Category Archives: Microsoft

Cloud Tier Data Migration between AWS and Azure… or anywhere in between!

At the recent Cloud Field Day 5 (CFD#5) I presented a deep dive on the Veeam Cloud Tier which was released as a feature extension of our Scale Out Backup Repository (SOBR) in Update 4 of Veeam Backup & Replication. Since we went GA we have been able to track the success of this feature by looking at Public Cloud Object Storage consumption by Veeam customers using the feature. As of last week Veeam customers have been offloading petabytes of backup data into Azure Blob and Amazon S3…not counting the data being offloaded to other Object Storage repositories.

During the Cloud Field Day 5 presentation, Michael Cade talked about the Portability of Veeam’s data format, around how we do not lock our customers into any specific hardware or format that requires a specific underlying File System. We offer complete Flexibility and Agnosticity where your data is stored and the same is true when talking about what Object Storage platform to choose for the offloading of data with the Cloud Tier.

I had a need recently to setup a Capacity Tier extent that was backed by an Object Storage Repository on Azure Blob. I wanted to use the same backup data that I had in an existing Amazon S3 backed Capacity Tier while still keeping things clean in my Backup & Replication console…luckily we have built in a way to migrate to a new Object Storage Repository, taking advantage of the innovative tech we have built into the Cloud Tier.

Cloud Tier Data Migration:

During the offload process data is tiered from the Performance Tier to the Capacity Tier effectively Dehydrating the VBK files of all backup data only leaving the metadata with an Index that points to where the data blocks have been offloaded into the Object Storage.

This process can also be reversed and the VBK file can be rehydrated. The ability to bring the data back from Capacity Tier to the Performance Tier means that if there was ever a requirement to evacuate or migrate away from a particular Object Storage Provider, the ability to do so is built into Backup & Replication.

In this small example, as you can see below, the SOBR was configured with a Capacity Tier backed by Amazon S3 and using about 15GB of Object Storage.

The first step is to download the data back from the Object Storage and rehydrate the VBK files on the Performance Tier extents.

There are two ways to achieve the rehydration or download operation.

  1. Via the Backup & Replication Console
  2. Via a PowerShell Cmdlet
Rehydration via the Console:

From the Home Menu under Backups right click on the Job Name and select Backup Properties. From here there is a list of the Files contained within the job and also the objects that they contain. Depending on where the data is stored (remembering that the data blocks are only even in one location… the Performance Tier or the Capacity Tier) the icon against the File name will be slightly different with files offloaded represented with a Cloud.

Right Clicking on any of these files will give you the option to Copy the data back to the Performance Tier. You have the choice to copy back the backup file or the backup files and all its dependancies.

Once this is selected, a SOBR Download job is kicked off and the data is moved back to the Performance Tier. It’s important to note that our Intelligent Block Recovery will come into play here and look at the local data blocks to see if any match what is trying to be downloaded from the Object Storage… if so it will copy them from the Performance Tier, saving on egress charges and also speeding up the process.

In the image above you can see the Download Job working and only downloaded 95.5MB from Object Storage with 15.1GB copied from the Performance Tier… meaning the data blocks for the most that are local are able to be used for the rehydration.

The one caveat to this method is that you can’t select bulk files or multiple backup jobs so the process to rehydrate everything from the Capacity Tier can be tedious.

Rehydration via PowerShell:

To solve that problem we can use PowerShell to call the Start-VBRDownloadBackupFile cmdlet to do the bulk of the work for us. Below are the steps I used to get the backup job details, feed that through to variable that contains all the file names, and then kick off the Download Job.

The PowerShell window will then show the Download Job running

Completing the Migration:

No matter which way the Download job is initiated, we can see the progress form the Backup & Replication Console under the Jobs section.

And looking at the Disk and Network sections of Windows Resource Monitor we can see connections to Amazon S3 pulling the required blocks of data down.

Once the Download job has been completed and all VBKs have been rehydrated, the next step is to change the configuration of the SOBR Capacity Tier to point at the Object Storage Repository backed by Azure Blob.

The final step is to initiate an offload to the new Capacity Tier via an Offload Job…this can be triggered via the console or via Powershell (as shown in the last command of the PowerShell code above) and because we have already a set of data that satisfies the conditions for offload (sealed chains and backups outside the operational restore window) data will be dehydrated once again…but this time up to Azure Blob.

The used space shown below in the Azure Blob Object Storage matches the used space initially in Amazon S3 All recovery operations show Restore Points on the Performance Tier and on the Capacity Tier as dictated by the operational restore window policy.
Conclusion:

As mentioned in the intro, the ability for Veeam customers to have control of their data is an important principal revolving around data portability. With the Cloud Tier we have extended that by allowing you to choose the Object Storage Repository of your choice for cloud based storage or Veeam backup data…but also given you the option to pull that data out and shift when and where desired. Migrating data between AWS, Azure or any platform is easily achieved and can be done without too much hassle.

References:

https://helpcenter.veeam.com/docs/backup/powershell/object_storage_data_transfer.html?ver=95u4

Released: Backup for Office 365 3.0 …Yes! You Still Need to Backup your SaaS

A couple of weeks ago of Veeam Backup for Office 365 version 3.0 (build 3.0.0.422) went GA. This new version builds on the 2.0 release that offered support for SharePoint and OneDrive as well as enhanced self service capabilities for Service Providers. Version 3.0 is more about performance and scalability as well as adding some highly requested features from our customers and partners.

Version 2.0 was released last July and was focused on expansed the feature set to include OneDrive and SharePoint. We also continued to enhanced the automation capability of the platform through a RESTful API service allowing our Cloud & Service Providers to tap into the APIs to create scaleable and efficient service offerings. In version 3.0, there is also an extended set of PowerShell commandlets that have been enhanced from version 2.0.

What’s New in 3.0:

Understanding how best to deal with backing up SaaS based services where a lot of what happens is outside of the control of the backup vendor, there where some challenges around performance with the backing up and restoring of SharePoint and OneDrive in version 2.0. With the release of version 3.0 we have managed to increase the performance of SharePoint and OneDrive incremental backups up to 30 times what was previously seen in 2.0. We have also added support for multi-factor authentication which was a big ask from our customers and partners.

Other key enhancements for me was some optimisations around the repository databases that improves space efficiencies, auto-scaling of repository databases that enable easier storage management for larger environments by overcoming the ESE file size limit of 64 TB. When the limit is reached, a new database will be created automatically in the repository which stops manual intervention.

Apart from the headline new features and enhancements there are also a number of additional ones that have been implemented into Backup for Microsoft Office 365 3.0.

  • Backup flexibility for SharePoint Online. Personal sites within organisations can now be excluded or included from/to a backup in a bulk.
  • Flexible protection of services within your Office 365 organization, including exclusive service accounts for Exchange Online and SharePoint Online.
  • Built-in Office 365 storage and licensing reports.
  • Snapshot-based retention  which extends the available retention types.
  • Extended search options in the backup job wizard that make it is possible to search for objects by name, email alias and office location.
  • On-demand backup jobs to create backup jobs without a schedule and run them upon request.
  • The ability to rename existing organizations to keep a cleaner view on multiple tenant organizations presented in the console

For another look at what’s new, Niels Engelen goes through his top new features in detail here and for service providers out there, it’s worth looking at his Self Service Portal which has also been updated to support 3.0.

Architecture and Components:

 

There hasn’t been much of a change to the overall architecture of VBO and like all things Veeam, you have the ability to go down an all in one design, or scale out depending on sizing requirements. Everything is handled from the main VBO server and the components are configured/provisioned from here.

Proxies are the work horses of VBO and can be scaled out again depending on the size of the environment being backed up. Again, this could be Office 365 or on-premises Exchange or SharePoint instances.

Repositories must be configured on Windows formatted volumes as we use the JetDB database format to store the data. The repositories can be mapped one to one to tenants, or have a many to one relationship.

Installation Notes:

You can download the the latest version of Veeam Backup for Microsoft Office 365 from this location. The download contains three installers that covers the VBO platform and two new versions of the Explorers. Explorer for Microsoft OneDrive for Business is contained within the Explorer for Microsoft SharePoint package and installed automatically.

  • 3.0.0.422.msi for Veeam Backup for Microsoft Office 365
  • 9.6.5.422.msi for Veeam Explorer for Microsoft Exchange
  • 9.6.5.422.msi for Veeam Explorer for Microsoft SharePoint

To finish off…It’s important to read the release notes here as there are a number of known issues relating to specific situations and configurations.

Backup for Office 365 has been a huge success for Veeam with a growing realisation that SaaS based services require an availability strategy. The continuity of data on SaaS platforms like Office 365 is not guaranteed and it’s critical that a backup strategy is put into place.

Links and Downloads:

Quick Look – New Cloud Credentials Manager in Update 4

With the release of Update 4 for Veeam Backup & Replication 9.5 we further enhanced our overall cloud capabilities by adding a number of new features and enhancements that focus on tenants being able to leverage Veeam Cloud and Service Providers as well as Public Cloud services. With the addition of Cloud Mobility, External Repository and Cloud Connect Replication supporting vCloud Director we decided to break out the existing credential manager and create a new manager dedicated to the configuration and management of Cloud specific credentials.

The manager can be accessed by clicking on the top left dropdown menu from the Backup & Replication Console and then choosing Manage Cloud Credentials.

You can use the Cloud Credentials Manager to create and manage all credentials that are planned to use to connect to cloud services.

The following types of credentials can be configured and managed:

  • Veeam Cloud Connect (Backup and Replication for both Hardware Plans and vCD)
  • Amazon AWS (Storage and Compute)
  • Microsoft Azure Storage (Azure Blob)
  • Microsoft Azure Compute (Azure and Azure Stack)

The Cloud Connect credentials are straight forward in terms of what they are used for. There is even a way for non vCloud Director Authenticated tenants to change their own default passwords directly.

When it comes to AWS and Azure credentials the manager will allow you to configure accounts that can be used with Object Storage Repositories, Restore to AWS (new in Update 4), Restore to Azure and Restore to Azure Stack (new in Update 4).

PowerShell is still an Option:

For those that would like to configure these accounts outside of the Backup & Replication Console, there is a full complement of PowerShell commands available via the Veeam PowerShell Snap-in.

As an example, as part of my Configure-Veeam GitHub Project I have a section that configures a new Scale Out Backup Repository with an Object Storage Repository Capacity Tier backed by Amazon S3. The initial part of that code is to create a new Amazon Storage Account.

For a full list of PowerShell capabilities related to this, click here.

So there you go…a very quick look at another new enhancement in Update 4 for Backup & Replication 9.5 that might have gone under the radar.

References:

https://helpcenter.veeam.com/docs/backup/vsphere/cloud_credentials.html?ver=95u4

Enhanced Self Service Restore in Backup for Office 365 v2.0

Earlier in the year I gave an overview on the Self Service recovery capability of Veeam Backup for Office 365 which gave Veeam Cloud and Service Providers the ability to offer self service to their tenants for the recovery of Exchange data that’s been backed up on their platforms as a service.

As a bit of a refresher:

Tenant admins communicate with the Service Provider via the Cloud Gateway component which handles flow of data. The Service Provider grants the ability to their tenants so that each tenant can perform self restore operations using Veeam Explorer for Microsoft Exchange. By default, tenants are not able to restore anything from the backup without a Service Provider assistance.

The steps above show the self restore scenarios performed by the Tenant:

  • Tenants use Veeam Explorer for Microsoft Exchange to send restore requests via Veeam Cloud Gateway directly to the Service Provider.
  • On the Service Provider side, Veeam Backup for Microsoft Office 365 management server detects a proxy server responsible for processing tenant data.
  • Veeam Backup for Microsoft Office 365 management server locates an associated repository that contains a backup file that belongs to the Tenant.
  • Corresponding backup data is then transferred back to the tenant via Veeam Cloud Gateway.
What’s Changed in v2.0:

As mentioned, one of the big limitations in VBO v1.5 was the fact you could only restore the most recently backed up recovery point which limited it’s usefulness for most administrators looking to take advantage of the feature. That’s changed in VBO v2.0 with the ability to now choose a point in time from the Explorers. This is true for both Veeam Explorer for Exchange and Sharepoint (Which also does OneDrive).

Shown below is a Service Provider view of a restore operation for the Sliema organisation. As with the previous versions you have the ability to use latest or go back to a point in time.

As a reminder…the retention is set against the Backup Repository in VBO. Organisations are assigned to Repositories which dictates their own retention. At the tenant end, once the Veeam Explorer has been launched and the Connect to a Service Provider option has been chosen, you now see similar options to either do the latest, or go to a point in time.

If you go to choose a point in time that precedes the date of the first backup you will get the error below. Once a correct point in time has been selected the Self Service can begin. Shown below i’m able to go back to the 3rd of May 2018 restore point and perform actions on mail items. In this case, I was looking for a AWS Bill that I had deleted out of the mailbox and had gone way past my default Exchange retention settings. Back on the Service Provider end, you can see the active restore job session which is being facilitated through Cloud Connect. Conclusion:

To reiterate, the market for Office365 backups is significant and we have built in some pretty cool technology into Backup & Replication that works with Backup for Office365 that allows easy, self service capabilities that can be productized by Service Providers out of the box. Not only can Service Providers offer services to backup client Exchange, SharePoint or OneDrive Organisations but they can also extend that to offer self service which increases overall operational efficiencies at the provider end while also offering enhanced services to clients.

References:

https://helpcenter.veeam.com/docs/vbo365/guide/vex_sp_add.html?ver=20#pit

Configuring Service Provider Self Service Recovery with Veeam Backup for Microsoft Office 365

Quick Post – Veeam Backup for Office 365 v2 Important Patch plus Self Service Warning Fix

Last week we snuck out an important cumulative patch for Veeam Backup for Office 365 v2 bring the build number up to 2.0.0.567. The patch is actually fairly significant and I would recommend anyone running VBO to update as soon as possible. It covers Licensing, SharePoint and OneDrive, Group and Shared Mailbox fixes and enhancements as well as general server fixes.

To download and install the update, head to the VeeamKB here. There are some important notes about the upgrade process depending on your deployment configuration.

  • Execute VBO2.0-KB2765.msp as administrator on the Veeam Backup for Microsoft Office 365 server.
  • If there are any remote proxies in your environment please update those as described here 
  • If you use a remote VBO365 console and/or remote VBO365 PowerShell module installation, please contact technical support to assist you in upgrading those components.
Self Service Warning Fix:

Not related to the update, but something that I had happen to me on testing the upgraded VBO instance was that when I went to perform a Self Service through the Veeam Explorer for Exchange or Sharepoint I had the following pop up.

Once hitting ok, I didn’t have the ability to choose a Service Provider connection for the Self Service restore operation. This was the same for both Exchange the Sharepoint Explorer. Working with our support to ensure it wasn’t a regression in the latest patch we found an entry in the Explorer log files that pointed to the issue.

[28.09.2018 13:08:15] <37> Info [CloudCacheSync] Synchronizing provider 119.252.77.83

[28.09.2018 13:08:16] <37> Error Exception while connecting to endpoints [119.252.77.83]
[28.09.2018 13:08:16] <37> Error No connection could be made because the target machine actively refused it 119.252.77.83:6180 (System.Net.Sockets.SocketException)

[28.09.2018 13:08:17] <37> Error All cloud gateways are unavailable (Veeam.Backup.Core.CCloudGateSvc+CAllGatesUnavailableException)

[28.09.2018 13:08:17] <37> Error Credentials with id ‘a22f868a-a51a-473f-9f6d-cff9ff250fa3’ were not found (System.Exception)

Basically the issue was caused by the fact that I had an uncontactable Service Provider endpoint configured in the Backup & Replication Server. Once I removed the offending entry in the Service Provider section, I was able to reload the Explorers and have the ability to perform self service recoveries again. It’s probably something that won’t come up under normal tenant circumstances as I connect to multiple Service Providers from my NestedESXi Homelab instance…but something to take note of if the warning appears for you.

References:

https://www.veeam.com/kb2765

Quick Fix – Backup for Office 365 Self Service Recovery Fails with Incompatible Version

A couple of weeks ago we released version 2.0 of Veeam Backup for Office 365 which added support for SharePoint and OneDrive. Earlier this year I wrote about the awesome self service capabilities that are included for Veeam Cloud and Service Providers in the VBO platform, and also the huge opportunity that exists in the provider space to offer backup service for Exchange. Add to that SharePoint and OneDrive and that opportunity only gets bigger.

I’m putting together a couple of posts around the self service of SharePoint and OneDrive in the 2.0 release, but in the meantime this is a very quick fix post for those that might be getting the below error when trying to connect to service provider endpoints running VBO services for Exchange Online.

Incompatible Veeam Backup for Office 365 server version, received 9.6.3.567, expected 9.6.0.1308

To resolve this issue, then tenant needs to download the VBO 2.0 download package and install the new version of the Veeam Explorer for Microsoft Exchange that’s included in the release.

This will update the existing Explorer version from that distributed with Veeam Backup & Replication 9.5. The awesome thing about getting the upgrade as part of the VBO 2.0 package is that for the 1.5 release where self service was first introduced, tenants had to wait for Update 3 for Backup & Replication to consume the service.

Once this has been updated you can once again connect to the Cloud Connect infrastructure of the Service Provider that allows the self service recoverability function to take place.

Released: Backup for Office 365 2.0 …Yes! You Need to Backup your SaaS

Last week the much anticipated release of Veeam Backup for Office 365 version 2.0 (build 2.0.0.567) went GA. This new version builds on the 1.5 release that was aimed at scalability and service providers. Version 2.0 adds support for SharePoint and OneDrive. Backup for Office 365 has been a huge success for Veeam with a growing realisation that SaaS based services require an availability strategy. The continuity of data on SaaS platforms like Office 365 is not guaranteed and it’s critical that a backup strategy is put into place.

Version 1.5 was released last October and was focused on laying the foundation to ensure the scalability requirements that come with backing up Office365 services were met. We also enhanced the automation capability of the platform through a RESTful API service allowing our Cloud & Service Providers to tap into the APIs to create saleable and efficient service offerings. In version 2.0, there is also a new set of PowerShell commandlets that have been enhanced from version 1.5.

What’s New in 2.0:

Office 365 Exchange was the logical service to support first, but there was huge demand for the ability to extend that to cover SharePoint and OneDrive. With the release of version 2.0 the platform now delivers on protecting Office 365 in its entirety. Apart from the headline new features and enhancements there are also a number of additional ones that have been implemented into Backup for Microsoft Office 365 2.0.

  • Support for Microsoft SharePoint sites, libraries, items, and documents backup and restore.
  • Support for Microsoft OneDrive documents backup and restore.
  • Support for separate components installation during setup.
  • Support for custom list templates in Veeam Explorer for Microsoft SharePoint.
  • Support for comparing items with Veeam Explorer for Microsoft Exchange.
  • Support for exporting extended logs for proxy and controller components.

We have also redesigned the job wizard that enhances setup, search and maintaining visibility of objects.

Architecture and Components:

There hasn’t been much of a change to the overall architecture of VBO and like all things Veeam, you have the ability to go down an all in one design, or scale out depending on sizing requirements. Everything is handled from the main VBO server and the components are configured/provisioned from here.

Proxies are the work horses of VBO and can be scaled out again depending on the size of the environment being backed up. Again, this could be Office 365 or on-premises Exchange or SharePoint instances.

Repositories must be configured on Windows formatted volumes as we use the JetDB database format to store the data. The repositories can be mapped one to one to tenants, or have a many to one relationship.

The API service is disabled by default, but once enabled can be accessed via a URL to view the API commands in Swagger, or directly via the API endpoint.

Free Community Edition:

In terms of licensing, VBO is licensed per Office 365 user in all organizations. If you install VBO without a license, you will trigger Community Edition mode that allows you to have up to 10 user accounts in all organizations. This includes 1 TB of Microsoft SharePoint data. The Community Edition is not limited in time and doesn’t limit functionality.

Installation Notes:

You can download the the latest version of Veeam Backup for Microsoft Office 365 from this location. The download contains three installers that covers the VBO platform and two new versions of the Explorers. Explorer for Microsoft OneDrive for Business is contained within the Explorer for Microsoft SharePoint package and installed automatically.

  • 0.0.567.msi for Veeam Backup for Microsoft Office 365
  • 6.3.567.msi for Veeam Explorer for Microsoft Exchange
  • 6.3.568.msi for Veeam Explorer for Microsoft SharePoint

To finish off…It’s important to read the release notes here as there are a number of known issues relating to specific situations and configurations.

Links and Downloads:

Veeam Availability Console now available from Azure Marketplace

Last week the Veeam Availability Console Azure Marketplace appliance went live. This allows Veeam Cloud and Service Providers to easily deploy VAC into any Azure region. In it’s previous incarnation the Managed Backup Portal was only available as an Azure marketplace appliance and not available to install by a VCSP. Now that VAC 2.0 is out, VCSPs who don’t have the ability to host Cloud Connect or VAC on their infrastructure can deploy it in Azure and have the service up and running within fifteen minutes.

There are some limitations that come along with deploying VAC into Azure and it won’t be for everyone. The biggest caveat is that you can only have one Cloud Connect Server per VAC instance and as part of the deployment, Cloud Connect services is installed on the same Virtual Machine. You can’t offer Replication services from the Azure instance, and if offering Cloud Connect backup you need to understand it’s own scalability and performance bottlenecks. That said, as a remote management, monitoring, reporting, billing and self service platform there is a lot to like about having VAC in Azure.

Marketplace Deployment Steps:

You can start the deployment by searching for Veeam Availability Console in the Azure Marketplace or you can go direct to the product page here.

Click on Create to start the configuration steps.

The Basics includes VM name, hard disks type, username and password as well as selecting the subscription, the ability to use a new or existing resource group and finally the Azure location you want to deploy into.

In Step 2 you need to choose the Size of the Azure instance. The template provides the recommended configurations. The sizes are relative to the amount of agents and/or Backup & Replication instances you are going to be managing from this instance. You can find sizing guides here for larger environments.

I ended up going with an A2 standard for my instance which removes the load balancing functionality from the configuration and offers a little less IOPS. Step 3 contains some optional extra’s to ensure a higher level of availability for the VM instance and lets you configure the networking. Once that’s done you can review your configuration settings and start the deployment. It took just over 8 minutes for the deployment to succeed.

If you click on the Virtual Machine object in the Azure Portal you will see an overview of the VM and it’s configuration.

Addition Azure Configuration:

If you notice in the image above, a DNS name is listed in the overview. This was something that I had to set manually after the deployment. You set this by going into the Networking of the resource pool and click on IP Configuration. Here, you can enter in a DNS name relative to the Azure zone you are in. You can then use this to connect to the VAC Console, Cloud Connect Service and to RDP to the VM and helps in the event of having a dynamic, rather than a static Azure IP.

Speaking of networking and ports, below is a list of the default port rules created during the deployment. Note that WinRM is open as well.

Finalizing Deployment:

After deploying the Azure Marketplace appliance you can RDP into the VM and complete the setup that includes configuring Cloud Connect and VAC it’s self. A few things have been done for us as part of the deployment, however the first thing you need to do is get a license. This is a BYO license situation, so once you have deployed the Marketplace appliance you will need to source a VAC license from the Veeam Licensing Portal and apply.

Head to the VAC Web Portal and Install the License.

Once done the last step is to configure Cloud Connect from the Backup & Replication Console. Again, you will need a valid Cloud Connect license as you are greeted with the Free Edition when you connect to the console for the first time. As per normal with Cloud Connect, you need to configure the SSL Certificate first and then configure a new Cloud Gateway. Configure the Networking as shown below using the DNS name that was created in the steps above.

Once this is completed you can go into the VAC Console and work through the normal Configuration steps. The only thing you don’t need to do is add the Cloud Connect Server to the VAC instance as this has already been done during the initial deployment process.

It’s worth noting that the versions of Backup & Replication (9.5.0.1536) and Availability Console (2.0.1.1343) are up to date and include the latest Hot-Fixes for VAC. The intent is to have the templates as up to date as possible, however once deployed you can upgrade as per usual.

Conclusion:

So there you have it…within fifteen minutes you can have a fully working Veeam Availability Console instance running in Azure and ready to be used to offer all the goodness that VAC offers our Cloud and Service Provider partners. For an overview as to what VAC offers, click here and have a read of my GA post on What’s in It for Service Providers.

Links:

https://azuremarketplace.microsoft.com/en-us/marketplace/apps/veeam.veeam-availability-console?tab=Overview

 

Office 365 Backups and the Opportunity that Exists for Service Providers

In recent weeks i’ve become reacquainted with an old friend…There was a time where eighty to ninety percent of my day job was working in and around Exchange Server. If I had started this blog in 2005 it would have been dominated with posts around the Hosting of Exchange Server and probably be named Exchange is Life!. I take pride in my Hosted Exchange Org and User creation scripts that I created before Hosting Control Panels where even a thing.

Over the last five or six years my interest in Exchange diminished due to moving roles and also due to some lingering ill feelings about the way in which Microsoft treated their initial Hosting partners as they started what would become, Office 365 back in the late 2000’s. That said I have remained aware of the Exchange landscape and while there is still a lot of on-premises Exchange instances and still a number of decent Hosted Exchange providers out there, there is no stopping Office 365’s growth.

I even jumped on the bandwagon by moving my personal SliemaLabs domain over to an Office 365 Exchange subscription late last year. That domain initially lived on an Exchange Server I ran from home, and then on a Hosted Exchange platform I built and now it’s completed it’s own journey to Office 365.

Having spent a bit of time recently looking at the 1.5 version of our Backup for Microsoft Office 365 product…more specifically the new self service feature that came in Backup & Replication 9.5 Update 3. I’ve had a renewed sense of purpose around the Exchange ecosystem…and that purpose is to ensure that all service providers understand the opportunity that exists around creating offerings for the backing up and availability of Office365 services.

This post follows a post that was released on the Veeam.com blog by Paul Mattes (VP of Global Cloud Group at Veeam) talking about the success of our Backup for Microsoft Office 365 product.

In 2017, more than 25,000 organizations installed our Office 365 backup solution, representing 2.3 million Microsoft Office mailboxes. We saw a staggering 327% quarter-over-quarter growth in Q4 of last year.

And the reasons why all Office 365 users should consider an external backup solution for their data hosted in Microsoft’s SaaS cloud platform.

It’s important to remember that SaaS platform providers, like Microsoft Office 365, take on the responsibility of application uptime and the underlying infrastructure. But it is the customer’s responsibility to manage and protect their vital business data.

This is public cloud in a nutshell…Ultimately the customer has the responsibility to ensure all data is backed up correctly. I won’t go into the technical aspects as to why Office 365 requires additional backups solutions. There a plenty of good online resources, a Gartner report is available here Microsoft’s has an offical page on High Availability and Business Continuity guide. Doing research into the nature of SaaS you understand the need for third party backup solutions.

The Office 365 Opportunity:

From a service provider point of view there is an opportunity to tap into the 85 million user Exchange Online market and offer availability services for organisations using Office 365. This is a multi-billion dollar market that exists today and services based around backup and management of that data are central to tapping into that opportunity. Just breaking down the ANZ market alone, there are approximately 4.25 million Office 365 users of which if only 5% was captured would represent a combined 3.5 to 5 million dollar market.

For those VCSPs who have already deployed Cloud Connect and offering Backup services, the ground work has been laid with regards to having the infrastructure in place to extend that service to offer Veeam Backup for Office 365 aaS.

The billable components of this service are licenses and then storage costs. Managed Service Providers can also build in management fees that offer an end to end solution for their clients. Where it should be seen to be extremely attractive for VCPSs is in the potential for the storage revenue to be significant early and then continue to grow as tenant’s backup and retain more and more mailboxes in addition to new tenants coming on board.

We have given our VCSPs the tools to be able to build a strong service around Office 365 backups with the 1.5 release of Backup for Office 365 focused on scalability and automation. Add to that the self service feature that came in Update 3 for Backup & Replication and there is no excuse to not start thinking about offering this as a service.

Looking beyond Exchange Online, version 2 of Backup for Office 365 will include the ability to backup SharePoint and OneDrive as well…have a think about what that represents in terms of revenue opportunities just on the potential for storage consumption alone.

Again, I want to emphasis that this market is huge and what’s on offer in terms of potential revenue can’t be ignored. I’m excited about the next 12-18 months in being able to see our VCSPs grab this opportunity…don’t let it slip!

References:

https://technet.microsoft.com/en-us/library/exchange-online-high-availability-and-business-continuity.aspx

The Limitations of Microsoft Office 365 Backup

 

 

Configuring Service Provider Self Service Recovery with Veeam Backup for Microsoft Office 365

For a while now I’ve talked about the increasing functionality of the the Cloud Connect Gateway and that it is central to a lot of features and services that exist within Veeam Backup & Replication. With the release of 9.5 Update 3 we added a feature that allows multi-tenant self service recoverability of a tenants Office365 mailbox backup hosted by Veeam Cloud and Service Providers utilising Veeam Backup for Microsoft Office 365 1.5 that was released late last year.

Overview:

Tenant admins communicate with the Service Provider via the Cloud Gateway component which handles flow of data. The Service Provider grants the ability to their tenants so that each tenant can perform self restore operations using Veeam Explorer for Microsoft Exchange. By default, tenants are not able to restore anything from the backup without a Service Provider assistance.

The steps above show the self restore scenarios performed by the Tenant:

  • Tenants use Veeam Explorer for Microsoft Exchange to send restore requests via Veeam Cloud Gateway directly to the Service Provider.
  • On the Service Provider side, Veeam Backup for Microsoft Office 365 management server detects a proxy server responsible for processing tenant data.
  • Veeam Backup for Microsoft Office 365 management server locates an associated repository that contains a backup file that belongs to the Tenant.
  • Corresponding backup data is then transferred back to the tenant via Veeam Cloud Gateway.

IMPORTANT!

When planning solution components deployment, remember that Veeam Backup for Microsoft Office 365 v1.5 and Veeam Backup & Replication 9.5 Update 3 must be installed on the same server.

Example:

These days I don’t have access to a local Exchange Server or to a corporate Exchange Online instance but I did migrate my personal domain over to Office365 just before Christmas. That account has only one mailbox, but that’s enough to demonstrate the Office365 Service Provider backup and tenant self service recovery use case.

Service Provider Side:

For Service Providers to backup tenants on-premises or Office 365 Exchange mailboxes they need to first configure a new organization in Veeam Backup for Office 365. I’m not going to go through the steps for that as it’s been covered in other posts and is very simple to configure, however to prepare for the self service capability the service provider needs to ensure that the Cloud Connect Gateways are setup and configured and accessible externally.

In Backup for Office 365 you have to enable and configure the RestAPI and Authentication Settings under their respective tabs in the Options menu. This includes selecting an SSL certificate for both services…I’m just using a self signed certificate but obviously service providers will want a correctly signed public certificate to productise this feature.

With the organization configured I created a new job and backed up the Exchange Organization. Again, for this example I just have the one mailbox but the theory is the same weather it’s one, five, fifty or five thousand mailboxes.

From here, without any self service configured the Service Provider can access the mailboxe(s) to perform whole or granular item level recovery using the Veeam Explorer for Exchange. As shown below I can access any mailbox from the service provider’s end and perform recovery to a number of different locations

For each tenant (not per Exchange User) there needs to be a Cloud Connect tenant account created on the Backup & Replication server. This will be used at the tenant end by the admin to configure a Service Provider in the Backup & Replication console which will then be detected and used by the Veeam Explorer for Exchange to use to connect into the service provider and authenticate with an applicable Exchange account.

Tenant End:

For the tenant admin to use Veeam Explorer for Exchange to perform mailbox recovery you first have to configure a Service Provider using Cloud Connect tenant credentials as provided by the Service Provider. It’s worth mentioning here that you can have no license installed in Backup & Replication and are still able to add a Service Provider to the Backup Infrastructure menu. Once connected, firing up the Explorer for Exchange you will use the Service Provider option in the Add Store dropdown.

In the drop down list, select the Service Provider account configured in the Backup Infrastructure menu. If multiple exist you will see each one in the drop down. You also configure the username and password that connects to the Exchange Organization. This can be an admin account that is allowed impersonation, or you can enter in an individual account.

Once connected (which can take some time with the GUI of the Explorer for Exchange) any mailbox that the account has authorization over will be seen and mailbox recovery can begin.

An interesting thing to do is to check what is happening from a network connectivity point of view during this process. While performing a restore you can see open connections from the tenant side to Cloud Connect gateway on port 6180 and also you can see a connection to Office365 on port 443 completing the loop.

Back at the Service Provider end in the Backup for Office365 console you can see active Explorer for Exchange sessions as running jobs. Below you can see the local one, plus a remote session.

Automation:

For Service Providers with the capability to automate the setup and provisioning of these services through PowerShell or the RestAPIs here is a great example of what can be achieved with Backup for Office365 and the creation of a self service portal web interface. You can use the built in Swagger UI to evaluate the capabilities of RestAPIs.

The Swagger UI can be accessed via the following URL:

https://<Backup-Office365>:<Port>/swagger/ui/index

From there you can authenticate and work through the live examples.

Conclusion:

The market for Office365 backups is significant and we have built in some pretty cool technology into Backup & Replication that works with Backup for Office365 that allows easy, self service capabilities that can be productized by Service Providers out of the box. Not only can Service Providers offer services to backup client Exchange Organisations but they can also extend that to offer self service which increases overall operational efficiencies at the provider end while also offering enhanced services to clients.

References:

https://helpcenter.veeam.com/docs/vbo365/guide/vbo_mail_baas.html?ver=15

https://helpcenter.veeam.com/docs/vbo365/rest/swaggerui.html?ver=15

« Older Entries