Category Archives: Veeam

AWS re:Invent 2018 – Veeam and N2WS Recap and Thoughts

There was so much to take away from AWS re:Invent last week. In my opinion, having attended a lot of industry events over the past ten or so years, this years re:Invent has left the industry with a lot to think about it! AWS vigorously defended their position as the number one Public Cloud destination (in their eyes) while trying to lay a path for future growth by expanding into the true enterprise space. Also, with the announcement of Outposts set a path to try and dominate the hybrid world with an on-premises offering.

Instead of writing down my extended thoughts it’s more consumable to hear Rick Vanover and myself talk about the event from a Veeam perspective in the short embedded video below. I’ve also embedded a video with David Hill and Sebastian Straub covering things from an N2WS perspective, as well as talk about the N2WS related announcements at re:Invent 2018.

I’ve also posted the Veeam session video here:

Veeam’s AWS re:Invent 2018 Session Posted

This week, myself and David Hill presented at AWS re:Invent 2018 around what at Veeam is offering by way of providing data protection and availability for native AWS workloads, VMware Cloud on AWS workloads and how we are leveraging AWS technologies to offer new features in the upcoming Update 4 release of Backup & Replication 9.5.

For those that where not at AWS re:Invent this week or for those who could not attend the session on Wednesday, the video recording has been posted on the offical AWS YouTube page.

We had some audio issues at the start which made for some interesting banter between David and myself…but once we got into it we talked about the following:

  • The N2WS 2.4 Release
  • Veeam VTL and AWS Storage Gateway
  • Update 4 Cloud Tier
  • Update 4 Cloud Mobility
  • Data Protection for VMware Cloud on AWS

I wanted to highlight the Cloud Tier section where I give an overview and quick deepdive into the smarts behind the new repository feature coming in Update 4. The live demo of me using our Patented Instant VM Recovery feature to bring up a VM with data residing in Amazon S3 is a great example of the power of this upcoming feature. Not only does it allow storage efficiencies locally but offloading old data to Object Storage for long term retention, but is also is intelligent enough to recover quickly and efficiently with its Intelligent Block Recovery.

Veeam at AWS re:Invent 2018

AWS re:Invent 2018 is happening next week and for the first time Veeam is at the event in a big way! Last year, we effectively tested the waters with a small booth, no main session and without the usual event presence that you would expect of Veeam at an VMworld or Microsoft Ignite. This year is a little different and we will be there as Diamond Sponsors of the event and with a lot to share in regards to how Veeam is leveraging AWS technologies to enhance our availability messaging.

We bolstered our native AWS capabilities earlier this year with the acquisition of N2SW who already where a leader in the protection of AWS workloads and with the upcoming release of Backup & Replication 9.5 Update 4 we will be further enhancing our ability to not only backup AWS workloads, but also leverage AWS technologies such as S3 to facilitate a change in mindset as to what it is to have a local backup repository. We will also be talking about migration into AWS and also how we are the best data protection choice for VMware Cloud on AWS.

Breakout Session:

At the event we will have a breakout session which myself and David Hill will be presenting. This will be on Wednesday at 5:30pm in the Aria Casino and we are looking forward to deep diving into what’s coming in Update 4 as well as showing off what’s coming in the next release of N2WS as we start to jointly develop solutions between the two companies.

STG206-S – A Deeper Look at How Veeam is Evolving Availability on AWS

Wednesday, Nov 28, 5:30 PM – 6:30 PM – Aria East, Level 1, Joshua 6

Veeam has made significant enhancements to its platform, focusing on the availability of AWS workloads over the past year. Join this technical deep dive where representatives from Veeam demonstrate how the company protects cloud-native workloads on AWS as well as how they back up to and from on-premises environments. They also discuss data protection for VMware Cloud on AWS. Finally, they review the enhancements to Veeam’s Backup and Replication feature set, which now includes cloud mobility to AWS and a cloud archive that leverages Amazon S3 for long-term data retention of backed-up workloads.

In terms of the technologies and solutions that we will be diving into and showing off via some live demos…we will be looking at:

  • The N2WS 2.4 Release
  • Veeam VTL and AWS Storage Gateway
  • Update 4 Cloud Tier
  • Update 4 Cloud Mobility
  • Data Protection for VMware Cloud on AWS

I will also be giving a Booth Presentation at the Cloudcheckr booth, Tuesday at 10am which will effectively be a slimmed down version of the main session happening on the Wednesday.

Booth and Show Floor:

As mentioned, this year we will have significant presence on the show floor with two areas to come and see Veeam technologies as well as chat to us about how we are protecting and leveraging AWS and AWS workloads. On the main show floor we will be at booth #1011 which is well positioned next to the GitHub booth and we will also have a second location at the Mirage called the Data Protection Lounge which will be a place to relax, enjoy a snack and engage in technical discussions with our experts…including myself!

Social Events:

This year we are jointly sponsoring a location for the re:Invent Pub Crawl which is happening on Tuesday night. Details are below

Pub Crawl – Veeam | N2WS and VMware
Date & Time: Tuesday, November 27, 6pm – 8pm
Location: Mercato della Pescheria – The Venetian Shoppes

Wrapping Up:

I’m looking forward to the event and being more than a spectator this year I’m expecting big things from it. Make sure you come visit us at our booth or at the lounge to check out what has been brewing from Veeam and N2WS R&D over the past twelve months…and also don’t forget to attend the session on Wednesday afternoon. I’m excited about some of the new features we will release as part of Update 4…and this session is a chance to see them working and get an understanding as to what they will be delivering.

If you would like to schedule a meeting with myself or any other member of the Veeam Product Strategy team attending, please reach out.

Veeam Availability Console 2.0 Update 1 – New Patch Release

Last week a patch was released for Veeam Availability Console 2.0 Update 1. There are a number of resolved issues around core VAC server functionality, discovery rules, monitoring and alarms, reporting and billing and also the ConnectWise Manage plug-in. The patch is advised to be deployed to all VCSPs running VAC as it will resolve a number of UI and under the hood issues.

To apply the patch, head to the VeeamKB here and follow the instructions. You need to have at least VAC 2.0 Update 1 Build 2.0.2.1750 or later as shown below.

From there, make sure you have a backup of the database, close down the Web UI and execute all three MSI packages as administrator on the server.

The first one updates the VAC server.

The second one updates the ConnectWise Manage Plugin.

The last one updates the Web UI.

Once completed the patches are applied and VAC 2.0 Update 1 is up to date running on version number Server Version 2.0.2.1850. Note that updated Windows for Agent Builds have been pushed out and can be upgraded as per my post a few months back.

References:

https://www.veeam.com/kb2694

Enhanced Self Service Restore in Backup for Office 365 v2.0

Earlier in the year I gave an overview on the Self Service recovery capability of Veeam Backup for Office 365 which gave Veeam Cloud and Service Providers the ability to offer self service to their tenants for the recovery of Exchange data that’s been backed up on their platforms as a service.

As a bit of a refresher:

Tenant admins communicate with the Service Provider via the Cloud Gateway component which handles flow of data. The Service Provider grants the ability to their tenants so that each tenant can perform self restore operations using Veeam Explorer for Microsoft Exchange. By default, tenants are not able to restore anything from the backup without a Service Provider assistance.

The steps above show the self restore scenarios performed by the Tenant:

  • Tenants use Veeam Explorer for Microsoft Exchange to send restore requests via Veeam Cloud Gateway directly to the Service Provider.
  • On the Service Provider side, Veeam Backup for Microsoft Office 365 management server detects a proxy server responsible for processing tenant data.
  • Veeam Backup for Microsoft Office 365 management server locates an associated repository that contains a backup file that belongs to the Tenant.
  • Corresponding backup data is then transferred back to the tenant via Veeam Cloud Gateway.
What’s Changed in v2.0:

As mentioned, one of the big limitations in VBO v1.5 was the fact you could only restore the most recently backed up recovery point which limited it’s usefulness for most administrators looking to take advantage of the feature. That’s changed in VBO v2.0 with the ability to now choose a point in time from the Explorers. This is true for both Veeam Explorer for Exchange and Sharepoint (Which also does OneDrive).

Shown below is a Service Provider view of a restore operation for the Sliema organisation. As with the previous versions you have the ability to use latest or go back to a point in time.

As a reminder…the retention is set against the Backup Repository in VBO. Organisations are assigned to Repositories which dictates their own retention. At the tenant end, once the Veeam Explorer has been launched and the Connect to a Service Provider option has been chosen, you now see similar options to either do the latest, or go to a point in time.

If you go to choose a point in time that precedes the date of the first backup you will get the error below. Once a correct point in time has been selected the Self Service can begin. Shown below i’m able to go back to the 3rd of May 2018 restore point and perform actions on mail items. In this case, I was looking for a AWS Bill that I had deleted out of the mailbox and had gone way past my default Exchange retention settings. Back on the Service Provider end, you can see the active restore job session which is being facilitated through Cloud Connect. Conclusion:

To reiterate, the market for Office365 backups is significant and we have built in some pretty cool technology into Backup & Replication that works with Backup for Office365 that allows easy, self service capabilities that can be productized by Service Providers out of the box. Not only can Service Providers offer services to backup client Exchange, SharePoint or OneDrive Organisations but they can also extend that to offer self service which increases overall operational efficiencies at the provider end while also offering enhanced services to clients.

References:

https://helpcenter.veeam.com/docs/vbo365/guide/vex_sp_add.html?ver=20#pit

Configuring Service Provider Self Service Recovery with Veeam Backup for Microsoft Office 365

Quick Post – Veeam Backup for Office 365 v2 Important Patch plus Self Service Warning Fix

Last week we snuck out an important cumulative patch for Veeam Backup for Office 365 v2 bring the build number up to 2.0.0.567. The patch is actually fairly significant and I would recommend anyone running VBO to update as soon as possible. It covers Licensing, SharePoint and OneDrive, Group and Shared Mailbox fixes and enhancements as well as general server fixes.

To download and install the update, head to the VeeamKB here. There are some important notes about the upgrade process depending on your deployment configuration.

  • Execute VBO2.0-KB2765.msp as administrator on the Veeam Backup for Microsoft Office 365 server.
  • If there are any remote proxies in your environment please update those as described here 
  • If you use a remote VBO365 console and/or remote VBO365 PowerShell module installation, please contact technical support to assist you in upgrading those components.
Self Service Warning Fix:

Not related to the update, but something that I had happen to me on testing the upgraded VBO instance was that when I went to perform a Self Service through the Veeam Explorer for Exchange or Sharepoint I had the following pop up.

Once hitting ok, I didn’t have the ability to choose a Service Provider connection for the Self Service restore operation. This was the same for both Exchange the Sharepoint Explorer. Working with our support to ensure it wasn’t a regression in the latest patch we found an entry in the Explorer log files that pointed to the issue.

[28.09.2018 13:08:15] <37> Info [CloudCacheSync] Synchronizing provider 119.252.77.83

[28.09.2018 13:08:16] <37> Error Exception while connecting to endpoints [119.252.77.83]
[28.09.2018 13:08:16] <37> Error No connection could be made because the target machine actively refused it 119.252.77.83:6180 (System.Net.Sockets.SocketException)

[28.09.2018 13:08:17] <37> Error All cloud gateways are unavailable (Veeam.Backup.Core.CCloudGateSvc+CAllGatesUnavailableException)

[28.09.2018 13:08:17] <37> Error Credentials with id ‘a22f868a-a51a-473f-9f6d-cff9ff250fa3’ were not found (System.Exception)

Basically the issue was caused by the fact that I had an uncontactable Service Provider endpoint configured in the Backup & Replication Server. Once I removed the offending entry in the Service Provider section, I was able to reload the Explorers and have the ability to perform self service recoveries again. It’s probably something that won’t come up under normal tenant circumstances as I connect to multiple Service Providers from my NestedESXi Homelab instance…but something to take note of if the warning appears for you.

References:

https://www.veeam.com/kb2765

Quick Fix: Specified vCloud Director is not supported when trying to add vCD 9.1 to Veeam ONE

Back in May when VMware released vCloud Director 9.1 they also depreciated support for a number of older API versions:

End of Support for Older vCloud API Versions

  • vCloud Director 9.1 no longer supports vCloud API versions 1.5 and 5.1. These API versions were deprecated in a previous release.
  • vCloud Director 9.1 is the last release of vCloud Director to support any vCloud API versions earlier than 20.0. Those API versions are deprecated in this release and will not be supported in future releases.

Due to this, and being mid release cycle, Veeam ONE had issues connecting to vCD instances that where running version 9.1.

The error you would get if you tried to connect was:

Over the past few months i’ve had questions around this and if it was going to be fixed by way of a patch. While we are waiting for the next release of Veeam ONE that is due with Veeam Backup & Replication 9.5 Update 4 there is a way to get vCD 9.1 instances connected into the current build of Veeam ONE.

There is a HotFix available through Veeam Support to resolve the Known Issue. It involves stopping the Veeam ONE services, replacing a couple of DLL’s and then re-starting the services. Once implemented Veeam ONE is able to connect to vCD 9.1.

So if you have this problem, raise a support case, grab the HotFix and the issue will be sorted.

References:

https://docs.vmware.com/en/vCloud-Director/9.1/rn/rel_notes_vcloud_director_91.html#deprecated

Automated Configuration of Backup & Replication with PowerShel

As part of the Veeam Automation and Orchestration for vSphere project myself and Michael Cade worked on for VMworld 2018, we combined a number of seperate projects to showcase an end to end PowerShell script that called a number of individual modules. Split into three parts, we had a Chef/Terraform module that deployed a server with Veeam Backup & Replication installed. A Terraform module that deployed and configured an AWS VPC to host a Linux Repository with a Veeam PN Sitegateway. And finally a Powershell module that configured the Veeam server with a number of configuration items ready for first use.

The goal of the project was to release a PowerShell script that fully deployed and configured a Veeam platform on vSphere with backup repositories, vCenter server and default policy based jobs automatically configured and ready for use. This could then be adapted for customer installs, used on SDDC platforms such as VMware Cloud on AWS, or for POCs or lab use.

While we are close to releasing the final code on GitHub for the project, I thought I would branch out the last section of the code and release it separately. As I was creating this script, it became apparent to me that it would be useful for others to use as is or as an example from which to simplify manual and repetitive tasks that go along with configuring Backup & Replication after installation.

Script Overview:

The PowerShell script (found here on GitHub) performs a number of configuration actions against any Veeam Backup & Replication Server as per the included functions.

All of the variables are configured in a config.json file meaning nothing is required to be modified in the main PowerShell script. There are a number of parameters that can be called to trigger or exclude certain functions.

There are some pre-requisites that need to be in place before the script can be executed…most importantly the PowerShell needs to be executed on a system where the Backup & Replication Console is installed to allow access to the Veeam PowerShell Snap-in. From there you just need a new Veeam Backup & Replication server and a vCenter server plus their login credentials. If you want to add a Cloud Connect Provider offering Cloud Connect Backup or/and Replication you enter in all the details in the config.json file as well. Finally, if you want to add a Linux Repository you will need the details of that plus have it configured for key based authentication.

You can combine any of the parameters listed above. An example is shown above where -ClearVBRConfig has been used to reverse the -RunVBRConfigure parameter that was executed first to do an end to end configure. For Cloud Connect Replication, if you want to configure and deploy an NEA there is a specific parameter for that. If you didn’t want to configure Cloud Connect or the Linux Repository the parameters can be used individually, or together. If those two parameters are used, the Default Backup Repository will be used for the jobs that are created.

Automating Policy Based Backup Jobs:

Part of the automation that we where keen to include was the automatic creation of default backup jobs based on vSphere Tags. The idea was to have everything in place to ensure that once the script had been run, VMs could be backed up dependant on them being added to vSphere Tags. Once done the backup jobs would protect those VMs based on the policies set in the config.json.

The corresponding jobs are all using the vSphere Tags. From here the jobs don’t need to be modified when VMs are added…VMs assigned those Tags will be included in the job.

Conclusion:

Once the script has been run you are left with a fully configured Backup & Replication server that’s connected to vCenter and if desired (by default) has local and Cloud Connect repositories added with a set of default policy based jobs ready to go using vSphere Tags.

There are a number of improvements that I want to implement and I am looking out for Contributors on GitHub to help develop this further. At its base it is functional…but not perfect. However it highlights the power of the automation that is possible with Veeam’s PowerShell Snap-In and PowerCLI. One of the use-cases for this was for repeatable deployments of Veeam Backup & Replication into POCs or labs and for those looking to standup those environments, this is a perfect companion.

Look out for the full Veeam SDDC Deploy Toolkit being released to GitHub shortly.

References:

https://github.com/anthonyspiteri/powershell/tree/master/BR-Configure-Veeam

Quick Fix – Backing up vCenter Content Library Content with Veeam

A question came up in the Veeam Forums this week about how you would backup the contents of a Content Library. As a refresher, content libraries are container objects for VM templates, vApp templates, and other types of files. Administrators can use the templates in the library to deploy virtual machines and vApps via vCenter. Using Content libraries results in consistency, compliance, efficiency, and automation when deploying workloads at scale.

Content Libraries are created and managed from a single vCenter, but can be shared to other vCenter Server instances. VM templates and vApps templates are stored as OVF file formats in the content library. You can also upload other file types, such as ISO images, text files, and so on, in a content library. It’s possible to create content libraries that are 3rd party hosted, such as the example here by William Lam looking at how to create and manage an AWS S3 based content library.

For those looking to store them locally on an ESXi datastore there is a way to backup the contents of the content library with a Veeam Backup & Replication File Copy job. This is a basic solution to the question posed in the Veeam Forums however it does work. With the File Copy, you can choose any file or folder contained in any connected infrastructure in Backup & Replication. For a Content Library stored on an ESXi datastore you just need to browse to the location as shown below.

The one caveat is that the destination can’t be a Veeam Repository. There is no versioning or incremental copy so every time the job is executed a full backup of the files is performed.   

One way to work around this is to set the destination to a location that is being backed up in a Veeam Job or an Agent Job. However if the intention is to just protect the immediate contents of the library than have a full once off backup shouldn’t be an issue.

You can also create/add to a File Copy job from the Files view as shown above.

In terms of recovery, The File Copy job is doing a basic file copy and doesn’t know about the fact the files are part of a Content Library and as you can see, the folder structure that vCenter creates uses UIDs for identification. Because of this, if there was a situation where a whole Content Library was lost, it would have to be recreated in vCenter and then the imported back in directly from the File Copy Job destination folder location.

Again, this is a quick and nasty solution and it would be a nice feature addition to have this backed up natively…naming and structure in place. For the moment, this is a great way of utilizing a cool feature of Veeam Backup & Replication to achieve the goal.

Creating Policy Based Backup Jobs for vCloud Director Self Service Portal with Tenant Creation

For a long time Veeam has lead the way in regard to the protection of workloads running in vCloud Director. Veeam first released deep integration into vCD back in version 7 of Backup & Replication that talked directly to the vCD APIs to facilitate the backup and recovery of vCD workloads and their constructs. More recently in version 9.5, the vCD Self Service Portal was released which also taps into vCD for tenant authentication.

This portal leverages Enterprise Manager and allows service providers to grant their tenants self-service management of their vCD workloads. It’s possible that some providers don’t even know that this portal exists let alone the value it offers. I’ve covered the basics of the portal here…but in this post, I want to talk about how to use the Veeam APIs and PowerShell SnapIn to automatically enable a tenant, create a default backup jobs based on policies, tie backup copy jobs to default job for longer retention and finally import the jobs into the vCD Self Service Portal ready for use.

Having worked with a service provider recently, they requested to have previously defined service definitions for tenant backups ported to Veeam and the vCD Self Service Portal. Part of this requirement was to have tenants apply backup policies to their VMs…this included short term retention and longer term GFS based backup.

One of the current caveats with the Veeam vCD Self Service Portal is that backup copy jobs are not configurable via the web based portal. The reason for this is that It’s our belief that service providers should be in control of longer term restore operations, however some providers and their tenants still request this feature.

Translated to a working solution, the PowerShell script combines a previously released set of code by Markus Kraus that uses the Enterprise Manager API to setup a new tenant in the vCD Self Service portal and a set of new functions that create default backup and backup copy jobs for vCD and then imports them into the portal ready for use. The variables are controlled by a JSON file making the script portable for Veeam Cloud and Service Providers to use as a base and build upon.

The end result is that when a tenant first logs into the vCD Self Service Portal they have jobs, dictated by the desired polices ready for use. The backup jobs are set to disabled without a schedule set. The scope of the default jobs is the tenant’s Virtual Datacenter. If there is a corresponding backup copy job, this is tied to the backup job and is ready to do its thing.

From here, the tenant can choose which policy that want to apply to their workloads and edit the desired job, change or leave the scope and add a schedule. The job name in the Backup and Replication console is modified to indicate which policy the tenant selected.

Again, if the tenant chooses a policy that requires longer term retention, the corresponding backup copy job is enabled in the Backup & Replication console…though not managed by the tenant.

Self service recovery is possible by the tenant for through the portal as per usual, including full VM recovery, file and application item level recovery. For recovery of the longer term workloads and/or items, this is done by the Service Provider.

This is a great example of the power of the Veeam API and PowerShell SnapIn providing a solution to offer more than what is out of the box and enhance the offering around the backup of vCloud Director workloads with Veeam’s integration. Feel free to use as is, or modify and integrate into your service offerings.

GitHub Page: https://github.com/anthonyspiteri/powershell/tree/master/vCD-Create-SelfServiceTenantandPolicyJobs

« Older Entries