Category Archives: Veeam

VeeamON 2018 Recap

VeeamON has come an gone for another year and it is an exciting time to be in the (hyper) availability industry. There has been a significant shift in the way that backup and recovery is thought about in the IT Industry and Veeam is without question leading the way in this space. We have been the driving force of change for an industry that was once seen as mundane yet necessary. This year we did not announce any new products or features but more importantly laid the ground work for what is to come with our new vision and strategy. To be the leading provider of intelligent data management solution for a world where data is now highly distributed, is growing at exponential rates and where hyper-availability is desired.

What does that exactly mean?

Well for me it is an evolution of our messaging that what presented in August of 2016 where the Veeam Availability platform was first launched. The platform it’s self has evolved over the past eighteen months with the release of Veeam Availability Orchestrator, Veeam Availability Console, Backup for Office 365, both the Windows and Linux agents and more recently the pending releases of our Nutanix AHV backup and support for AIX and Solaris. Put that together with the acquisition of N2WS for AWS availability and you can see that we are serious about fulfilling the promise of the vision laid out during the event.

2018 Highlights:

Apart from delivering three sessions, my highlights revolve around my discussions with customers and partners and getting face to face feedback on how we are doing. This is critical to our function in the Product Strategy team but for me personally it allows me to interact with some of the best innovators in the service provider landscape. On that note, another highlight was the inaugural Veeam Innovation Awards of which I was a voting panel member along with Michael Cade and Jason Buffington. It was great to see four VCSPs win recognition and awesome to have Probax (a local Perth company) included as part of the initial group of winners.

From the Show Floor:

I have copied in a number of media interviews and daily wraps below that go into more detail about the event, it’s announcements and the messaging that we are putting forward as a leader in the space. Enjoy the discussions below and I am already looking forward to VeeamON 2019…I have a feeling it’s going to be massive!

 

Veeam Cloud Announcements:

Veeam expands multi-cloud solutions at VeeamON 2018

VMware Cloud on AWS, Veeam Powered Network and Veeam ONE …my Session Roundup for VeeamON 2018

Yesterday I posted an article highlighting my top picks for VeeamON 2018. The one thing I didn’t list in that post was my own sessions for this years event. This year I’m presenting three sessions in the Cloud Powered track and I am lucky enough to be joined by three awesome co-presenters for each session. All three sessions focus on specific use cases and cover different aspects our cloud features and functionality.

Three more reasons to deploy Veeam Powered Network

Presenting with Edward Watson

Veeam® PN was released as part of Veeam Recovery to Microsoft Azure
earlier this year. However, there is more to Veeam PN than just this use case. Veeam PN allows administrators to create, configure and connect site-to-site or point-to-site VPN tunnels easily through an intuitive and simple UI, all within a couple of clicks. Do you have a remote office network that you want easier access into? Do you have a home lab that you want to access from anywhere in the world? Do you have workloads spread across different cloud platforms that need connecting? SDN doesn’t have to be complex! If you answered “Yes!” to at least one of these questions, then we invite you to our breakout session, where we will provide you with three different use cases that will make your life easier and simplify what has been a traditionally complex part of IT.

Tue, May 15th, 4:10 PM – 5:10 PM

VMware Cloud on AWS technical deep dive with Veeam hybrid cloud Availability

Presenting with Emad Younis

VMware Cloud on AWS brings VMware’s enterprise class Software-Defined Data Center software running on Amazon Web Services bare metal and enables customers to run production applications across vSphere-based private, public and hybrid cloud environments. Delivered, sold and supported by VMware as an on-demand service, customers can continue to leverage their current VMware skill sets and expand them by adding AWS services, including storage, databases, analytics and more. VMware Cloud on AWS provides flexibility, allowing workload mobility between on premises and the cloud SDDC by using familiar tools such as vMotion. Veeam® was a launch partner for data protection for VMware Cloud on AWS. In this session, you will get a technical overview of VMware Cloud on AWS and also how Veeam can protect workloads hosted on VMware Cloud on AWS. Attendees will walk away with practical guidance and tips on getting the best of both worlds with VMware and Veeam hybrid cloud and Availability solutions.

Wed, May 16th, 8:45 AM – 9:45 AM

Veeam ONE for VCSP partners — More powerful than you thought!

Presenting with Eugene Kashperovetskyi

Service providers need to be aware of whats going on within their platforms, and Veeam® Cloud & Service Provider (VCSP) partners should be looking at Veeam ONE™ to monitor and report on more than just base VMware vSphere or Microsoft Hyper-V metrics. Veeam ONE offers expansive monitoring and reporting on Veeam Backup & Replication™ jobs, as well as the ability to dive into vCloud Director environments and give granular metrics on vCD objects, such as vApps, virtual data centers and their parent organizations. SingleHop (a leading VCSP offering providing Veeam Cloud Connect services) uses Veeam ONE as a key element of their platforms monitoring, integration and proactive management of environments. The sophisticated approach between Veeam ONE Monitor, Veeam ONE Reporter and Veeam ONE Business View offers the granularity and automation capabilities highly demanded by their clients. In this session, you will learn about the practical approaches taken by SingleHop to deliver and guarantee the level of services appreciated and valued by their partners, resellers and customers. We will go through how to get the most out of Veeam ONE for your service provider platforms, from reporting and chargeback to how to monitor and report on Veeam Cloud Connect Backup and Veeam Cloud Connect Replication tenant and infrastructure…and tell you how some of this can be done with the FREE edition!

Wed, May 16th, 10:00 AM – 11:00 AM

You can download the VeeamON Mobile Application to register for sessions, organise and keep tabs on other parts of the event. Again, looking forward to seeing you all there at my sessions next week!

CrowdCompass Speaker Link

VeeamON 2018: Top Session Picks

VeeamON is happening next week and the final push towards the event is in full swing. I can tell you that that this years event is going to be extremely valuable for those who can attend! This is going to be my third VeeamOn, and my second being involved with the preparation of elements of the event. Having been behind the scenes, and knowing what our customers and partners are in for in terms of content and event activities…I can’t wait for things to kick off in Chicago.

This year we have 70 breakout sessions with a number of high profile speakers coming over to help delver those sessions. We also have significant keynote speakers for the main stage sessions on each of the three days. You will also hear from our executive team on the vision Veeam has for continuing to provide availability through our industry leading innovations.

Top Session Pick:

The tracks are organised slightly different to last year in that there are no set Technical levels. There are seven tracks available

  • Better Together
  • Architecture and Design
  • Cloud-Powered
  • Deep Tech
  • Implementation Best Practices
  • Operations and Support
  • Vision and Strategy

I’ve gone through all the breakouts and picked out my top sessions that you should consider attending…as usual there is a cloud slant to most of them, but there are also some core technology sessions that are not to be missed. The Veeam Product Strategy team are well represented in the session list so it’s also worth looking to attend talks from Rick Vanover, Michael Cade, Niels Engelen, Melissa Palmer, Dmitry Kniazev, David Chapa and Jason Buffington. Danny Allan will be main stage delivering our core vision and strategy moving beyond 2018.

Veeam Backup for Microsoft Office 365 2.0: Deep Dive

Mike Resseler and Kostya Yasyuk

After learning what is new in Veeam® Backup for Microsoft Office 365 2.0, it is time to look into the details of this solution. Learn about optimization, architecture, under-the-hood workings and much more in this session.

Wed, May 16th, 2:50 PM – 3:50 PM

From zero to hero: A deep dive on RESTful API for Veeam solutions

Niels Engelen and Dmitry Kniazev

Join us for a journey on how to leverage the RESTful API provided in several Veeam® solutions. We will go deeper on how to get started and even develop a full platform with a focus on: Veeam Backup & Replication™ Veeam Backup for Microsoft Office 365 Veeam Availability Console

Tue, May 15th, 2:50 PM – 3:50 PM

Cooking up some Veeam deployment with CHEF automation

Michael Cade and Jeremy Goodrum

A walk-through session showing the open source CHEF cookbook that installs and configures Veeam® Backup & Replication™ based on documented Veeam best practices. Automation in large-scale deployments is a must. This cookbook will allow for a scalable deployment of your Veeam components and the ability for controlled upgrades and configuration best practices across the estate.

Wed, May 16th, 12:15 PM – 1:15 PM

A sneak peek at Veeam Backup & Replication 2018 releases

Anton Gostev

Hear right from Anton Gostev about the details of the next release of Veeam® Backup & Replication™. The details of this will be announced at VeeamON 2018, and this will be your exclusive opportunity to learn more about the next release of Veeam Backup & Replication.

Wed, May 16th, 2:50 PM – 3:50 PM

Getting started with Veeam Availability Orchestrator: Ensure business continuity & DR compliance

Melissa Palmer

As a new product for 2018, Veeam® Availability Orchestrator raises the bar for enterprises of all sizes that need orchestrated disaster recovery (DR) and a strong business continuity plan. In this session, the components and architecture of Veeam Availability Orchestrator will be shown in the context of how they work with each other. This breakout will start with a use case and then apply the capabilities of Veeam Availability Orchestrator to deliver objectives for the use case example. Additionally, this session will provide details of core capabilities of Veeam Availability Orchestrator, including data labs, custom steps and building DR plans. As part of your journey from beginner to expert with Veeam Availability Orchestrator, this session is recommended to attend first before attending “Automate your DR run book with PowerShell and Veeam Availability Orchestrator” and “Plan for disaster with confidence using automated testing in Veeam Availability Orchestrator”.

Tue, May 15th, 11:20 AM – 12:20 PM

Veeam Availability Console usage scenarios

Vitaliy Safarov

Veeam® Availability Console can bring lots of value to a cloud or service provider and enterprise organizations. What are the most common usage scenarios? How can you benefit from the functionality within the solution to lower your daily administration, but at the same time have visibility into your tenant’s environment? If you are a service provider or an enterprise that operates as a service provider, then you will learn a few scenarios that can save you time, effort and money, simply by using this FREE solution.

Wed, May 16th, 12:15 PM – 1:15 PM

The (r)evolution of VMware vSAN

Duncan Epping

The world of hyper-converged infrastructure moves at an extremely rapid pace, and VMware vSAN is one of the biggest enablers. In this session, Duncan Epping will discuss where VMware vSAN began, where it stands today and, most importantly, what to expect in the future. Duncan will start with a brief explanation of the basics of VMware vSAN and then quickly dive into the future by doing a demo of various (potentially) upcoming features.

Wed, May 16th, 1:35 PM – 2:35 PM

Wrap Up:

There are obviously a lot more from which to choose from and the full list can be found here. You can also download the VeeamON Mobile Application to register for sessions, organise and keep tabs on other parts of the event.

Looking forward to seeing you all there!

 

Deploying Veeam Powered Network into a AWS VPC

Veeam PN is a very cool product that has been GA for about four months now. Initially we combined the free product together with Veeam Direct Restore to Microsoft Azure to create Veeam Recovery to Microsoft Azure. Of late there has been a push to get Veeam PN out in the community as a standalone product that’s capable of simplifying the orchestration of site-to-site and point-to-site VPNs.

I’ve written a few posts on some of the use cases of Veeam PN as a standalone product. This post will focus on getting Veeam PN installed into an AWS VPC to be used as the VPN gateway. Given that AWS has VPN solutions built in, why would you look to use Veeam PN? The answer to that is one of the core reasons why I believe Veeam PN is a solid networking tool…The simplicity of the setup and ease of use for those looking to connect or extend on-premises or cloud networks quickly and efficiently.

Overview of Use Case and Solution:

My main user case for my wanting to extend the AWS VPC network into an existing Veeam PN Hub connected to my my Homelab and Veeam Product Strategy Lab was to test out using an EC2 instance as a remote Veeam Linux Repository. Having a look at the diagram below you can see the basics of the design with the blue dotted line representing the traffic flow.

 

The traffic flows between the Linux Repository EC2 instance and the Veeam Backup & Replication server in my Homelab through the Veeam PN EC2 instance. That is via the Veeam PN Hub that lives in Azure and the Veeam PN Site Gateway in the Homelab.

The configuration for this includes the following:

  • A virtual private cloud with a public subnet with a size /24 IPv4 CIDR (10.0.100.0/24). The public subnet is associated with the main route table that routes to the Internet gateway.
  • An Internet gateway that connects the VPC to the Internet and to other AWS products.
  • The VPN connection between the VPC network and the Homelab network. The VPN connection consists of a Veeam PN Site Gateway located in the AWS VPC and a the Veeam PN HUB and Site Gateway located at the Homelab side of the VPN connection.
  • Instances in the External subnet with Elastic IP addresses that enable them to be reached from the Internet for management.
  • The main route table associated with the public subnet. The route table contains an entry that enables instances in the subnet to communicate with other instances in the VPC, and two entries that enables instances in the subnet to communicate with the remote subnets (172.17.0.0/24 and 10.0.30.0/24).

AWS has a lot of knobs that need adjusting even for what would normally be assumed functionality. With that I had to work out which knobs to turn to make things work as expected and get the traffic flowing between sites.

Veeam PN Site Gateway Configuration:

To get a Veeam PN instance working within AWS you need to deploy an Ubuntu 16.04 LTS form the Instance Wizard or Marketplace into the VPC (see below for specific configuration items). In this scenario a t2.small instance works well with a 16GB SSD hard drive as provided by the instance wizard. To install the Veeam PN services onto the EC2 instance, follow my previous blog post on Installing Veeam Powered Network Direct from a Linux Repo.

Once deployed along with the EC2 instance that I am using as a Veeam Linux Repository I have two EC2 instances in the AWS Console that are part of the VPC.

From here you can configure the Veeam PN instance as a Site Gateway. This can be done via the exposed HTTP/S Web Console of the deployed VM. First you need to create a new Entire Site Client from the HUB Veeam PN Web Console with the network address of the VPC as shown below.

Once the configuration file is imported into the AWS Veeam PN instance it should connect up automatically.

Jumping on the Veeam PN instance to view the routing table, you can see what networks the Veeam HUB has connected to.

The last two entries there are referenced in the design diagram and are the subnets that have the static routes configured in the VPC. You can see the path the traffic takes, which is reflected in the diagram as well.

Looking at the same info from the Linux Repository instance you can see standard routing for a locally connected server without any specific routes to the 172.17.0.0/24 or 10.0.30.0/24 subnets.

Notice though with the traffic path to get to the 172.17.0.0/24 subnet it’s now going through an extra hop which is the Veeam PN instance.

Amazon VPC Configuration:

For the most part this was a straightforward VPC creation with a IPv4 CIDR block of 10.0.100.0/24 configured. However, to make the routing work and the traffic flowing as desired you need to tweak some settings. After initial deployment of the Veeam PN EC2 instance I had some issues resolving both forward and reverse DNS entries which meant I couldn’t update the servers or install anything off the Veeam Linux software repositories.

By default there are a couple of VPC options that is turned off for some reason which makes all that work.

Enable both DNS Resolution and DNS Hostnames via the menu options highlighted above.

For the Network ACLs the default Allows ALL/ALL for inbound and outbound can be left as is. In terms of Security Groups, I created a new one and added both the Veeam PN and Linux Repository instances into the group. Inbound we are catering for SSH access to connect to and configure the instances externally and as shown below there are also rules in there to allow HTTP and HTTPS traffic to access the Veeam PN Web Console.

These, along with the Network ACLs are pretty open rules so feel free to get more granular if you like.

From the Route Table menu, I added the static routes for the remote subnets so that anything on the 10.0.100.0/24 network trying to get to 172.17.0.0/24 or 10.0.30.0/24 will use the Veeam PN EC2 instance as it’s next hop target.

EC2 Configuration Gotchya:

A big shout out to James Kilby who helped me diagnose an initial static routing issue by discovering that you need to adjust the Source/Destination Check attribute which controls whether source/destination checking is enabled on the instance. This can be done either against the EC2 instance right click menu, or on the Network Interfaces menu as shown below.

Disabling this attribute enables an instance to handle network traffic that isn’t specifically destined for the instance. For example, instances running services such as network address translation, routing, or a firewall should set this value to disabled. The default value is enabled.

Conclusion:

The end result of all that was the ability to configure my Veeam Backup & Replication server in my Homeland to add the EC2 Veeam Linux instance as a repository which allowed me to backup to AWS from home through the Veeam PN network site-to-site connectivity.

Bear in mind this is a POC, however the ability to consider Veeam PN as another options for extending AWS VPCs to other networks in a quick and easy fashion should make you think of the possabilities. Once the VPC/EC2 knobs where turned and the correct settings put in place, the end to end deployment, setup and connecting into the extended Veeam PN HUB network took no more than 10 minutes.

That is the true power of the Veeam Powered Network!

References:

https://docs.aws.amazon.com/glue/latest/dg/set-up-vpc-dns.html

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-eni.html#change_source_dest_check

Cloud Connect Subtenants, Veeam Availability Console and Agents!

Cloud Connect Subtenants have gone under the radar for the most but can play an important role in how Service Provider customers consume Cloud Connect services. In a previous post, I described how subtenants work in the context of Cloud Connect Backup.

Subtenants can be configured by either the VCSP or by the tenant consuming a Cloud Connect Backup service. Subtenants are used to carve up and assign a subset of the parent tenant storage quota. This allows individual agents to authenticate against the Cloud Connect service with a unique login allowing backups to Cloud Repositories that can be managed and monitored from the Backup & Replication console.

In this post I’m going to dive into how subtenants are created by the Veeam Availability Console and how they are then used by agents that are managed by VAC. For those that may not know what VAC does, head to this post for a primer.

Automatic Creation of Subtenant Users:

Veeam Availability Console automatically creates subtenant users if a backup policy that is configured to use a cloud repository as a backup target is chosen. When such a backup policy is assigned to an agent, VAC creates a subtenant account on the Cloud Connect Server for each backup agent.

Looking below you can see a list of the Backup Agents under the Discovery Menu.

Looking at the Backup Policy you can see that the Backup Target is a Cloud Repository, which results in the corresponding subtenant account being created.

The backup agents use these subtenant accounts to connect and send data to a Cloud Connect endpoint that are backed by a cloud repository. The name of each subtenant account is created according to the following naming convention:

companyname_computername

At the Cloud Provider end from within the Backup & Replication console under the Cloud Connect Menu and under tenants, clicking on Manage Subtenants will show you the corresponding list of subtenant accounts.

The view above is the same to that seen at the tenant end. A tenant can modify the quota details from the Veeam Backup & Replication console. This will result in a Custom Policy status as shown below. The original policy can be reapplied from VAC to bring it back into line.

The folder structure on the Cloud Repository maps what’s seen above. As you can also see, if you have Backup Protection enable you will also have _RecycleBin objects there.

NOTE: When a new policy is applied to an agent the old subtenant account and data is retained on the Cloud Connect repository. The new policy gets applied and a subtenant account with an _n gets created. Service Providers will need to purge old data manually.

Finally if we look at the endpoint where the agent is installed and managed by VAC you will see the subtenant account configured.

Conclusion:

So there is a deeper look at how subtenants are used as part of the Veeam Availability Console and how they are created, managed and used by the Agent for Windows.

References:

https://helpcenter.veeam.com/docs/vac/provider_admin/create_subtenant_user.html?ver=20

Upgrading Windows Agents with Veeam Availability Console

One of the Veeam Availability Console’s key features is it’s ability to deploy and manage Veeam Agent for Windows. This is done through the VAC Web Console and is achieved through the connectivity of the providers Cloud Connect Gateway to the tenant’s Veeam Backup & Replication instance. Weather this is managed by a service provider or by the tenant, VAC also has the ability to remotely upgrade Windows Agents.

The way that this works is by the Veeam Availability Console periodically connecting to the Veeam Update Server and checks whether a new version of the agent software is available. If a new version is available, VAC displays a warning next to the agents saying that it is outdated as shown below.

Updating the backup agents from the Veeam Update Server is performed via the master agent that sits on-premises. This agent is deployed during the initial Service Provider configuration form the Veeam Backup & Replication server. The master agent downloads the backup agent setup file from the Veeam Update Server and then uploads this setup file to systems selected via the update scope and initiates the update.

To initiate the upgrade, select the agents from the Backup Agents Tab under Clients -> Discovery. Once selected click on the Backup Agent dropdown and click upgrade.

Note: Once you click Upgrade the process will be kicked off…there is no further confirmation. There is also a Patch option which allows you to apply patches to the agents in between major build releases.

Once initiated, all agents will be shown as updating as shown below.

Taking a look at the Resource Monitor of one of the endpoints being updated, you can see that the machine is receiving the update from the local server that has the master agent and that the agent is talking back to the VAC server via Cloud Connect Port 6180.

And you can see the Windows Installer running the agent update msi.

Back to the VAC console, and after a while you will see the update deployment status complete

And the endpoint now has the updated agent version running.

Which is reflected in the VAC Console.

Conclusion:

That’s the very straight forward process of having the Veeam Availability Console upgrade Veeam Windows Agents under it’s management. Again, this can be done by the service provider or it’s a task that can be executed by the tenant through their own console login given the correct permissions. There are a few other options for those that deployed the agents with the help of a 3rd party tool and also for those doing it offline…for a run down of that process, head to the help pages linked below.

References:

https://helpcenter.veeam.com/docs/vac/provider_admin/update_backup_agents.html?ver=20

VeeamOn 2018: Recognizing Innovation and what it means to be Innovative

True innovation is solving a real problem…and though for the most, it’s startups and tech giants that are seen to be the innovators, their customers and partners also have the ability to innovate. Innovation drives competitive advantages and allows companies to differentiate themselves compared to others. In my previous roles I was lucky to be involved with teams of talented people that did great things with great technologies. Like others around the world we where innovating with leading vendor technologies to create new service offerings that add value and compliment the underlying technology.

Innovation requires these teams of people to be experimental at heart and try to build or enhance upon already existing technologies. The Service Provider industry has always found a way to innovate ontop of vendor platforms and successful vendors are those that offer the right tools and guidance for providers to creative innovative solutions ontop of their platforms. The are problem solvers!

Orchestrations, automation, provisioning and billing are driving factors in how service providers can differentiate themselves and gain that competitive advantage in the marketplace. Without innovating ontop of these platforms, service offerings become generic, don’t stand out and are generally operationally expensive to manage and maintain.

Introducing the Veeam Innovation Awards for 2018:

When visiting and talking to different partners across the world it’s amazing to see some of the innovation that’s been built ontop of Veeam technologies and we at Veeam want to reward our customers and partners who have done great things with our technologies.

At VeeamON 2018, we’ll be celebrating some of these innovative solutions, so please let us know how you’ve built upon the Veeam Availability Platform. Nominations can be made from March 29 to April 30, with the winners being recognized during the VeeamON main stage keynote. Self nominations or those from partners, providers, or Veeam field-team members are encouraged — click here to nominate for a Veeam Innovation Award.

I can think of a number of VCSPs that have done great things with building upon Cloud Connect, Backup & Replication IaaS backups and working with Veeam’s API’s and PowerShell to solve customer problems and offer value added services. These guys have brought something new to the industry and we want to reward that.

Having previously come from a successfully innovate company within their own space, being innovative is now something I try to preach to all customers and partners I visit. It is an absolute requirement if you want to win business and stand out in the backup and availability industry…innovation is key and we want to hear about it from you!

References:

Nominations for the VeeamON 2018 Innovation Awards are now open

Veeam Availability Console now available from Azure Marketplace

Last week the Veeam Availability Console Azure Marketplace appliance went live. This allows Veeam Cloud and Service Providers to easily deploy VAC into any Azure region. In it’s previous incarnation the Managed Backup Portal was only available as an Azure marketplace appliance and not available to install by a VCSP. Now that VAC 2.0 is out, VCSPs who don’t have the ability to host Cloud Connect or VAC on their infrastructure can deploy it in Azure and have the service up and running within fifteen minutes.

There are some limitations that come along with deploying VAC into Azure and it won’t be for everyone. The biggest caveat is that you can only have one Cloud Connect Server per VAC instance and as part of the deployment, Cloud Connect services is installed on the same Virtual Machine. You can’t offer Replication services from the Azure instance, and if offering Cloud Connect backup you need to understand it’s own scalability and performance bottlenecks. That said, as a remote management, monitoring, reporting, billing and self service platform there is a lot to like about having VAC in Azure.

Marketplace Deployment Steps:

You can start the deployment by searching for Veeam Availability Console in the Azure Marketplace or you can go direct to the product page here.

Click on Create to start the configuration steps.

The Basics includes VM name, hard disks type, username and password as well as selecting the subscription, the ability to use a new or existing resource group and finally the Azure location you want to deploy into.

In Step 2 you need to choose the Size of the Azure instance. The template provides the recommended configurations. The sizes are relative to the amount of agents and/or Backup & Replication instances you are going to be managing from this instance. You can find sizing guides here for larger environments.

I ended up going with an A2 standard for my instance which removes the load balancing functionality from the configuration and offers a little less IOPS. Step 3 contains some optional extra’s to ensure a higher level of availability for the VM instance and lets you configure the networking. Once that’s done you can review your configuration settings and start the deployment. It took just over 8 minutes for the deployment to succeed.

If you click on the Virtual Machine object in the Azure Portal you will see an overview of the VM and it’s configuration.

Addition Azure Configuration:

If you notice in the image above, a DNS name is listed in the overview. This was something that I had to set manually after the deployment. You set this by going into the Networking of the resource pool and click on IP Configuration. Here, you can enter in a DNS name relative to the Azure zone you are in. You can then use this to connect to the VAC Console, Cloud Connect Service and to RDP to the VM and helps in the event of having a dynamic, rather than a static Azure IP.

Speaking of networking and ports, below is a list of the default port rules created during the deployment. Note that WinRM is open as well.

Finalizing Deployment:

After deploying the Azure Marketplace appliance you can RDP into the VM and complete the setup that includes configuring Cloud Connect and VAC it’s self. A few things have been done for us as part of the deployment, however the first thing you need to do is get a license. This is a BYO license situation, so once you have deployed the Marketplace appliance you will need to source a VAC license from the Veeam Licensing Portal and apply.

Head to the VAC Web Portal and Install the License.

Once done the last step is to configure Cloud Connect from the Backup & Replication Console. Again, you will need a valid Cloud Connect license as you are greeted with the Free Edition when you connect to the console for the first time. As per normal with Cloud Connect, you need to configure the SSL Certificate first and then configure a new Cloud Gateway. Configure the Networking as shown below using the DNS name that was created in the steps above.

Once this is completed you can go into the VAC Console and work through the normal Configuration steps. The only thing you don’t need to do is add the Cloud Connect Server to the VAC instance as this has already been done during the initial deployment process.

It’s worth noting that the versions of Backup & Replication (9.5.0.1536) and Availability Console (2.0.1.1343) are up to date and include the latest Hot-Fixes for VAC. The intent is to have the templates as up to date as possible, however once deployed you can upgrade as per usual.

Conclusion:

So there you have it…within fifteen minutes you can have a fully working Veeam Availability Console instance running in Azure and ready to be used to offer all the goodness that VAC offers our Cloud and Service Provider partners. For an overview as to what VAC offers, click here and have a read of my GA post on What’s in It for Service Providers.

Links:

https://azuremarketplace.microsoft.com/en-us/marketplace/apps/veeam.veeam-availability-console?tab=Overview

 

Office 365 Backups and the Opportunity that Exists for Service Providers

In recent weeks i’ve become reacquainted with an old friend…There was a time where eighty to ninety percent of my day job was working in and around Exchange Server. If I had started this blog in 2005 it would have been dominated with posts around the Hosting of Exchange Server and probably be named Exchange is Life!. I take pride in my Hosted Exchange Org and User creation scripts that I created before Hosting Control Panels where even a thing.

Over the last five or six years my interest in Exchange diminished due to moving roles and also due to some lingering ill feelings about the way in which Microsoft treated their initial Hosting partners as they started what would become, Office 365 back in the late 2000’s. That said I have remained aware of the Exchange landscape and while there is still a lot of on-premises Exchange instances and still a number of decent Hosted Exchange providers out there, there is no stopping Office 365’s growth.

I even jumped on the bandwagon by moving my personal SliemaLabs domain over to an Office 365 Exchange subscription late last year. That domain initially lived on an Exchange Server I ran from home, and then on a Hosted Exchange platform I built and now it’s completed it’s own journey to Office 365.

Having spent a bit of time recently looking at the 1.5 version of our Backup for Microsoft Office 365 product…more specifically the new self service feature that came in Backup & Replication 9.5 Update 3. I’ve had a renewed sense of purpose around the Exchange ecosystem…and that purpose is to ensure that all service providers understand the opportunity that exists around creating offerings for the backing up and availability of Office365 services.

This post follows a post that was released on the Veeam.com blog by Paul Mattes (VP of Global Cloud Group at Veeam) talking about the success of our Backup for Microsoft Office 365 product.

In 2017, more than 25,000 organizations installed our Office 365 backup solution, representing 2.3 million Microsoft Office mailboxes. We saw a staggering 327% quarter-over-quarter growth in Q4 of last year.

And the reasons why all Office 365 users should consider an external backup solution for their data hosted in Microsoft’s SaaS cloud platform.

It’s important to remember that SaaS platform providers, like Microsoft Office 365, take on the responsibility of application uptime and the underlying infrastructure. But it is the customer’s responsibility to manage and protect their vital business data.

This is public cloud in a nutshell…Ultimately the customer has the responsibility to ensure all data is backed up correctly. I won’t go into the technical aspects as to why Office 365 requires additional backups solutions. There a plenty of good online resources, a Gartner report is available here Microsoft’s has an offical page on High Availability and Business Continuity guide. Doing research into the nature of SaaS you understand the need for third party backup solutions.

The Office 365 Opportunity:

From a service provider point of view there is an opportunity to tap into the 85 million user Exchange Online market and offer availability services for organisations using Office 365. This is a multi-billion dollar market that exists today and services based around backup and management of that data are central to tapping into that opportunity. Just breaking down the ANZ market alone, there are approximately 4.25 million Office 365 users of which if only 5% was captured would represent a combined 3.5 to 5 million dollar market.

For those VCSPs who have already deployed Cloud Connect and offering Backup services, the ground work has been laid with regards to having the infrastructure in place to extend that service to offer Veeam Backup for Office 365 aaS.

The billable components of this service are licenses and then storage costs. Managed Service Providers can also build in management fees that offer an end to end solution for their clients. Where it should be seen to be extremely attractive for VCPSs is in the potential for the storage revenue to be significant early and then continue to grow as tenant’s backup and retain more and more mailboxes in addition to new tenants coming on board.

We have given our VCSPs the tools to be able to build a strong service around Office 365 backups with the 1.5 release of Backup for Office 365 focused on scalability and automation. Add to that the self service feature that came in Update 3 for Backup & Replication and there is no excuse to not start thinking about offering this as a service.

Looking beyond Exchange Online, version 2 of Backup for Office 365 will include the ability to backup SharePoint and OneDrive as well…have a think about what that represents in terms of revenue opportunities just on the potential for storage consumption alone.

Again, I want to emphasis that this market is huge and what’s on offer in terms of potential revenue can’t be ignored. I’m excited about the next 12-18 months in being able to see our VCSPs grab this opportunity…don’t let it slip!

References:

https://technet.microsoft.com/en-us/library/exchange-online-high-availability-and-business-continuity.aspx

The Limitations of Microsoft Office 365 Backup

 

 

Configuring Service Provider Self Service Recovery with Veeam Backup for Microsoft Office 365

For a while now I’ve talked about the increasing functionality of the the Cloud Connect Gateway and that it is central to a lot of features and services that exist within Veeam Backup & Replication. With the release of 9.5 Update 3 we added a feature that allows multi-tenant self service recoverability of a tenants Office365 mailbox backup hosted by Veeam Cloud and Service Providers utilising Veeam Backup for Microsoft Office 365 1.5 that was released late last year.

Overview:

Tenant admins communicate with the Service Provider via the Cloud Gateway component which handles flow of data. The Service Provider grants the ability to their tenants so that each tenant can perform self restore operations using Veeam Explorer for Microsoft Exchange. By default, tenants are not able to restore anything from the backup without a Service Provider assistance.

The steps above show the self restore scenarios performed by the Tenant:

  • Tenants use Veeam Explorer for Microsoft Exchange to send restore requests via Veeam Cloud Gateway directly to the Service Provider.
  • On the Service Provider side, Veeam Backup for Microsoft Office 365 management server detects a proxy server responsible for processing tenant data.
  • Veeam Backup for Microsoft Office 365 management server locates an associated repository that contains a backup file that belongs to the Tenant.
  • Corresponding backup data is then transferred back to the tenant via Veeam Cloud Gateway.

IMPORTANT!

When planning solution components deployment, remember that Veeam Backup for Microsoft Office 365 v1.5 and Veeam Backup & Replication 9.5 Update 3 must be installed on the same server.

Example:

These days I don’t have access to a local Exchange Server or to a corporate Exchange Online instance but I did migrate my personal domain over to Office365 just before Christmas. That account has only one mailbox, but that’s enough to demonstrate the Office365 Service Provider backup and tenant self service recovery use case.

Service Provider Side:

For Service Providers to backup tenants on-premises or Office 365 Exchange mailboxes they need to first configure a new organization in Veeam Backup for Office 365. I’m not going to go through the steps for that as it’s been covered in other posts and is very simple to configure, however to prepare for the self service capability the service provider needs to ensure that the Cloud Connect Gateways are setup and configured and accessible externally.

In Backup for Office 365 you have to enable and configure the RestAPI and Authentication Settings under their respective tabs in the Options menu. This includes selecting an SSL certificate for both services…I’m just using a self signed certificate but obviously service providers will want a correctly signed public certificate to productise this feature.

With the organization configured I created a new job and backed up the Exchange Organization. Again, for this example I just have the one mailbox but the theory is the same weather it’s one, five, fifty or five thousand mailboxes.

From here, without any self service configured the Service Provider can access the mailboxe(s) to perform whole or granular item level recovery using the Veeam Explorer for Exchange. As shown below I can access any mailbox from the service provider’s end and perform recovery to a number of different locations

For each tenant (not per Exchange User) there needs to be a Cloud Connect tenant account created on the Backup & Replication server. This will be used at the tenant end by the admin to configure a Service Provider in the Backup & Replication console which will then be detected and used by the Veeam Explorer for Exchange to use to connect into the service provider and authenticate with an applicable Exchange account.

Tenant End:

For the tenant admin to use Veeam Explorer for Exchange to perform mailbox recovery you first have to configure a Service Provider using Cloud Connect tenant credentials as provided by the Service Provider. It’s worth mentioning here that you can have no license installed in Backup & Replication and are still able to add a Service Provider to the Backup Infrastructure menu. Once connected, firing up the Explorer for Exchange you will use the Service Provider option in the Add Store dropdown.

In the drop down list, select the Service Provider account configured in the Backup Infrastructure menu. If multiple exist you will see each one in the drop down. You also configure the username and password that connects to the Exchange Organization. This can be an admin account that is allowed impersonation, or you can enter in an individual account.

Once connected (which can take some time with the GUI of the Explorer for Exchange) any mailbox that the account has authorization over will be seen and mailbox recovery can begin.

An interesting thing to do is to check what is happening from a network connectivity point of view during this process. While performing a restore you can see open connections from the tenant side to Cloud Connect gateway on port 6180 and also you can see a connection to Office365 on port 443 completing the loop.

Back at the Service Provider end in the Backup for Office365 console you can see active Explorer for Exchange sessions as running jobs. Below you can see the local one, plus a remote session.

Automation:

For Service Providers with the capability to automate the setup and provisioning of these services through PowerShell or the RestAPIs here is a great example of what can be achieved with Backup for Office365 and the creation of a self service portal web interface. You can use the built in Swagger UI to evaluate the capabilities of RestAPIs.

The Swagger UI can be accessed via the following URL:

https://<Backup-Office365>:<Port>/swagger/ui/index

From there you can authenticate and work through the live examples.

Conclusion:

The market for Office365 backups is significant and we have built in some pretty cool technology into Backup & Replication that works with Backup for Office365 that allows easy, self service capabilities that can be productized by Service Providers out of the box. Not only can Service Providers offer services to backup client Exchange Organisations but they can also extend that to offer self service which increases overall operational efficiencies at the provider end while also offering enhanced services to clients.

References:

https://helpcenter.veeam.com/docs/vbo365/guide/vbo_mail_baas.html?ver=15

https://helpcenter.veeam.com/docs/vbo365/rest/swaggerui.html?ver=15

« Older Entries