Search Results for: "Veeam PN"

Released : Veeam PN v2…Making VPNs Simple, Reliable and Scalable

When it comes to connecting remote sites, branch offices or extending on-premises networks to the cloud that level of complexity has traditionally always been high. Networking has always been the most complex part of any IT platform. There has also always been a high level of cost associated with connecting sites…both from a hardware or a software point of view. There are also the man hours to ensure things are setup correctly and will continue to work. As well and that, security and performance are also important factors in any networking solution..

Simplifying Networking with Veeam

At VeeamOn in 2017, we announced the release candidate for Veeam Powered Network (Veeam PN) which in combination with our Restore to Azure functionality created a new solution to ease the complexities around extending an on-premises network to an Azure network to ensure connectivity during restoration scenarios. In December of that year, Veeam PN went generally available as a FREE solution.

What Veeam PN does well is present a simple and intuitive Web Based User Interface for the setup and configuration of site-to-site and point-to-site VPNs. Moving away from the intended use case, Veeam PN became popular in the IT enthusiast and home lab worlds as a simple and reliable way to remain connected while on the road, or to mesh together with ease networks that where spread across disparate platforms.

By utilizing OpenVPN under the surface and automating and orchestrating the setup of site-to-site and point-to-site networks, we leveraged a mature Open Source tool that offered a level of reliability and performance that suited most use cases. However, we didn’t want to stop there and looked at ways in which we could continue to enhance Veeam PN to make it more useful for IT organizations and start to look to increase underlying performance to maximize potential use cases.

Introducing Veeam Powered Network v2 featuring WireGuard®

With the release of Veeam PN v2, we have enhanced what is possible for site-to-site connectivity by incorporating WireGuard into the solution (replacing OpenVPN for site-to-site) as well as enhancing usability. We also added the ability to better connect to remote devices with the support of DNS for site-to-site connectivity.

WireGuard has replaced OpenVPN for site-to-site connectivity in Veeam PN v2 due to the rise of it in the Open Source world as a new standard in VPN technologies that offers a higher degree of security through enhanced cryptography and operates more efficiently, leading to increased performance and security. It achieves this by working in kernel and by using fewer lines of code (4000 compared to 600,000 in OpenVPN) and offers greater reliability when thinking about connecting hundreds of sites…therefore increasing scalability.

For a deeper look at why we chose WireGuard… have a read of my offical veeam.com blog. The story is very compelling!

Increased Security and Performance

By incorporating WireGuard into Veeam PN we have further simplified the already simple WireGuard setup and allow users of Veeam PN to consume it for site-to-site connectivity even faster via the Veeam PN Web Console. Security is always a concern with any VPN and WireGuard again takes a more simplistic approach to security by relying on crypto versioning to deal with cryptographic attacks… in a nutshell it is easier to move through versions of primitives to authenticate rather than client server negotiation of cipher type and key lengths.

Because of this streamlined approach to encryption in addition to the efficiency of the code WireGaurd can out perform OpenVPN, meaning that Veeam PN can sustain significantly higher throughputs (testing has shown performance increases of 5x to 20x depending on CPU configuration) which opens up the use cases to be for more than just basic remote office or homelab use. Veeam PN can now be considered as a way to connect multiple sites together and have the ability to transfer and sustain hundreds of Mb/s which is perfect for data protection and disaster recovery scenarios.

Other Enhancements

The addition of WireGuard is easily the biggest enhancement from Veeam PN v1, however there are a number of other enhancements listed below

  • DNS forwarding and configuring to resolve FQDNs in connected sites.
  • New deployment process report.
  • Microsoft Azure integration enhancements.
  • Easy manual product deployment.
Conclusion

Once again, the premise of Veeam PN is to offer Veeam customers a free tool that simplifies the traditionally complex process around the configuration, creation and management of site-to-site and point-to-site VPN networks. The addition of WireGuard as the site-to-site VPN platform will allow Veeam PN to go beyond the initial basic use cases and become an option for more business-critical applications due to the enhancements that WireGuard offers.

Veeam Powered Network v2 Azure Marketplace Deployment

Last month Veeam PN v2 went GA and was available for download and install from the veeam.com download page. As an update to that, we published v2 to the Azure Marketplace which is now available for deployment. As a quick refresher, Veeam PN was initially released as part of Direct Recovery to Azure and was marketed through the Azure Marketplace. In addition to that, for the initial release I went through a number of use cases for Veeam PN which are all still relevant with the release of v2:

With the addition of WireGuard replacing OpenVPN for site-to-site connectivity the list of use cases will be expanded and the use cased above enhanced. For most of my own use of Veeam PN, I have the Hub living in an Azure Region which I connect up into where ever I am around the world.

Now that the Veeam PN v2 is available from the Azure Marketplace I have created a quick deployment video that can be viewed below. For those that want a more step by step guide as a working example, you can reference this post from v1… essentially the process is the same.

  • Deploy Veeam PN Appliance from Azure Marketplace
  • Perform Initial Veeam PN Configuration to connect Azure
  • Configure SiteGateway and Clients

NOTE: One of the challenges that we introduced by shifting over to WireGuard is that there is no direct upgrade path from v1 to v2. With that, there needs to be a side by side stand up of v2 and v1 to enable a configuration migration… which at the moment if a manual process.

References:

https://anthonyspiteri.net/veeam-powered-network-azure-and-remote-site-configuration/

Quick Post – Installing WireGuard® Client on MacOS

For those that have been monitoring my Twitter posts over the past month of so, i’ve been hinting at some upcoming news around WireGuard and the research i’ve been doing by way of getting to know about what makes it tick. In a nutshell, WireGuard is a VPN protocol similar to OpenVPN or IPsec, but modern and more streamlined

WireGuard is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be fastersimpler, leaner, and more useful than IPsec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN. WireGuard is designed as a general purpose VPN for running on embedded interfaces and super computers alike, fit for many different circumstances. Initially released for the Linux kernel, it is now cross-platform and widely deployable. It is currently under heavy development, but already it might be regarded as the most secure, easiest to use, and simplest VPN solution in the industry.

This specific post isn’t about the installation and configuration of WireGuard in the context of a VPN server (Stand by for some news about that over the next couple of days), but a quick look at how to install the WireGuard Toolkit on a MacOS system. Unlike OpenVPN, that has clients for almost any platform you can think of, WireGuard is still in its infancy when it comes to stable clients.

Even the offical Installation Page state that a lot of the steps and clients involved are in the experimental stages. For me, on my MBP running Mojave 10.14.2, I was having issues installing the Toolkit from the Apple Store.

It wouldn’t install the client full stop. I’m not sure why exactly, but rather than troubleshoot… I decided to go down the tried and tested path of using HomeBrew to try install it. Below are the very quick and easy steps to install from the Terminal.

Once installed, you can start the desktop tray application by searching for WireGuard. The WireGuard Toolkit icon will appear in the tray as show below

From here you can Manage the Tunnels manually or import the configuration from a file obtained from a WireGuard Server.

And that’s it… the Client has a similar look and feel to the TunnelBlick OpenVPN Client I have been using to connect up to my Veeam PN network while I am on the road… maybe in that there is a clue as to why I have been looking at WireGuard… or maybe not.

Either way, the easiest way to install the WireGuard Toolkit client on MacOS is with Home Brew as shown above…quick, simple and no fuss!

WireGuard is a registered trademark of Jason A. Donenfeld.

References:

https://www.wireguard.com

https://www.stavros.io/posts/how-to-configure-wireguard

Automated Configuration of Backup & Replication with PowerShell

As part of the Veeam Automation and Orchestration for vSphere project myself and Michael Cade worked on for VMworld 2018, we combined a number of seperate projects to showcase an end to end PowerShell script that called a number of individual modules. Split into three parts, we had a Chef/Terraform module that deployed a server with Veeam Backup & Replication installed. A Terraform module that deployed and configured an AWS VPC to host a Linux Repository with a Veeam PN Sitegateway. And finally a Powershell module that configured the Veeam server with a number of configuration items ready for first use.

The goal of the project was to release a PowerShell script that fully deployed and configured a Veeam platform on vSphere with backup repositories, vCenter server and default policy based jobs automatically configured and ready for use. This could then be adapted for customer installs, used on SDDC platforms such as VMware Cloud on AWS, or for POCs or lab use.

While we are close to releasing the final code on GitHub for the project, I thought I would branch out the last section of the code and release it separately. As I was creating this script, it became apparent to me that it would be useful for others to use as is or as an example from which to simplify manual and repetitive tasks that go along with configuring Backup & Replication after installation.

Script Overview:

The PowerShell script (found here on GitHub) performs a number of configuration actions against any Veeam Backup & Replication Server as per the included functions.

All of the variables are configured in a config.json file meaning nothing is required to be modified in the main PowerShell script. There are a number of parameters that can be called to trigger or exclude certain functions.

There are some pre-requisites that need to be in place before the script can be executed…most importantly the PowerShell needs to be executed on a system where the Backup & Replication Console is installed to allow access to the Veeam PowerShell Snap-in. From there you just need a new Veeam Backup & Replication server and a vCenter server plus their login credentials. If you want to add a Cloud Connect Provider offering Cloud Connect Backup or/and Replication you enter in all the details in the config.json file as well. Finally, if you want to add a Linux Repository you will need the details of that plus have it configured for key based authentication.

You can combine any of the parameters listed above. An example is shown above where -ClearVBRConfig has been used to reverse the -RunVBRConfigure parameter that was executed first to do an end to end configure. For Cloud Connect Replication, if you want to configure and deploy an NEA there is a specific parameter for that. If you didn’t want to configure Cloud Connect or the Linux Repository the parameters can be used individually, or together. If those two parameters are used, the Default Backup Repository will be used for the jobs that are created.

Automating Policy Based Backup Jobs:

Part of the automation that we where keen to include was the automatic creation of default backup jobs based on vSphere Tags. The idea was to have everything in place to ensure that once the script had been run, VMs could be backed up dependant on them being added to vSphere Tags. Once done the backup jobs would protect those VMs based on the policies set in the config.json.

The corresponding jobs are all using the vSphere Tags. From here the jobs don’t need to be modified when VMs are added…VMs assigned those Tags will be included in the job.

Conclusion:

Once the script has been run you are left with a fully configured Backup & Replication server that’s connected to vCenter and if desired (by default) has local and Cloud Connect repositories added with a set of default policy based jobs ready to go using vSphere Tags.

There are a number of improvements that I want to implement and I am looking out for Contributors on GitHub to help develop this further. At its base it is functional…but not perfect. However it highlights the power of the automation that is possible with Veeam’s PowerShell Snap-In and PowerCLI. One of the use-cases for this was for repeatable deployments of Veeam Backup & Replication into POCs or labs and for those looking to standup those environments, this is a perfect companion.

Look out for the full Veeam SDDC Deploy Toolkit being released to GitHub shortly.

References:

https://github.com/anthonyspiteri/powershell/tree/master/BR-Configure-Veeam

Using Terraform to Deploy and Configure a Ready to use Backup Repo into an AWS VPC

A month of so ago I wrote a post on deploying Veeam Powered Network into an AWS VPC as a way to extend the VPC network to a remote site to leverage a Veeam Linux Repository running as an EC2 instance. During the course of deploying that solution I came across a lot of little check boxes and settings that needed to by tweaked in order to get things working. After that, I set myself the goal of trying to automate and orchestrate the deployment end to end.

For an overview of the intended purpose behind the solution head to the original blog post here. That post was mainly focused around the Veeam PN component, however I was using that as a mechanism to create a site-to-site connection to allow Veeam Backup & Replication to talk to the other EC2 instance which was the Veeam Linux Repository.

Terraform by HashiCorp:

In order to automate the deployment into AWS, I looked at Cloudformation first…but found that learning curve to be a little steep…so I went back to HashiCorp’s Terraform which I have been familiar with for a number of years, but never gotten my hands dirty with. HashiCorp specialise in Cloud Infrastructure Automation and their provisioning product is called Terraform.

Terraform is used to create, manage, and update infrastructure resources such as physical machines, VMs, network switches, containers, and more. Almost any infrastructure type can be represented as a resource in Terraform.

A provider is responsible for understanding API interactions and exposing resources. Providers generally are an IaaS (e.g. AWS, GCP, Microsoft Azure, OpenStack), PaaS (e.g. Heroku), or SaaS services (e.g. Terraform Enterprise, DNSimple, CloudFlare).

Terraform supports a host of providers and once you wrap your head around the basics and view some example code, provisioning Infrastructure as Code can be achieved with relatively no coding experience…however, as I did find out, you need to be careful in this world and not make the same initial mistake I did as explained in this post.

Going from Manual to Orchestrated with Automation:

The Terraform AWS provider is what I used to create the code required to deploy the required components. Like everything that’s automated, you need to understand the manual process first and that is where the previous experience came in handy. I knew what the end result was…I just needed to work backwards and make sure that the Terraform provider had all the instructions it needed to orchestrate the build.

the basic flow is:

  • Fetch AWS Access Key and Secret
  • Fetch AWS Key Pair
  • Create AWS VPC
    • Configure Networking and Routing for VPC
  • Create CentOS EC2 Instance for Veeam Linux Repo
    • Add new disk and set size
    • Execute configuration script
      • Install PERL modules
  • Create Ubuntu EC2 Instance for Veeam PN
    • Execute configuration script
      • Install VeeamPN modules from repo
  • Login to Veeam PN Web Console and Import Site Configuration.

I’ve uploaded the code to a GitHub project. An overview and instructions for the project can be found here. I’ve also posted a video to YouTube showing the end to end process which i’ve embedded below (best watched at 2x speed):

In order to get the Terraform plan to work there are some variables that need modifying in the GitHub Project and you will need to download, install and initialise Terraform. I’m intending to continue to tweak the project and complete the provisioning end to end, including the Veeam PN site configuration part at the end. The remote execution feature of Terraform allows some pretty cool things by way of script initiation.

References:

https://github.com/anthonyspiteri/automation/aws_create_veeamrepo_veeampn

https://www.terraform.io/intro/getting-started/install.html

 

VMware Cloud on AWS, Veeam Powered Network and Veeam ONE …my Session Roundup for VeeamON 2018

Yesterday I posted an article highlighting my top picks for VeeamON 2018. The one thing I didn’t list in that post was my own sessions for this years event. This year I’m presenting three sessions in the Cloud Powered track and I am lucky enough to be joined by three awesome co-presenters for each session. All three sessions focus on specific use cases and cover different aspects our cloud features and functionality.

Three more reasons to deploy Veeam Powered Network

Presenting with Edward Watson

Veeam® PN was released as part of Veeam Recovery to Microsoft Azure
earlier this year. However, there is more to Veeam PN than just this use case. Veeam PN allows administrators to create, configure and connect site-to-site or point-to-site VPN tunnels easily through an intuitive and simple UI, all within a couple of clicks. Do you have a remote office network that you want easier access into? Do you have a home lab that you want to access from anywhere in the world? Do you have workloads spread across different cloud platforms that need connecting? SDN doesn’t have to be complex! If you answered “Yes!” to at least one of these questions, then we invite you to our breakout session, where we will provide you with three different use cases that will make your life easier and simplify what has been a traditionally complex part of IT.

Tue, May 15th, 4:10 PM – 5:10 PM

VMware Cloud on AWS technical deep dive with Veeam hybrid cloud Availability

Presenting with Emad Younis

VMware Cloud on AWS brings VMware’s enterprise class Software-Defined Data Center software running on Amazon Web Services bare metal and enables customers to run production applications across vSphere-based private, public and hybrid cloud environments. Delivered, sold and supported by VMware as an on-demand service, customers can continue to leverage their current VMware skill sets and expand them by adding AWS services, including storage, databases, analytics and more. VMware Cloud on AWS provides flexibility, allowing workload mobility between on premises and the cloud SDDC by using familiar tools such as vMotion. Veeam® was a launch partner for data protection for VMware Cloud on AWS. In this session, you will get a technical overview of VMware Cloud on AWS and also how Veeam can protect workloads hosted on VMware Cloud on AWS. Attendees will walk away with practical guidance and tips on getting the best of both worlds with VMware and Veeam hybrid cloud and Availability solutions.

Wed, May 16th, 8:45 AM – 9:45 AM

Veeam ONE for VCSP partners — More powerful than you thought!

Presenting with Eugene Kashperovetskyi

Service providers need to be aware of whats going on within their platforms, and Veeam® Cloud & Service Provider (VCSP) partners should be looking at Veeam ONE™ to monitor and report on more than just base VMware vSphere or Microsoft Hyper-V metrics. Veeam ONE offers expansive monitoring and reporting on Veeam Backup & Replication™ jobs, as well as the ability to dive into vCloud Director environments and give granular metrics on vCD objects, such as vApps, virtual data centers and their parent organizations. SingleHop (a leading VCSP offering providing Veeam Cloud Connect services) uses Veeam ONE as a key element of their platforms monitoring, integration and proactive management of environments. The sophisticated approach between Veeam ONE Monitor, Veeam ONE Reporter and Veeam ONE Business View offers the granularity and automation capabilities highly demanded by their clients. In this session, you will learn about the practical approaches taken by SingleHop to deliver and guarantee the level of services appreciated and valued by their partners, resellers and customers. We will go through how to get the most out of Veeam ONE for your service provider platforms, from reporting and chargeback to how to monitor and report on Veeam Cloud Connect Backup and Veeam Cloud Connect Replication tenant and infrastructure…and tell you how some of this can be done with the FREE edition!

Wed, May 16th, 10:00 AM – 11:00 AM

You can download the VeeamON Mobile Application to register for sessions, organise and keep tabs on other parts of the event. Again, looking forward to seeing you all there at my sessions next week!

CrowdCompass Speaker Link

Deploying Veeam Powered Network into a AWS VPC

Veeam PN is a very cool product that has been GA for about four months now. Initially we combined the free product together with Veeam Direct Restore to Microsoft Azure to create Veeam Recovery to Microsoft Azure. Of late there has been a push to get Veeam PN out in the community as a standalone product that’s capable of simplifying the orchestration of site-to-site and point-to-site VPNs.

I’ve written a few posts on some of the use cases of Veeam PN as a standalone product. This post will focus on getting Veeam PN installed into an AWS VPC to be used as the VPN gateway. Given that AWS has VPN solutions built in, why would you look to use Veeam PN? The answer to that is one of the core reasons why I believe Veeam PN is a solid networking tool…The simplicity of the setup and ease of use for those looking to connect or extend on-premises or cloud networks quickly and efficiently.

Overview of Use Case and Solution:

My main user case for my wanting to extend the AWS VPC network into an existing Veeam PN Hub connected to my my Homelab and Veeam Product Strategy Lab was to test out using an EC2 instance as a remote Veeam Linux Repository. Having a look at the diagram below you can see the basics of the design with the blue dotted line representing the traffic flow.

 

The traffic flows between the Linux Repository EC2 instance and the Veeam Backup & Replication server in my Homelab through the Veeam PN EC2 instance. That is via the Veeam PN Hub that lives in Azure and the Veeam PN Site Gateway in the Homelab.

The configuration for this includes the following:

  • A virtual private cloud with a public subnet with a size /24 IPv4 CIDR (10.0.100.0/24). The public subnet is associated with the main route table that routes to the Internet gateway.
  • An Internet gateway that connects the VPC to the Internet and to other AWS products.
  • The VPN connection between the VPC network and the Homelab network. The VPN connection consists of a Veeam PN Site Gateway located in the AWS VPC and a the Veeam PN HUB and Site Gateway located at the Homelab side of the VPN connection.
  • Instances in the External subnet with Elastic IP addresses that enable them to be reached from the Internet for management.
  • The main route table associated with the public subnet. The route table contains an entry that enables instances in the subnet to communicate with other instances in the VPC, and two entries that enables instances in the subnet to communicate with the remote subnets (172.17.0.0/24 and 10.0.30.0/24).

AWS has a lot of knobs that need adjusting even for what would normally be assumed functionality. With that I had to work out which knobs to turn to make things work as expected and get the traffic flowing between sites.

Veeam PN Site Gateway Configuration:

To get a Veeam PN instance working within AWS you need to deploy an Ubuntu 16.04 LTS form the Instance Wizard or Marketplace into the VPC (see below for specific configuration items). In this scenario a t2.small instance works well with a 16GB SSD hard drive as provided by the instance wizard. To install the Veeam PN services onto the EC2 instance, follow my previous blog post on Installing Veeam Powered Network Direct from a Linux Repo.

Once deployed along with the EC2 instance that I am using as a Veeam Linux Repository I have two EC2 instances in the AWS Console that are part of the VPC.

From here you can configure the Veeam PN instance as a Site Gateway. This can be done via the exposed HTTP/S Web Console of the deployed VM. First you need to create a new Entire Site Client from the HUB Veeam PN Web Console with the network address of the VPC as shown below.

Once the configuration file is imported into the AWS Veeam PN instance it should connect up automatically.

Jumping on the Veeam PN instance to view the routing table, you can see what networks the Veeam HUB has connected to.

The last two entries there are referenced in the design diagram and are the subnets that have the static routes configured in the VPC. You can see the path the traffic takes, which is reflected in the diagram as well.

Looking at the same info from the Linux Repository instance you can see standard routing for a locally connected server without any specific routes to the 172.17.0.0/24 or 10.0.30.0/24 subnets.

Notice though with the traffic path to get to the 172.17.0.0/24 subnet it’s now going through an extra hop which is the Veeam PN instance.

Amazon VPC Configuration:

For the most part this was a straightforward VPC creation with a IPv4 CIDR block of 10.0.100.0/24 configured. However, to make the routing work and the traffic flowing as desired you need to tweak some settings. After initial deployment of the Veeam PN EC2 instance I had some issues resolving both forward and reverse DNS entries which meant I couldn’t update the servers or install anything off the Veeam Linux software repositories.

By default there are a couple of VPC options that is turned off for some reason which makes all that work.

Enable both DNS Resolution and DNS Hostnames via the menu options highlighted above.

For the Network ACLs the default Allows ALL/ALL for inbound and outbound can be left as is. In terms of Security Groups, I created a new one and added both the Veeam PN and Linux Repository instances into the group. Inbound we are catering for SSH access to connect to and configure the instances externally and as shown below there are also rules in there to allow HTTP and HTTPS traffic to access the Veeam PN Web Console.

These, along with the Network ACLs are pretty open rules so feel free to get more granular if you like.

From the Route Table menu, I added the static routes for the remote subnets so that anything on the 10.0.100.0/24 network trying to get to 172.17.0.0/24 or 10.0.30.0/24 will use the Veeam PN EC2 instance as it’s next hop target.

EC2 Configuration Gotchya:

A big shout out to James Kilby who helped me diagnose an initial static routing issue by discovering that you need to adjust the Source/Destination Check attribute which controls whether source/destination checking is enabled on the instance. This can be done either against the EC2 instance right click menu, or on the Network Interfaces menu as shown below.

Disabling this attribute enables an instance to handle network traffic that isn’t specifically destined for the instance. For example, instances running services such as network address translation, routing, or a firewall should set this value to disabled. The default value is enabled.

Conclusion:

The end result of all that was the ability to configure my Veeam Backup & Replication server in my Homeland to add the EC2 Veeam Linux instance as a repository which allowed me to backup to AWS from home through the Veeam PN network site-to-site connectivity.

Bear in mind this is a POC, however the ability to consider Veeam PN as another options for extending AWS VPCs to other networks in a quick and easy fashion should make you think of the possabilities. Once the VPC/EC2 knobs where turned and the correct settings put in place, the end to end deployment, setup and connecting into the extended Veeam PN HUB network took no more than 10 minutes.

That is the true power of the Veeam Powered Network!

References:

https://docs.aws.amazon.com/glue/latest/dg/set-up-vpc-dns.html

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-eni.html#change_source_dest_check

Veeam Vault #10: Latest Veeam Releases and Vanguard 2018 Update

Welcome to the 10th edition of Veeam Vault and the first one for 2018. It’s pretty crazy to think that we have already completed two months of the year. After an extremely hectic first half of January attending two of our Veeam Velocity Sales Kick off events (Bangkok for APJ and Saint Petersburg for EMEA) i’ve been working from the home office for close to six weeks. It’s been a productive time organising content and working with different Cloud teams across the business to help enable our VCSPs to take advantage our our cloud technologies and help them drive services revenue.

Getting stuck into this edition, I’ll cover the releases of Veeam Availability Orchestrator, the Infinidat Storage Plugin and Update 5 for the Veeam Management Pack… all of which happened over the last week. I’ll talk about the Veeam Vanguard Program for 2018 as well as link to Veeam related content the Vanguard crew have put out over the past couple of months.

Veeam Availability Orchestrator:

Veeam Availability Orchestrator has been in the works for a while now and it’s great to see it hit GA. It boasts an automated and resilient orchestration engine for Veeam Backup & Replication replicas, designed specifically to help enterprises with compliance requirements. One of it’s biggest features is helping to reduce the cost and effort associated with planning for and recovering from a disaster through the automatic creation, documentation and testing of disaster recovery plans.

For a deeper look at it’s features and functionality, Michael White has a good overview post on VAO here.

Infinidat Storage Plugin:

Our new Universal Storage Integration API that was introduced with the release of Update 3 for Backup & Replication 9.5 allows approved Veeam Alliance Partners to build their own storage plug-ins to enable rapid development of primary storage integrations. Infinidat is our first Alliance Partner to integrate through the Universal Storage Integration API. This adds to existing integrations with Cisco, Dell EMC, HPE, IBM, Lenovo and NetApp.

My fellow Technologist, Michael Cade has written up a blog post explaining how to download and install the plugin for those customers using Infindat as their storage backend.

Veeam Management Pack Update 5:

Update 5 for Management Pack went GA today and there are a few new things this release that builds off of the Update release 4 last year. below is a quick rundown of what’s new in this update.

  • Built-in monitoring for Veeam Agent for Microsoft Windows
  • Morning Coffee Dashboard for at-a-glance, real-time health status of your Veeam backup environments
  • Monitoring for VMware Cloud on Amazon Web Services (AWS)
  • Additional VMware vSAN & vCenter Alarms

It’s pleasing to see support for VMware Cloud on AWS as that starts to look to gain momentum in the market and also great to see us enhancing our vSAN alarms as that product also evolves. For a detailed description of the new features, read the release post here.

Veeam Vanguard 2018:

Overnight we notified new and returning members of their successful application for the Veeam Vanguard program for 2018. This is one of the most hotly sort after influencer programs in our industry and I can tell you that the process to vote for and accept applicants was tough this year. The Product Strategy team takes a lot of care and effort in selecting the group and it represents the best Veeam advocates going round. We work closely with the group and their feedback plays a key part in our feedback loop as well as help us to promote Veeam and Veeam products within their companies and spheres of influence.

Well done to the 2018 nominees!

Veeam Vanguard Blog Post Roundup:

Veeam Powered Network: Azure and Remote Site Configuration

This week we announced the offical GA of Veeam Recovery to Microsoft Azure featuring Veeam Powered Network (Veeam PN). This new product also features Director Restore to Microsoft Azure in combination with Veeam PN to create a solution that allows you to recover VMs into Azure and then have those VMs accessible on the original network by extending the on-premises network to the Azure networks. From there remote users can also connect into the Azure based Veeam PN Gateway and access services in all connected sites.

I’m going to step through the deployment of Veeam PN from the Azure Marketplace and then extend two remote sites into the Azure Virtual Network created during the initial configuration from the Azure Marketplace. Below is a logical drawing of the extended recovery network.

Components

  • Azure Subscription
  • Veeam PN Azure Marketplace Hub Appliance x 1
  • Veeam PN Site Gateway x 2
  • OpenVPN Client

The OVA is 1.5GB and when deployed the Virtual Machine has the base specifications of 1x vCPU, 1GB of vRAM and a 16GB of storage, which if thin provisioned consumes a tick over 5GB initially.

Networking Requirements

  • Veeam PN Hub Appliance – Incoming Ports TCP/UDP 1194, 6180 and TCP 443
    • Azure Virtual Network Address Space 172.16.0.0/16
  • Veeam PN Site Gateway – Outgoing access to at least TCP/UDP 1194
    • Columbus Address Space 10.0.30.0/24
    • Home Office Address Space 192.168.1.0/24
  • OpenVPN Client – Outgoing access to at least TCP/UDP 6180
Veeam PN Azure Marketplace Deployment:

Once logged into the Azure portal, head to the Azure Marketplace and search for Veeam. You should see Veeam PN for Microsoft Azure.

Click on that that and then click on the Create button at the bottom of the Marketplace description.

From here you are presented with a six step process that configures the Veeam PN Azure VM and allows you to configure networking, initial security and site-to-site and point-to-site settings.

For my deployment location I have chosen Southeast Asia which is in Singapore. The username and password you select here will be used to access the Veeam PN web console and the VM via SSH.

Step 2 includes choose the VM size which I have set from Standard A1 to a Basic A1. The biggest difference from Standard to Basic is the inclusion of a Load Balancer service. One thing to note here is that when considering sizing for any VPN technology CPU and RAM is critical as that becomes the limiting factors in being able to process the encrypted connectivity. We will shortly have an offical sizing guide for Veeam PN but for the purpose of connecting up two sites with some external users the Basic A1 instance will do.

In the image above i’ve also configured the 172.16.0.0/16 Virtual Network. The default that Azure gives you is 10.0.0.0/16 which overlaps with subnets in the Columbus lab which is why I chose another private network range.

The last step shown above is configuring the subnet where the Veeam PN VM will be deployed into. This network can also be used by Direct Restore to Azure to place recovered VMs into.

This next step has you choosing the encryption key size for you VPN connections. We have put in a couple of options and depending on your requirements you can select relatively weak keys to very strong keys. As the note says next to the 2048 key recommendation, this does impact the deployment time as the time to generate higher key sizes. This means that you will need to wait at least 10-15 minutes after deployment to access the Web Console to complete configuration. Setting up the VPN information is straight forward. In my example I have changed the port for the Point-to-Site connections to 6180 as I know this is a commonly opened port in our corporate network. The final steps show you a summary and final confirmation to purchase the Marketplace item. There is no cost involved with Veeam PN its self, but be aware that you will be charged for all Azure resource consumption. Once the job is submitted the deployment creates the Veeam PN VM and injects all the settings specified during this process. Taking a look at the Azure Resources created during the process you can see a number of different components listed.

Ill be putting together another post to dive into a few of those resources to show what is happening under the hood in terms of networking when other sites are added.

Finalising Veeam PN and Azure Configuration:

Once the Veeam PN appliance has been deployed successfully you need to complete a couple more steps to hook the Veeam PN service into Azure to allow the automatic injection of routes. To access the Veeam PN web console you enter in the DNS Name created during the initial setup. To view this after deployment is complete and also see the allocated Public IP click on the publicIP group in the Azure Portal.

If the Azure Marketplace deployment has been successful you we be greeted with an Azure Setup Wizard after logging into the Veeam PN web console.

NOTE: If you don’t get the Azure wizard and get the Out of Box Veeam PN setup prompt you haven’t waited long enough for the encryption keys to generate.

As explained this setup creates an Azure user to have access to the Virtual Network Routing Table. After hitting next you need to authenticate the Veeam PN appliance with Azure by clicking on the link provided and entering in the code to authenticate.

Once completed you can further confirm the setup was successful by clicking on Settings and then look at the Services tab. You should see all three options toggled to On.

Clicking on the Azure Tab will show details of the Azure network and deployment settings.

Veeam PN Site Gateway Deployment and Configuration:

I’ve covered in detail during the RC period of Veeam PN how to setup and deploy site gateways to connect back into the Hub. The Hub doesn’t have to live in Azure and there are use cases for Veeam PN to be used standalone, but lets continue with this setup. I went and configured the two sites as shown below. You can now see their subnet addresses in the web console…another added feature in the GA release.

I’ve also configured the Standalone Client that will enable me to connect from my MBP into the Hub and then get access to the networking resources. One new GA feature that has been added here is the ability to enable all traffic to flow through the Hub server as the default gateway…meaning all traffic will pass through Hub.

At each site a Veeam PN Site Gateway appliance gets deployed and is configured with the generated configuration files done in the steps above. Once connected the Overview page will show all sites connected via the Site-to-Site VPN. As of now, Azure, Columbus and my Home Lab are all part of the one extended network.

Backing Up Veeam PN Config and Version Updates:

For the GA version, we have introduced a couple new UI features based on feedback and usability. The first thing to do once you have finished the initial configuration is to head to the System Tab under Settings and Backup the config. This will download a configuration file that can be imported into a clean Veeam PN appliance if anything happened to the production instance.

There is also a new Updates tab which will Check for Updates and, if available Update to a newer build while retaining the current configuration.

Conclusion:

Once everything is connected and in place we can now restore a VM from anywhere and make it available to the extended networks configured in this example. There are a few more things to cover in regards to making the recovered application available from it’s origin network however I will cover that off in future posts.

Below is a summary what I have shown in this post:

  • Deploy Veeam PN from Azure Marketplace
  • Finalise Azure setup from Veeam PN Web Console
  • Setup Site Configurations
  • Deploy Veeam PN OVA to each site and import site configuration
  • Backup Veeam PN Hub configuration

Those five steps took me less than 30 minutes which also took into consideration the OVA deployments as well…that to me is extremely streamlined, efficient process to achieve what in the past, could have taken hours and certainly would have involved a more complex set of commands and configuration steps. The simplicity of the solution is what makes the solution very attractive…it just works!

Again, Veeam PN is free and is deployable from the Azure Marketplace or downloadable in OVA format directly from the veeam.com site.

Top Posts 2017

2017 is done and dusted and looking back on the blog over the last twelve months I’ve not been able to keep the pace up compared to the previous two years in terms of churning out content. In 2017 I managed 90 posts (including this one) which was down on the 124 last year and the 110 in 2016. My goal has always been to put out at least two quality posts a week, however I found that the travel component of my new role has impacted my productivity and tinkering time, which is where a lot of the content comes from…however it was still a record year for site visits (up over 200K) and I did manage to publish the 400th blog post on Virtualization is Life! since going live in 2012.

Looking back through the statistics generated via JetPack, I’ve listed the Top 10 Blog Posts from the last 12 months. This year the VCSA, NSX, vCenter Upgrades/Migrations and Homelab posts dominating the top ten. As I posted about a couple months back the common 503 error for the VCSA is a trending search topic. I was also happy that my post on my Working from Home experience over the last 12 months resonated with a lot of people.

  1. Quick Fix: VCSA 503 Service Unavailable Error
  2. HomeLab – SuperMicro 5028D-TNT4 Storage Driver Performance Issues and Fix
  3. ESXi 6.5 Storage Performance Issues and Fix
  4. What I’ve Learnt from 12 Months Working From Home
  5. NSX Bytes: Updated – NSX Edge Feature and Performance Matrix
  6. Upgrading Windows vCenter 5.5 to 6.0 In-Place: Issues and Fixes
  7. Homelab – Lab Access Made Easy with Free Veeam Powered Network
  8. NSX Bytes: NSX-v 6.3 Host Preparation Fails with Agent VIB module not installed
  9. Quick Look – vSphere 6.5 Storage Space Reclamation
  10. NSX Edge vs vShield Edge: Part 1 – Feature and Performance Matrix

In terms of the Top 10 new posts created in 2017, the list looks more representative of my Veeam content with a lot of interest for Veeam PN and also, as I would hope my vCloud Director posts.

  1. ESXi 6.5 Storage Performance Issues and Fix
  2. What I’ve Learnt from 12 Months Working From Home
  3. Upgrading Windows vCenter 5.5 to 6.0 In-Place: Issues and Fixes
  4. Homelab – Lab Access Made Easy with Free Veeam Powered Network
  5. NSX Bytes: NSX-v 6.3 Host Preparation Fails with Agent VIB module not installed
  6. migrate2vcsa – Migrating vCenter 6.0 to 6.5 VCSA
  7. Veeam is now in the Network Game! Introducing Veeam Powered Network.
  8. NestedESXi – Network Performance Improvements with Learnswitch
  9. Released: vCloud Director 9.0 – The Most Significant Update To Date!
  10. VMware Flings: Top 5 – 2017 Edition

This year I was honoured to have this blog voted #19 in the TopvBlog2017 which I am very proud and I’d like to thank the readers and supporters of this blog for voting for me! And thanks must also go to my site sponsors who are all listed on the right hand side of this page.

Again while I found it difficult to keep up the pace with previous years I fully intend to keep on pushing this blog by keeping it strong to it’s roots of vCloud Director and core VMware technologies like NSX and vSAN. There will be a lot of Veeam posts around product deep dives, release info and I’ll continue to generate content around what I am passionate about…and that includes all things hosting, cloud and availability!

I hope you can join me in 2018!

#LongLivevCD

« Older Entries