environment. The only way was to perform backup at the level of the underlying vCenter Server. For restore, the administrators would first need to restore VMs to the vCenter Server level and then import them to vCloud Director. Veeam Backup & Replication provides support for vCloud Director. It uses vCloud Director API to help you back up vApps and VMs and restore them directly to the vCloud Director hierarchy.

232

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

ib ut e

Module 9: Advanced Data Protection

D

is

tr

The main entity with which Veeam Backup & Replication works during backup is a vApp. A vApp is a virtual system that contains one or more individual VMs along with parameters that define operational details – vApp metadata. When Veeam Backup & Replication performs a backup of VMs, it captures not only data from the VMs, but also vApp metadata.

D

o

N

ot

D

up

lic

at

e

or

As a result, you can restore vCloud Director objects back to the vCloud Director hierarchy and do not need to perform any additional actions on import and VM configuration.

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

233

D

o

N

ot

D

up

lic

at

e

or

D

is

tr

ib ut e

Module 9: Advanced Data Protection

234

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 9: Advanced Data Protection

Labs for Module 9: Advanced Data Protection

tr

ib ut e

At this point, you’ve learned most of the basic data protection and disaster recovery features of Veeam Backup & Replication. You are now able to perform backup and replication, verify it and restore entire VMs and granular objects, such as files, Microsoft Exchange, Oracle, Microsoft Active Directory, Microsoft SQL Server and Microsoft SharePoint items. In addition to those crucial features, Veeam Backup & Replication provides a few more advanced options that allow you to comply with your data protection strategy while improving your recovery time and point objectives (RTPO™) to better protect your data and VMs. The next set of labs provides you with hands-on experience on taking your backups off site to tape, advanced integration with SAN storage arrays, Veeam Backup Enterprise Manager, Veeam Backup & Replication Standalone Console and Veeam PowerShell snap-in.

D

Lab

is

Get into the Lab Action

Purpose

Working with SAN storage snapshot

Configure a SAN storage so that backup and restore using SAN snapshots can be used.

9.2

Using backup to tape

Connect a tape device to your Veeam Backup & Replication installation. Create a backup job to get backups off site.

9.3

Configuring Hyper-V backup to run in off-host mode

9.4

Working with Veeam Backup Enterprise Manager

Veeam configuration backup and restore

N

9.5

ot

D

up

lic

at

e

or

9.1

Introducing the Veeam PowerShell snap-in

Review the capabilities of Veeam Backup Enterprise Manager and try them out. Backup Veeam server configuration and perform a configuration restore using a migrate scenario to copy the infrastructure configuration from one Veeam Backup & Replication server to another. Operate the product through PowerShell cmdlets.

D

o

9.6

Add an off-host proxy so that the load of data processing is taken from the Hyper-V host.

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

235

D

o

N

ot

D

up

lic

at

e

or

D

is

tr

ib ut e

Module 9: Advanced Data Protection

236

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 10: Veeam ONE Features and Functionality

10. Veeam ONE Features and Functionality

ib ut e

Veeam ONE is a management solution for virtual environments of any scale and complexity. It delivers real-time monitoring on health and performance of virtual environments, helps analyze the efficiency of data protection implemented with Veeam Backup & Replication, provides intelligent reporting and offers business-based views of the virtual infrastructure topology to simplify management and expedite decision-making.

10.1. Veeam ONE overview

Component

Description

tr

Veeam ONE incorporates three components:

Veeam ONE Reporter

Veeam ONE Reporter helps you verify configuration issues, optimize resource allocation and utilization, and track implemented changes. You can also plan capacity growth and track whether mission-critical VMs are properly protected in the virtualized datacenter.

Veeam ONE Business View

Veeam ONE Business View allows you to group your virtual infrastructure objects into categories like SLA, business unit, purpose, or configuration entity. Your business categorization model is further applied to the monitoring and reporting functionality to simplify management and ensure transparency of operations for your business across large virtual environments.

D

up

lic

at

e

or

D

is

Veeam ONE Monitor

Veeam ONE Monitor is the primary tool used for monitoring your virtual environment and Veeam Backup & Replication infrastructure. In the Veeam ONE Monitor console, you can manage, view and interact with alarms and monitoring data as well as analyze performance of virtual infrastructure and backup infrastructure components. You can also keep an eye on the efficiency of data protection operations and troubleshoot issues that occur in your virtual environment, generate reports, and administer monitoring settings.

ot

10.2. Veeam ONE components

D

o

N

Veeam ONE Reporter and Veeam ONE Monitor integrate with Veeam ONE Business View out of the box. Veeam ONE Business View categorization model and category values assigned to virtual infrastructure objects are stored to the shared Veeam ONE database. Veeam ONE Monitor and Veeam ONE Reporter access and use this data for business-oriented monitoring and reporting. Therefore, you don’t need to perform any additional steps for Veeam ONE components integration.

10.2.1. Monitoring and Alerting Veeam ONE Monitor – a part of an integrated Veeam ONE solution – is the primary tool for monitoring your VMware and Microsoft Hyper-V environment and Veeam Backup & Replication infrastructure. With Veeam ONE Monitor, you can manage, view and interact with alarms and Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

237

Module 10: Veeam ONE Features and Functionality

monitoring data, analyze performance of virtual infrastructure objects, keep an eye on the efficiency of data protection implemented with Veeam Backup & Replication, generate reports and administer monitoring settings. Veeam ONE Monitor provides complete visibility of your virtual and backup infrastructure and helps you speed up troubleshooting and quickly isolate root causes of performance issues before users and services are affected. Veeam ONE Monitor features the following functionality: Description

ib ut e

Feature

Support for heterogeneous virtual environments

Veeam ONE Monitor is designed for professional use in Microsoft Hyper-V and VMware vSphere virtual environments. Monitoring and alerting capabilities for Microsoft Hyper-V and VMware vSphere virtual environments are available from a single console, which eliminates the need to deploy and use multiple monitoring solutions for adopted virtualization platforms.

Support for SCVMM, failover clusters and hosts

Veeam ONE Monitor allows you to gather monitoring information from large virtual deployments with multiple SCVMM servers, failover clusters and standalone hosts.

Integrated or standalone monitoring

Veeam ONE Monitor connects to SCVMM and failover clusters to provide you with cluster-aware monitoring of your virtual machines. If a VM is moved to another server in the cluster by means of Live Migration or manually, Veeam ONE Monitor will continue gathering performance data from it. Veeam ONE Monitor allows you to gather monitoring information from large virtual deployments with multiple SCVMM servers or failover clusters – all from a single console. For small datacenters or development labs running without SCVMM or failover clusters, Veeam ONE Monitor can provide monitoring, alerting and reporting for multiple standalone hosts.

o

N

ot

D

up

lic

at

e

or

D

is

tr

Integration with Veeam Backup & Replication

Veeam ONE Monitor offers advanced possibilities for monitoring the efficiency of VM data protection in your virtual environment. Veeam ONE Monitor collects real-time statistics from connected Veeam backup servers and allows you to quickly review the latest status of backup, replication, SureBackup, backup copy, backup to tape, and other types of jobs. You can also examine configuration and performance of your backup infrastructure components and instantaneously react to potentially dangerous situations with VM data protection.

D

Client/Server architecture

238

Veeam ONE Monitor supports multi-admin access to performance data without affecting virtual environment performance or changing the access policy. It agentlessly gathers all performance information into a Microsoft SQL Server database, allowing users to access infrastructure-wide performance data as needed.

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 10: Veeam ONE Features and Functionality

Feature

Description

Advanced monitoring options

To provide enhanced control over the virtual environment, Veeam ONE Monitor features a number of advanced monitoring options: viewing and managing in-guest processes and services running on a host or VM and logging on to the VM console directly from Veeam ONE Monitor.

CSV, SMB and local storage monitoring

Veeam ONE Monitor keeps you aware of the local storage, Cluster Shared Volumes (CSV) and SMB file shares state. To trace the storage state, it uses specific alarms, reports and charts. Direct and indirect CSV workloads are differentiated in charts to help you understand the impact of each type of workload on a datastore and determine whether an issue is hardware- or configuration-based.

Historical reports

To obtain a point-in-time view of your virtual environment, you can create reports right from the Veeam ONE Monitor console. With a couple of clicks, you can generate HTML reports that describe your virtual infrastructure, summarize performance statistics and help you analyze the efficiency of data protection in your virtual environment. Or, you can easily switch to the Veeam ONE Reporter console. Veeam ONE Monitor enables both technical- and business-oriented monitoring of the virtual infrastructure. It uses categorization data from Veeam ONE Business View to build a business topology of your virtual infrastructure and provide you with a possibility to monitor and alert of your environment presented in business terms.

ot

D

Business view categorization

up

lic

at

e

or

D

is

tr

ib ut e

Alarms

With Veeam ONE Monitor alarms, you can easily set up email notifications and SNMP traps or run custom notification scripts for important events such as VM power off, CPU utilization level excess, and so on. SNMP traps can be used to feed alarm data into other popular system monitors, such as CA Unicenter, BMC Patrol, IBM Tivoli or HPE OpenView. Alarm modelling allows you to estimate the number of alarms that you will receive and adjust alarms settings in case important information is not received or too many false positive alarms are triggered. Alarm suppressing makes it possible to eliminate sending multiple alarms during specific activities in your virtual infrastructure (for example, backup).

o

N

With Veeam ONE Monitor, you can configure and use alarms that will inform you about important events and changes in your virtual environment. The ability to be alerted of changes in your virtual environment allows for faster response to critical issues and helps to maintain the overall health of the virtual infrastructure.

D

Out of the box, Veeam ONE Monitor comes with a set of predefined alarms including: Predefined alarms for monitoring VMware vSphere, Microsoft Hyper-V environments and vCloud Director operations framework. Predefined alarms are based on best practices for a common virtual environment. Veeam Backup & Replication alarms that alert on connection status of backup infrastructure components, job state and duration, insufficient space on backup repositories, and Veeam Backup & Replication license issues. Internal alarms that alert on data collection issues, problems with connection to virtual servers,

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

239

Module 10: Veeam ONE Features and Functionality

insufficient space for Veeam ONE database, and license concerns. All predefined alarms include an extensive knowledge base. When a problem occurs, you will not only be alerted, but will also have all the necessary information for troubleshooting and finding the root cause of the issue.

ib ut e

Depending on your requirements to the virtual environment, you can adjust settings of predefined alarms, or create new alarms that will analyze performance and alert on errors at any level of the virtual infrastructure. Veeam ONE Monitor offers an extensive set of rules and different severity levels, allowing you to create your own elaborate alarm model.

10.2.2. Reporting and Dashboards

or

D

is

tr

Veeam ONE Reporter – part of an integrated Veeam ONE solution – is designed for documenting and reporting on your Veeam Backup & Replication infrastructure and virtual environment. Veeam ONE Reporter allows you to automatically discover and collect information about your VMware vSphere, vCloud Director, Microsoft Hyper-V environment, its components, configuration settings, performance and track the efficiency of data protection performed with Veeam Backup & Replication. Veeam ONE Reporter offers comprehensive visual reports and dashboards for documentation, analysis, decisionmaking, change tracking, capacity planning and optimization of resource utilization.

lic

at

e

Veeam ONE Monitor also offers a set of summary dashboards for monitoring your virtual environment and data protection infrastructure. Summary dashboards serve as the "launch point" for monitoring and troubleshooting. They show the summary of health state, list the most recent alarms and highlight key performance and configuration metrics in a single view. Summary dashboards are particularly helpful if you want to quickly check the overall health and reveal hotspots in your environment.

up

Virtual infrastructure Summary dashboards are the start-off point for monitoring your virtual environment. The dashboards reflect the aggregate health state for all components at a specific level of your virtual infrastructure and show summary details for a selected virtual infrastructure object:

N

ot

D

Virtual Infrastructure Summary Host Summary Virtual Machine Summary Local Storage Summary SMB Share Summary Cluster Shared Volume Summary

D

o

The Veeam ONE Reporter reports can be launched within the Veeam ONE Monitor interface. The following reports are among ones available with Veeam ONE Reporter: Report Name

Description

Backup Billing

Calculates storage costs for the backup infrastructure and tracks how much storage space is consumed by backup files

Backup Inventory

Provides inventory information for your Veeam Backup & Replication infrastructure

240

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 10: Veeam ONE Features and Functionality

Report Name

Description Analyzes the amount of free space on backup repositories and estimates the projected date when the repositories will run out of available storage capacity

Job Configuration Change Tracking

Keeps a record of the backup jobs’ configuration changes that occurred during a specified period

Backup Job Historical Information

Provides advanced information on completed backup and replication job sessions

Veeam Cloud Connect User Report

Provides an overview of the storage utilization trends for Cloud Connect customers, listing key details and providing capacity availability outlook

SQL Backup Job Historical Information

Tracks the progress of SQL server backup jobs, providing the necessary details to verify that critical databases are properly backed up

Restore Operator Activity

Audits information on all types of restore actions performed across the selected Veeam Backup & Replication servers

Protected VMs

Examines which VMs in your environment have been bolstered by up-to-date restore points by validating their RPO compliance

Orphaned VMs

Discovers the VMs that are present in existing backup files, but are missing from any pending backup, replication or backup to tape jobs Zeroes in on the VMs that are backed up by several discrete jobs

up

VMs Backed Up by Multiple Jobs

lic

at

e

or

D

is

tr

ib ut e

Capacity Planning for Backup Repositories

Dissects the configuration of a failover plan, including the list of designated VMs and the amount of storage data allocated to them

VMs with no Archive Copy

Lists the VMs whose backups are not complemented by an existing archive copy

N

ot

D

VM Failover Plan Overview

o

10.2.3. Business Categorization

D

While the SCVMM and Failover Cluster Manager consoles offer a set of views presenting virtual infrastructure hierarchy from a technical perspective (clusters, hosts, VMs and so on), Veeam ONE Business View builds a different categorization model – it presents data about VMs, hosts, storages and clusters in business terms, as they are categorized in your virtual infrastructure. Such insight from the enterprise perspective allows you to control, analyze and plan constantly developing and changing virtual environment. vSphere tags are becoming increasingly popular with vSphere administrators, as they provide much more flexibility than a single dimension of VM folders. In fact, both Veeam Backup & Replication and Veeam ONE support vSphere tags. Once the rules are defined in Business View, the appropriate tags Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

241

Module 10: Veeam ONE Features and Functionality

are then automatically set in vSphere. This means that you can create automatic rules in Business View to tag VM's and then setup backup jobs in Veeam Backup & Replication to use the vSphere tags. This will work with any product that uses vSphere tags.

ib ut e

As a result, Veeam ONE Business View can be used to create a tag for all mission critical VMs. This tag can be later used in Veeam ONE Reporter and Veeam ONE to assign special alarms and reports to that group, or in Veeam Backup & Replication to configure backup or replication jobs to automatically include any VMs with the given tag.

10.2.4. Auto Discovery of Backup and Virtual Infrastructure

D

is

tr

To allow Veeam ONE to collect information about your virtual infrastructure and track the efficiency of VM data protection, you need to connect to VMware, vCloud Director or Hyper-V virtual management servers and Veeam backup servers. You can connect to servers either during installation or configure connections later in the Veeam ONE Monitor console. Configured connection settings are automatically propagated to all Veeam ONE components.

e

or

For example: If you connect a vCenter Server to Veeam ONE Monitor, it automatically becomes available in Veeam ONE Reporter and Veeam ONE Business View. Therefore, there’s no need to configure connections to virtual servers and backup servers for every Veeam ONE component individually.

at

When you:

lic

Change connection settings for a server, the changes are adapted across all components. Remove a server from Veeam ONE Monitor, Veeam ONE automatically removes the server connection from all other components.

N

ot

D

up

Veeam ONE provides a convenient way of gathering data from VMware vSphere servers, vCloud Director servers, SCVMM servers, failover clusters, Hyper-V hosts and Veeam backup servers. Data for Veeam ONE Monitor is collected in real-time. For Veeam ONE Reporter and Business View, you can choose to collect data periodically, according to a specific schedule, or run data collection manually. Veeam ONE collects data agentlessly, putting no additional load on virtual servers. Veeam ONE leverages built-in monitoring means: it uses network connection to get data via a set of API calls and OS subsystems.

D

o

Retrieved data is stored to the SQL database. You can choose the necessary point in time to generate reports that describe the state of the virtual infrastructure and data protection activities at the chosen moment in the past. Veeam ONE supports multi-user access to its monitoring and reporting capabilities. Authorized users can concurrently access the same instance of Veeam ONE to monitor the health state of the virtual infrastructure, view dashboards and run reports. To restrict access to sensitive infrastructure data, you can limit the scope of virtual infrastructure objects and associated data that must be available to a Veeam ONE user. Thus you can control what subset of the managed virtual infrastructure the user can see and work with. User permissions can be restricted for two types of inventories:

242

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 10: Veeam ONE Features and Functionality

VMware vSphere inventory vCloud Director inventory

ib ut e

In a multi-tenant environment, you can configure restricted access to Veeam ONE data for owners of virtualized systems or responsible personnel and delegate monitoring and reporting tasks. For example, if you manage VMware vSphere systems that belong to different business units, you can restrict permissions so that users can monitor and report on systems owned by their business unit. Or, if you manage resources for multiple organizations in a vCloud Director environment, you can restrict permissions on a per-organization basis, so that users can monitor and report on vApps and VMs belonging to their organization.

D

10.3. Veeam ONE Deployment

is

tr

Important! You must not include a user with restricted permissions into Veeam ONE security groups. Members of security groups always have access to the whole infrastructure inventory in Veeam ONE, regardless of their permissions on the vCenter Server or vCloud Director inventory hierarchy.

e

or

Veeam ONE supports two deployment scenarios: Typical and Advanced (Advanced scalability). Depending on the size of the managed virtual environment, you can choose of the following Veeam ONE installation types:

lic

at

Typical – this type of installation is recommended for small to medium environments, with up to 100 hosts and 1500 VMs

up

Advanced Scalability – this type of installation is recommended for large environments with more than 100 hosts and 1500 VMs

N

ot

D

Installation type is defined by a set of configuration parameters that determine Veeam ONE behavior in a number of areas, such as data collection and other. Choosing the appropriate installation type allows you to optimize monitoring and reporting performance and improve user experience in Veeam ONE. Note, that Veeam ONE provides support for multi-tenant environments.

D

o

10.3.1. Typical deployment The typical deployment scenario is ideal if you want to consolidate the entire product functionality in one place by installing all product components on a single machine (physical or virtual). This scenario is preferable for small- to medium-scale deployments.

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

243

ib ut e

Module 10: Veeam ONE Features and Functionality

is

tr

In the typical deployment scenario, all Veeam ONE components (Veeam ONE Server, Veeam ONE Web UI, and Veeam ONE Monitor Client) are installed altogether on a single machine (either physical or virtual).

or

D

To store data retrieved from connected servers, a local or remote SQL Server instance is required as a supporting system. If you have an SQL Server instance that meets the Veeam ONE system requirements, you can adopt it for Veeam ONE usage. Otherwise, you can install a new SQL Server instance during the product installation – Veeam ONE setup package includes SQL Server 2012 Express.

lic

at

e

To enable multi-user access to real-time performance statistics and configurable alarms, you can additionally install several instances of Veeam ONE Monitor Client on separate machines. Thus, you will be able to access Veeam ONE functionality either from the local machine or from remote computers.

up

10.3.2. Advanced deployment

D

o

N

ot

D

The advanced deployment scenario is more suitable if you want to separate client/server roles by installing structural components on different machines. It is more suitable to accommodate the need of the large environments.

In the advanced deployment scenario, the following Veeam ONE components are installed on separate machines: 244

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 10: Veeam ONE Features and Functionality

Veeam ONE Server Veeam ONE Web UI To enable user access to real-time performance statistics and configurable alarms, you need to install one or several instances of Veeam ONE Monitor Client.

ib ut e

To store data retrieved from connected servers, a local or remote SQL Server instance is required as a supporting system. If you already have an SQL Server instance that meets the Veeam ONE system requirements, you can adopt it for your deployment. Otherwise, you can install a new SQL Server instance during the product installation – Veeam ONE setup package includes SQL Server 2012 Express.

Description

is

Component

tr

The advanced installation utilizes a client-server model for data collection and communication, which includes three components:

Collects data from virtual infrastructure servers, vCloud Director servers and Veeam Backup & Replication servers and stores aggregated data in the SQL database

Web UI - Veeam ONE Reporting - Veeam ONE Business View

Communicates with the SQL database allowing users to access collected data for generating reports and managing business categorization

Monitor Client

Communicates with Veeam ONE Server directly to obtain real-time virtual infrastructure performance data and data protection statistics

lic

at

e

or

D

Server

D

up

Therefore, for a successful advanced deployment of Veeam ONE, it is essential that the client components are aware of the Veeam ONE Server and SQL database locations and can connect to them in order to process and manipulate data.

ot

10.4. Veeam ONE as an assessment tool

D

o

N

Veeam ONE offers the Infrastructure Assessment report pack which helps ensure your VMs are ready to be properly backed up. Infrastructure assessment reports analyze your environment for incompatibilities and configuration errors that can potentially prevent or complicate future backup operations. The report pack helps you predict the amount of future changes on virtual disks that may have an influence on the frequency of backup jobs, consumed backup capacities and necessary WAN bandwidth allocated for replication jobs.

10.4.1. Veeam ONE as an assessment tool content The following reports are included in the VMware Infrastructure Assessment pack: Datastore Performance Assessment – provides information on datastore performance and

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

245

Module 10: Veeam ONE Features and Functionality

tr

ib ut e

helps reveal potential issues that can occur during the backup process. VM Change Rate Estimation – tracks the amount of data changed on virtual disks to find VMs that grow too fast. The report analyzes rates at which data was written to virtual disks during the selected reporting interval, and displays top N virtual machines that grew faster and slower than other VMs. By analyzing the VM change rate, this report helps you assess future needs for repository free space. VM Configuration Assessment – helps you to assess VMs readiness for performing backup with Veeam Backup & Replication. The report analyzes configuration of VMs in your virtual environment, and shows potential issues and possible limitations that could cause backup process to fail or prevent VMs from being properly backed up – for example, VMware Tools are not installed at the VM, or the VM has independent virtual disks in its configuration (Veeam Backup & Replication does not support independent disks; these disks are skipped from processing automatically). This report allows you to obtain a list of VMs in your virtual environment that could experience potential issues with backups, and to get guidance on how to resolve these issues.

is

The following reports are included in the Hyper-V Infrastructure Assessment pack:

up

lic

at

e

or

D

Configuration Assessment – analyzes configuration of the Hyper-V infrastructure against a set of recommended settings and best practices, identifies clusters, hosts and\or VMs that are configured inefficiently and verifies problem areas to help mitigate issues and prepare VMs for backup with Veeam Backup & Replication. Performance Assessment – evaluates whether the Hyper-V infrastructure is configured optimally, helps find potential issues and suggests actions aimed at boosting its efficiency. VM Change Rate Estimation – tracks the amount of data changed on virtual disks to find VMs that grow too fast. The report analyzes rates at which data was written to virtual disks during the selected reporting interval, and displays top N virtual machines that grew faster and slower than other VMs. By analyzing the VM change rate, this report helps you assess future needs for repository free space.

D

10.4.2. Data Sovereignty

N

ot

Veeam Backup & Replication supports a notion of location which you can assign to virtual infrastructure, backup infrastructure and agent management objects. Location settings helps to monitor where production data and their copies and replicas reside geographically. There are two reports included to track Data Sovereignty:

D

o

Data Sovereignty Overview Data Sovereignty Violations analyzes whether any backups, backup copies and replicas reside in a location different from a data source and displays results as pie charts. This visual representation will help you identify which jobs and objects violate data protection regulations accepted in your organization.

Data Sovereignty Overview analyzes the location of backups, backup copies and replicas for a data source and displays it as pie charts. This visual representation will help you monitor your data in a geographically disperse infrastructure.

246

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 10: Veeam ONE Features and Functionality

Labs for Module 10: Veeam ONE Features and Functionality

ib ut e

It is crucial to have the right monitoring tools to maintain complete visibility into your virtual environment and backup and replication infrastructure in order to maintain an Always-On Business™. Proper visibility in both layers helps provide efficient detection of potential issues before operational impact.

is

tr

You are now welcome to try out the corresponding labs on Veeam ONE and its capabilities. You will have an opportunity for a hands-on experience when working with Veeam ONE, from setting it up to performing infrastructure assessment, before Veeam Backup & Replication installation.

Action

Purpose

or

Lab

D

Get into the Lab

Setting up Veeam ONE (part two)

Add a Veeam backup server to the Veeam ONE interface and schedule data collection.

10.2

Creating a custom Veeam ONE Reporter dashboard

Create a Veeam ONE Reporter dashboard to make working with the VMs from the course easier and more comfortable.

10.3

Customizing Veeam ONE Monitor alerting options

Set up email notifications to ensure that you do not miss critical changes or events that occur in your environment.

10.4

Veeam ONE: Creating a Business View category and group

Set up categorization for VMs.

ot

D

up

lic

at

e

10.1

Veeam ONE backup reporting

N

10.5

Performing an infrastructure assessment

Analyze the environment for incompatibilities and configuration errors that can potentially prevent or complicate future backup operations.

D

o

10.6

Run the Protected VMs report to analyze the backup protection of VMs in your virtual environment.

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

247

D

o

N

ot

D

up

lic

at

e

or

D

is

tr

ib ut e

Module 10: Veeam ONE Features and Functionality

248

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 11: Product Editions

11. Product Editions

11.1. Product Editions Comparison

ib ut e

Veeam Backup & Replication is available in Standard, Enterprise and Enterprise Plus editions. The Enterprise and Enterprise Plus editions include additional features to accommodate the requirements of large enterprise environments.

A subset of the differences in features for Standard, Enterprise and Enterprise Plus editions applicable to VMware vSphere and Microsoft Hyper-V environments are shown in the table below.

Backup copy job

Hyper-V

Available Direct operations and WAN acceleration

or

Available Support for copying jobs to remote locations over WAN (direct operations only)

VMware

VMware

tr

Hyper-V

Enterprise Plus Edition

Hyper-V

is

VMware

Enterprise Edition

D

Standard Edition

Feature

Available Direct operations and WAN acceleration

Available

Built-in WAN acceleration

Not available

Available

Not available

D

up

Backup from storage snapshots

lic

at

e

Only support for Veeam Cloud Connect

Limited File to Tape jobs only

D

o

N

ot

Native tape support

Support for vCloud Director

Limited Visibility of vCloud Director (vCD) infrastructure, backup via VeeamZIP (including backup of vApp and VM meta data and attributes)

Not available

Not available

Available Support for creating backups and replicas from SAN snapshots

Full support Includes archiving Veeam backups to tape, with full tracking of backups and restore points

Full support

Limited support Support for scheduled incremental backup jobs of vCloud VMs.

Full support Support for self-service, tenant managed backup and restore via Enterprise Manager, as well as native vCloud Director authentication

Not available

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Not available

Not available

249

Module 11: Product Editions

Standard Edition VMware

SureBackup recovery verification

VMware

Hyper-V

Enterprise Plus Edition

Hyper-V

VMware

Not available

Available Includes specialized universal wizard for any application

Available

Manual Verify the recoverability of backup files by mounting VM disks from backup files using Instant VM Recovery and manually testing them

Automated You can select to perform automatic recovery verification jobs after every backup and verify any restore point.

Available

Available Automatically verify every restore point in every replica

Available

Not available

Not available

On-Demand Sandbox

Not available

Available

Available

On-Demand Sandbox for Storage Snapshots

Not available

Not available

Available

is

SureReplica recovery verification

Not available

at

e

or

D

Not available

Hyper-V

ib ut e

Universal Application-Item Recovery (U-AIR)

Enterprise Edition

tr

Feature

Not restricted

Available Allows help desk administrators to restore VMs and guest files through the Veeam Backup Enterprise Manager web UI

Available

Not available

Not available

Available Allows authorized users to restore VMs and guest files through the web UI

Not available

Available Clone existing jobs and edit their settings from the Veeam Backup Enterprise Manager web UI

Available

lic

Restricted Browse and search for files in backups which are currently on disk

D

up

File system indexing

Not restricted Browse and search for files in both current and archived backups (for example, backups which have been moved to tape storage)

Not available

N

ot

1-Click Restore

D

o

Delegation and selfrecovery of VMs and guest files

Job cloning and editing via the web UI

250

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 11: Product Editions

Standard Edition

Feature

VMware

Hyper-V

Enterprise Edition VMware

Enterprise Plus Edition VMware

Hyper-V

Full support Includes restore to original location

Full support

Scale-Out Backup Repository

Not available

Limited 3 extents maximum

Available Unlimited extents

Backup from NetApp SnapMirror and SnapVault

Not available

Not available

Guest Interaction Proxy

Not available Application-Aware Processing is still possible, but runtime will be injected by Veeam Backup Server instead of a Guest Interaction Proxy.

Available

Mount Server

Available

Direct NFS access

Available

Standalone console

Available

Data Domain Boost and HPE StoreOnce Support

Not available

D

Veeam Backup Enterprise Manager Web API

tr is D

or Available

Available

Available

Available

Available

Available

Available

Available

Not available

Available

at

Available

ot

Not available

Available

e

Available

Available

Available

lic

up

Veeam PowerShell snap-in

ib ut e

Veeam Explorers

Limited support Browse and restore mail items via save, send and export

Hyper-V

o

N

All editions are installed with the same setup file, however, the extra functionality becomes available only after installing a full license for Veeam Backup & Replication Enterprise Edition or Enterprise Plus Edition. You can install the license for the necessary version during the setup process and change the license file later. You can also change the type of license used.

D

A full comparison between all editions can be found on the Veeam website at https://www.veeam.com/backup-version-standardenterprise-editions-compar ison.html

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

251

Module 11: Product Editions

11.2. Product Licensing Veeam Backup & Replication is licensed per socket for each managed hypervisor, where protected VMs reside. Paid

ProPartner NFR

Trial

Number purchased

32

12

Duration

Perpetual/Subscription

30 days

6 or 12 months

Functionality

Edition purchased

Enterprise Plus

Enterprise Plus

Technical support

Basic or Production Support

Evaluation Support

ib ut e

Number of CPU sockets

Free Edition Unlimited

is

tr

Perpetual

Limited

or

D

Limited

Free Edition

11.3. Full and Free Functionality Modes

e

Veeam Backup & Replication can operate in two functionality modes: full mode and free mode.

N

ot

D

up

lic

at

When you run Veeam Backup & Replication in the full functionality mode, you get a commercial version of the product that provides access to all functions. When you run Veeam Backup & Replication in the free functionality mode, you get a free version that provides a number of powerful utilities for managing virtual machines (VMs). It also provides flexible recovery, with the ability to restore the entire VM or individual VM files, guest files, and Microsoft Exchange, SharePoint, SQL Server and Active Directory items directly from the backup. Veeam Backup Free Edition does have a number of limitations, including (but not limited to): Full backups of individual VMs only — no scheduled, incremental or multi-VM backups No vPower capabilities (however, you can import VeeamZIP™ backups into the paid editions and use vPower capabilities there) No VM replication

D

o

If you have a valid license installed, Veeam Backup & Replication operates in the full functionality mode. As soon as your license expires, you will be offered to install a new license or switch to the free functionality mode. To switch to the free mode, select View → Free functionality only from the main menu. To switch back to the full mode, do either of the following: Install a valid license: select Help → License from the main menu. In the displayed window, click Install License and select the necessary license file. Select View → Full functionality (advanced) from the main menu. Note that if you do not have a valid license installed, you will not be able to use the functionality provided by the full mode. 252

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 11: Product Editions

D

o

N

ot

D

up

lic

at

e

or

D

is

tr

ib ut e

Note: You cannot switch to the free functionality mode if a valid trial or paid license is installed on the Veeam backup server. In this case, the View menu item will be hidden in the main menu.

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

253

D

o

N

ot

D

up

lic

at

e

or

D

is

tr

ib ut e

Module 11: Product Editions

254

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 12: Troubleshooting

12. Troubleshooting In this section you will explore: How to identify issues

ib ut e

How to review and analyze issues

12.1. How to identify the Problem

tr

The first stage of the process is to identify the problem.

Common Problems

D

Category

is

Listed here are some of the most common problems.

- Backup job error - Pop up messages in GUI / program - Errors During restore

Unexpected infrastructure behavior

- Slow performance on the server / poor server performance (Stunned or slow work of the server / High load on the server) - Non responsive GUI - Non responsive Veeam Server - Veeam services or other services not starting - BSOD (Windows Blue Screen) - Incorrect information

up

lic

at

e

or

Error messages

- Too fast /too heavy/poorly tuned Veeam

D

Other Environmental challenges

ot

12.2. Review and Analyze the Issue

D

o

N

Once the problem has been identified, the next step is to analyze the issue. To begin, you should always check if it’s a common issue or limitation. See below for the most common issues or limitations. Issue

Cause

Free ESX(i) is not supported

When starting a backup or replication job, it fails with an error: “Current license or ESXi version prohibits execution of the requested operation.” Solution: Please upgrade to a paid version of ESX(i). Free ESX(i) Version doesn’t have API which is used by Veeam Backup & Replication. For further information please visit http://www.veeam.com/kb1435.

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

255

Module 12: Troubleshooting

Cause

Licensing issues (How do I know if I have enough licenses?)

You can mark a support case as licensing-related when you open a case in the Customer Portal. Here are some other helpful support resources: - http://www.veeam.com/kb1470 - http://www.veeam.com/kb1718 - http://www.veeam.com/kb1191

Restore challenges

Some common restore challenges: - Restore Speeds - Restore Failures - Alternative Restore options when primary restore option fails Most inquiries around Restore Challenges are focused in online forums.

Bottleneck detectors

In our backup jobs we have bottleneck statistics that can teach us about where the jobs are slowing down. This can be source/network/target/proxy. The bottleneck statistics does not necessarily mean that you have a problem in your backup infrastructure; it simply informs you about the weakest component in the data path. However, if you feel that the job performance is low, you may try taking some measures to resolve the bottleneck.

or

D

is

tr

ib ut e

Issue

at

e

12.3. Common Issues & Misconfigurations

lic

12.3.1. Low Performance (bottlenecks)

D

up

As any backup application handles a great amount of data, it is important to make sure the data flow is efficient and all resources engaged in the backup process are optimally used. Veeam Backup & Replication provides advanced statistics about the data flow efficiency and lets you identify bottlenecks in the data transmission process. Veeam Backup & Replication processes VM data in cycles. Every cycle includes a number of stages:

ot

Reading VM data blocks from the source Processing VM data on the backup proxy Transporting data over the network Writing data to the target

N

1. 2. 3. 4.

D

o

To evaluate the data pipe efficiency, Veeam Backup & Replication analyzes performance of all components in the data flow working as the cohesive system, and evaluates key factors on the source and target sides. Veeam Backup & Replication checks the following points in the data pipe: 1. Source — source disk reader component responsible for retrieving data from the source storage. 2. Proxy — backup proxy component responsible for processing VM data. 3. Source WAN accelerator — WAN accelerator deployed on the source side. Used for backup copy and replication jobs working via WAN accelerators. 4. Network — network queue writer component responsible for getting processed VM data from

256

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 12: Troubleshooting

the backup proxy and sending it over the network to the backup repository or another backup proxy. 5. Target WAN Accelerator — WAN accelerator deployed on the target side. Used for backup copy and replication jobs working via WAN accelerators. 6. Target — target disk writer component (backup storage or replica datastore).

ib ut e

The resource usage level for these points is evaluated in percent. This percent rate defines the amount of time for which components are busy during the job. An efficient data flow assumes that there is no latency at any point of the data pipe, and all its components work for approximately equal amount of time.

tr

If any of the components operates inefficiently, there may appear a bottleneck in the data path. The insufficient component will work 100% of time while the others will be idling, waiting for data to be transferred. As a result, the whole data flow will slow down to the level of the slowest point in the data path, and the overall time of data processing will increase.

e

or

D

is

To identify a bottleneck in the data path, Veeam Backup & Replication detects the component with the maximum workload: that is, the component that works for the most time of the job. For example, you use a low-speed storage device as the backup repository. Even if VM data is retrieved from the SAN storage on the source side and transported over a high-speed link, VM data flow will still be impaired at the backup repository. The backup repository will be trying to consume transferred data at the rate that exceeds its capacity, and the other components will stay idle. As a result, the backup repository will be working 100% of job time, while other components may be employed, for example, for 60% only. In terms of Veeam Backup & Replication, such data path will be considered insufficient.

up

lic

at

The bottleneck statistics for a job is displayed in the job session data. The bottleneck statistics does not necessarily mean that you have a problem in your backup infrastructure. It simply informs you about the weakest component in the data path. However, if you feel that the job performance is low, you may try taking some measures to get rid of the bottleneck. For example, in the case described above, you can limit the number of concurrent tasks for the backup repository. Throttling as Bottleneck

D

In addition to main points in the data pipe, Veeam Backup & Replication may report throttling as a bottleneck. This can happen in the following cases:

D

o

N

ot

If you limit the read and write data rates for a backup repository, a backup repository may become a bottleneck. Veeam Backup & Replication will report Throttling in the bottleneck statistics. If you set up network throttling rules, network may become a bottleneck. Veeam Backup & Replication will report Throttling in the bottleneck statistics.

12.4. Common VMware related issues Common issues when protecting VMware virtual machines as per Veeam support.

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

257

Module 12: Troubleshooting

12.4.1. Snapshot Creation Failure Veeam Backup & Replication depends on VMware vSphere hypervisor snapshots to function. If Veeam is unable to take a snapshot, try creating a snapshot manually through a VMware tool directly such as the VMware vSphere HTML5 client. Some settings can block snapshots:

ib ut e

Virtual machines with disks engaged in SCSI bus sharing are not supported, because VMware does not support snapshotting such VMs. RDM virtual disks in physical mode Independent mode disks

tr

12.4.2. Snapshot Removal Failure

D

is

For different reasons, sometimes snapshots are "lost" by vCenter, they are not reported any more in the interface, but they still exist in the underlying storage. Because of this, they are still used by a virtual machine, they can still impact performances, and can lead to serious problems if not discovered like storage space consumption. Additionally, this is one root cause of one of the most popular types of support cases we’ve observed.

lic

at

e

or

This can happen also during Veeam Backup & Replication activities. Any data protection task starts with a virtual machine snapshot: with it, Veeam can guarantee proper quiescence of data stored into the virtual disk, thus insuring the content of the backup is consistent. For this reason, at the beginning of a backup or replication, Veeam Backup & Replication first of all requests to vCenter to initiate a snapshot of a given virtual machine. Once completed, the quiesced virtual disk (or part of it during an incremental backup/replica) is copied, and at the end of the job again Veeam instructs vCenter to commit the snapshot.

up

Here lies the problem: sometimes, even if vCenter reports a successful removal of the snapshot, in reality the snapshot is still there, even if there is no way from the vCenter interface to be aware of this state. The snapshot keeps growing, unobserved, until something bad happens.

D

o

N

ot

D

For this reason, Veeam created a feature Veeam Backup & Replication, specifically designed to identify stuck snapshots left over after backup and replication activities, and automatically remove them. There's no better name for this than Snapshot Hunter. As soon as a snapshot commit activity is completed by vCenter, or better by the ESXi server running the virtual machine at that time, regardless the result the commit is reported as successful by vCenter itself. Snapshot Hunter connects to the virtual infrastructure and reads the contents of the datastore hosting the virtual machine. If the snapshot file created during the backup operation is still there, this is first of all notified in the statistics of the job, and the removal process begins. There is a specific schedule for Snapshot Hunter activities: the first attempt to remove the stuck snapshot is performed as soon as the processing of that virtual machine is finished. Chances are in fact the snapshot file or another file involved was simply locked at the time of commit, and a consolidation can immediately fix the issue

12.4.3. Snapshot Removal Stun The following KB articles from VMware and Veeam are worth reading to better understand why guest VM is suddenly unreachable/unable to communicate:

258

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 12: Troubleshooting

A snapshot removal can stop a virtual machine for long time (KB1002836) VM Loses Connection During Snapshot Removal (KB1681)

12.4.4. NFC Related Errors

ib ut e

For example a job fails with an error related to NFC connectivity. For example: “…Client error: NFC storage connection is unavailable…Failed to create NFC download stream.”. The cause of the majority of NFC errors fall in to 3 primary categories: DNS Port (902) Permissions

or

D

is

tr

It is suggested that while attempting to resolve this issue the job be configured to use a single backup proxy. This is done to isolate an issue specific to a single backup proxy, as well as make it easier to identify which logs are needed. The proxy being used to process a VM can be identified by opening the “Task” log specific to the VM from inside the folder named after the job in %programdata%\Veeam\Backup. Searching the Task log for the words “starting agent” will allow for the identification of which server performed the task. The NFC connection requires the following:

at

e

DNS Resolution of target host Port 902 is open to/from Backup Server/Proxy to ESX(i) host Permissions to download files via ESX(i) host and/or vCenter

lic

An issue with Port 902 may represent an issue with a firewall on the ESXi host, Veeam Proxy, or the connection between the two.

up

Please see Veeam KB1198 for troubleshooting steps.

D

12.5. Log files

N

ot

Log files can easily be collected from the Main Menu -> Help -> Support Information. Simply select the scope:

D

o

Export logs for this job Export logs for this VM Export all logs for selected components

Important! See Veeam KB1832 for more details and how to submit the log files to Veeam support.

The default location of log files are as follows: Managed Microsoft Windows servers: %ProgramData%\Veeam\Backup Managed Linux servers: /var/log/VeeamBackup/ or /tmp/VeeamBackup Inside Guest OS: See Veeam KB1789 Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

259

Module 12: Troubleshooting

Windows Event logs: See Veeam KB1873

12.6. Veeam Support 12.6.1. Support Programs

ib ut e

We offer two support response programs (Basic and Production) to our customers and one program (Evaluation) for 60 days if you are evaluating our software.

tr

Evaluation Support

D

is

Evaluation Support program provides software support services during business hours (Monday through Friday) as defined below during the defined evaluation period.

or

Basic Support

at

e

Basic Support program provides software support services during business hours as defined below along with upgrades and updates to the products. One year of Basic Support is included with product license purchase.

lic

Production Support

D

up

Production Support program provides 24/7 software support services and fast response times for critical issues. To receive Production Support, all production licensed sockets for a product must be licensed at Production Support levels, otherwise support defaults to Basic Support levels.

ot

Support Programs Comparison Phone/web

N

Service

Basic Support

Production Support

NA

Yes

Yes

Product upgrades

NA

Yes

Yes

Technical Support

Phone/Web

Phone/Web

Phone/Web

Business Hours (customer local time)

Mon-Fri 8 am – 5 pm

Mon – Fri 8 am – 8 pm

24x7x365

D

o

Product updates

Evaluation Support

260

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 12: Troubleshooting

12.6.2. Response Time SLA Target Production Response SLA

Target Basic Response SLA

Description

Severity 1

A business critical software component or a Veeam managed system is inoperable or unavailable; production system is down; or there is an emergency condition. Requires an immediate workaround or solution. Examples: Excessive abnormal terminations impacting all monitoring, backups and schedules or a down/offline production system cannot be restored; application or system failure caused by Veeam product.

1 hour

Severity 2

Adversely impacting Production operations, but the production system is not down; product operates, but is seriously restricted. Examples: Production application response times or system performance are slow, system is available. Some monitoring or backups are impacted.

3 hours

Severity 3

A non-production issue; the majority of functions are still usable, a limited condition that can be readily circumvented. Example: non-Production application response times or system performance are slow, system is available. Some monitoring or backups are impacted.

6 hours

12 business hours

Severity 4

Minor issue or question that does not affect the product function, and can be readily circumvented. For example: “How to” questions; the text of a message, or page of documentation is worded poorly or misspelled, General Feedback, Feature Requests.

8 hours

24 business hours

ib ut e

Severity

8 business hours

o

N

ot

D

up

lic

at

e

or

D

is

tr

2 hours

D

12.6.3. Contacting Customer Support This section will detail Veeam Support services, contact information and best practices for contacting support to ensure a quick response and issue resolution.

Contacting Customer Support The customer should designate a few representatives responsible for opening cases with Veeam, and receiving maintenance information. They should have the appropriate technical skills and system level Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

261

Module 12: Troubleshooting

access to work with Veeam Support Engineers in resolving open issues. These support contacts will be a customer interface to Veeam Support, and should be notified of all issues that surface within the organization. They will escalate issues to Veeam Support as necessary. Customer should be prepared to provide the following information:

ib ut e

Name, company name, and telephone number with extension Case number (if applicable) Product name, release level, and any maintenance applied to the product It is strongly recommended to attach product logs as the case is created.

tr

Logging a Case

is

Any information a customer can provide regarding the issue can have a significant impact on how fast the issue is diagnosed and resolved. A customer should be asked to provide the following information:

at

Submitting a Support Case

e

or

D

Issue description, impact on the system and business operations, issue severity, and the exact text of error messages and diagnostic details Steps to reproduce the problem, known workarounds Contact number where a customer can be reached Best time to reach, and contact method (i.e. email/phone)

up

lic

To file a case, a customer may use any method below. We encourage to set the initial severity level for the problem when submitting a case and highly recommend using phone to submit Severity 1 issues.

D

Via the Web

o

N

ot

A customer can file a case using a web browser in Customer Portal: http://cp.veeam.com/. The new case wizard should be followed to open a case. Upon submitting the case, the customer will receive an electronic confirmation with a unique case number sent to contact email address. The case will be seen in the open cases management tab.

D

Via the Phone To open a case using the phone, a customer should call one of the phone numbers mentioned in Contacts at the Customer Portal. After the case is logged with the customer representative, the case will be assigned a unique number given over the phone. If required and depending on license type, support offering and severity level, the call will be transferred to an appropriate support engineer to resolve issue over the phone.

262

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 12: Troubleshooting

Following Up A support engineer will contact a customer by phone and/or email or a combination of both as appropriate during the resolution process. Severity levels may be adjusted with customer consent and mutual agreement on the degree of the impact based on the Severity definitions.

ib ut e

Customer Support Issue Resolution

is

tr

Veeam Support provides resources to research and resolve issues on a timely basis. While an issue is open, the support team will keep the customer informed of the resolution status, and will notify when a reported issue has been resolved. If at any point during the resolution process, the customer becomes dissatisfied with the handling of the issue, he can contact the case owner and request an escalation to the manager. This allows us to understand customer concerns and make adjustments in resources if necessary.

or

D

We make three attempts, on separate business days, to contact a customer for updates or information on an open case. If we are unable to make contact, we may close the case without customer consent. If the issue continues to exist, a customer may open a new case and reference the old one. Resolution of a support case can include any of the following actions:

up

lic

at

e

Software that provides a fix for the problem (case closed) Permanent business or system workaround (case closed) Temporary business or system workaround (case severity level is reduced) Action plan for the development of a fix or workaround: milestones and dependencies are set, communicated, and tracked (case severity level might be changed) Issue is a customer-specific customization or enhancement, and is not covered under maintenance (customer notification, case closed)

D

12.6.4. Product Lifecycle

o

N

ot

Level of support services provided depends on the lifecycle phase determined for specific versions of the product. Current versions of the products are eligible for full support, including support services and updates/fixes, while support for older versions may be limited. A list of known workarounds or existing fixes and assistance with upgrading to a supported version is available for customers using old or discontinued versions.

D

The list is updated each time there is a release, for the current list of products and their status, please see the product release matrix located at http://www.veeam.com/support/releasestatus.pdf

Support of Releases 1. New Releases – All new products are issued for General Availability (GA). 2. Current Releases – To maximize the quality of our service, Veeam limits technical support to the products listed on the release matrix.

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

263

Module 12: Troubleshooting

ib ut e

3. Releases designated as End of Fixes – Support is available, existing program fixes are available, but no new fixes will be created and no enhancements will be made. 4. Releases designated as End of Support or Withdrawal from the Market – No support is available. 1. For unsupported releases, new product enhancements and fixes will not be available.Veeam does not have an obligation to provide support for software that has been publicly designated End of Support, Withdrawn from the Market, or similarly designated.

Product Maintenance

tr

Our goal is to go beyond quickly solving problems, and actually preventing problems from occurring in the first place. As a result, stringent quality control procedures are built into the development and release cycle of new products and releases.

or

D

is

Issues sometimes occur with complex software operating in equally complex and demanding environments. Fixes and resolutions are often rolled into the next product release, and others are included as part of the next maintenance release, and the most urgent issues are addressed with a hotfix that can be applied on a specific product version. When applicable, we announce the availability of new releases on the web and through e-mail.

at

e

12.6.5. Third Party Software Support

up

lic

We will assist the customer in problem analysis to determine whether the issue is caused by third party software or hardware. In order to isolate the problem and if Veeam support engineers believe they have reason, they may ask the customer to remove third party software or hardware product.

D

o

N

ot

D

If it is impossible to identify the cause of the problem, Veeam may contact the third party vendor using TSANet or ask the customer to open support case with third party vendor support organization.

264

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 12: Troubleshooting

12.7. Search for Additional Information Link

Community Forums

Details These forums are maintained and moderated by the Veeam Product Management Team and contain product-specific information. By registering, users will receive our Weekly Community Digest.

ib ut e

Resource

http://cp.veeam.com/

N

ot

D

up

Customer Support Portal

lic

at

e

or

D

is

tr

http://forums.veeam.com/

http://www.veeam.com/kb_search_results.html/

D

o

Knowledge Base

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Please log on to our Customer Center support portal to: - Manage your support cases - Request “one click update” - Attach logs to existing cases - Obtain product downloads and updates - Manage your license Find popular answers in Veeam Support Knowledge Base.

265

Module 12: Troubleshooting

Resource

Details

http://www.veeam.com/documentation-guides-datasheets.html

An extensive set of product documentation for full information on the functionality of Veeam Availability Suite.

D

o

N

ot

D

up

lic

at

e

or

D

is

tr

ib ut e

Online Documentation

Link

266

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 13: Additional Resources

13. Additional Resources

D

o

N

ot

D

up

lic

at

e

or

D

is

tr

ib ut e

This module contains additional information, such as step-by-step descriptions and screenshots of how to install the Veeam Availability Suite from the setup wizards.

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

267

D

o

N

ot

D

up

lic

at

e

or

D

is

tr

ib ut e

Module 13: Additional Resources

268

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 13: Additional Resources

Labs for Module 13: Additional Resources This module contains the additional list of practice labs that were moved here from other modules.

Lab

ib ut e

Get into the Lab Action

Purpose

In live instructor-led trainings, Veeam Backup & Replication has already been installed to save time. Review the Veeam Backup & Replication installation process. Later in the class, you will install a second Veeam Backup & Replication deployment.

13.2

Analyze the Veeam Backup Enterprise Manager installation

In live instructor-led trainings, Veeam Backup Enterprise Manager has already been installed to save time. Review the Veeam Backup Enterprise Manager installation process.

13.3

Analyze Veeam ONE installation

To save time, Veeam ONE has already been installed.

D

o

N

ot

D

up

lic

at

e

or

D

is

tr

13.1

Analyze the Veeam Backup & Replication installation

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

269

D

o

N

ot

D

up

lic

at

e

or

D

is

tr

ib ut e

Module 13: Additional Resources

270

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 14: Training Summary

14. Training Summary This section summarizes main Veeam Certified Engineer training points.

14.1. Key Points

ib ut e

Veeam Backup & Replication delivers a powerful, affordable and easy-to-use solution for backup, recovery and replication for both VMware and Hyper-V.

tr

Veeam Backup & Replication is a modular solution which allows flexible scalability for environments of different sizes and configuration. Some of the following Veeam Backup & Replication components are installed using a setup file and others are configured while working with the product.

or

D

is

Veeam Backup Server Backup Proxy Backup Repository Veeam Backup Enterprise Manager Veeam Backup Search Mount Server Veeam Explorers

lic

at

e

Veeam Backup & Replication offers Standalone Console which is a separate client-side part that allows you to access Veeam backup server. You can use the console locally, or install it in a standalone mode on a device running Microsoft Windows to access Veeam Backup & Replication remotely over the network. The console logs you in to Veeam Backup & Replication, allowing you to perform all kind of operations.

D

up

For a virtual environment management solution, Veeam offers Veeam ONE, which delivers real-time monitoring on health and performance of virtual environments, helps analyze the efficiency of data protection implemented with Veeam Backup & Replication, provides intelligent reporting, and offers business-based views of the virtual infrastructure topology to simplify management and expedite decision-making.

ot

Veeam Backup & Replication is the best solution for very different infrastructures. It can be deployed using different scenarios:

D

o

N

Simple deployment is when Veeam Backup & Replication is installed on a physical or virtual Windows-based machine. This installation is referred to as a Veeam backup server. Advanced deployment is when the backup workload moves to dedicated backup proxies and backup repositories (in case of using VMware) or to an off-host backup proxy (in case of using Hyper-V). Distributed deployment is when virtual environments are large and geographically dispersed with multiple Veeam backup servers installed across different sites. In this case, Veeam Backup Enterprise Manager centralizes management and reporting for these servers.

With Veeam Backup & Replication, it is easy to create backups. It is a job-driven process where one backup job can be used to process one or more VMs. Essentially, the job defines when, what, how and where to back up. It indicates what VMs should be processed, what components should be used for retrieving and processing VM data, what backup options should be enabled, and where to save Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

271

Module 14: Training Summary

the resulting backup file. Jobs can be started manually by the user or scheduled to run automatically. The resulting backup file stores compressed and deduplicated VM data. All backup files created by the job are located in a dedicated job folder on a backup repository.

ib ut e

To ensure efficient and reliable data protection in your virtual environment, Veeam Backup & Replication complements image-based backup with image-based replication. Replication is the process of copying a VM from its primary location (source host) to a destination location (redundant target host). Veeam Backup & Replication creates an exact copy of the VM (replica), registers it on the target host and maintains it in sync with the original VM. Replication is also a job-driven process with one replication job used to process one or more VMs. You can start the job manually every time you need to copy VM data or, if you want to run replication unattended, create a schedule to start the job automatically. It’s possible to create a replica using backup file as a source, thus reducing the load at the production environment.

or

D

is

tr

To guarantee recoverability of your data, Veeam Backup & Replication offers the SureBackup technology and complements the recovery verification technology with SureReplica for VMware vSphere. SureBackup lets you validate backups of your VMs without impacting the production infrastructure. You can automatically verify every created restore point of every VM and ensure that they will function as expected in case a disaster strikes. SureReplica is s similar to the SureBackup recovery verification in many respect. It lets you validate your DR environment without impacting the production infrastructure: You can automatically verify every created restore point of every VM replica and ensure that they are functioning as expected.

at

e

Veeam Backup & Replication offers a number of recovery options for various disaster recovery scenarios:

o

N

ot

D

up

lic

Instant VM Recovery enables you to instantly start a VM directly from a backup file. Full VM Recovery enables you to recover a VM from a backup file to its original or another location. VM File Recovery enables you to recover separate VM files (virtual disks, configuration files and so on). Virtual drive restore enables you to recover a specific hard drive of a VM from the backup file, and attach it to the original VM or to a new VM. Windows file-level recovery enables you to recover individual Windows guest OS files (from FAT, NTFS and ReFS file systems). MultiOS file-level recovery enables you to recover files from many different guest OS file systems. Veeam Explorers and Universal Application-Item Recovery (U-AIR) enables you to recover application objects (such as, AD entries, SharePoint and Exchange items, Oracle and SQL database objects and so on) directly from backup files.

D

Veeam Backup & Replication uses the same image-level backup for all data recovery operations. You can restore VMs, VM files and drives, application objects and individual guest OS files to the most recent state or to any available restore point. Veeam Backup & Replication lets you leverage HPE, NetApp, Dell EMC, Nimble and Cisco HyperFlex snapshots as a part of a comprehensive backup and recovery strategy, where storage snapshots and image-level backups complement each other. With Veeam Backup & Replication, you can: Perform backup from storage snapshots Restore data directly from storage snapshots 272

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

Module 14: Training Summary

14.2. Useful Resources

ib ut e

To solve the problems of insufficient network bandwidth to support VM data traffic and transmission of redundant data, Veeam Backup & Replication offers the WAN acceleration technology that helps optimize data transfer over the WAN. The WAN acceleration technology is specific for backup copy and replication jobs. Being a built-in feature, Veeam’s WAN acceleration does not add complexity or cost to the backup infrastructure and does not require agents. The technology has been developed for copying backup files, with consideration of the VM backup file content.

If you have any questions or need additional information about Veeam Backup & Replication, you can use the following resources: URL

http://www.veeam.com/documentation-guides-datasheets.html

Knowledge Base

http://www.veeam.com/kb_search_results.html

Product Demos

http://www.veeam.com/product-demo.html

Latest Updates

http://www.veeam.com/updates.html

Community forums

http://www.veeam.com/forums

Veeam University for End Users

e

or

D

is

Full documentation set for any Veeam product

at

tr

Resource

lic

http://www.veeam.com/university.html https://cp.veeam.com/

up

Customer Portal

D

14.3. Contacts

ot

At Veeam Software we value the feedback from our customers. It is important not only to help you quickly with your technical issues, but it is our mission to listen to your input, and build products that incorporate your suggestions.

D

o

N

For the most up to date information about company contacts and offices location, please visit www.veeam.com/contacts.html.

Veeam Certified Engineer v9.5 . Textbook

Licensed to: Ivo Mayer - [email protected]

273

More Documents from "Ivo Mayer"