Category Archives: Cloud Connect

Update 4 for Service Providers – Tape as a Service

When Veeam Backup & Replication 9.5 Update 4 went Generally Available a couple of weeks ago I posted a What’s in it for Service Providers blog. In that post I briefly outlined all the new features and enhancements in Update 4 that pertain to our Veeam Cloud and Service Providers. As mentioned each new major feature deserves it’s own seperate post and today I’m kicking off the series with what I feel was probably the least talked about new feature in Update 4…Tape as a Service for Cloud Connect Backup.

As a reminder here are the top new features and enhancements in Update 4 for VCSPs.

Tape as a Service for Cloud Connect Backup:

When we introduced Cloud Connect Backup in version 8 of Backup & Replication we offered the ability for VCSPs to offer a secure, remote offsite repository for their tenants. When thinking about air-gapped backups…though protected at the VCSP end, ultimate control for what was backed up to the Cloud Repository is in the hands of the tenant. From the tenant’s server they could manipulate the backups stored via policy or a malicious user could gain access to the server and delete the offsite copies.

In Update 3 of Backup & Replication 9.5 we added Insider Protection to Cloud Connect Backup, which allowed the VCSP to put a policy on the tenant’s Cloud Repository that would protect backups from a malicious attack. With this option enabled, when a backup or a specific restore point in the backup chain is deleted or aged out from the cloud repository. The actual backup files are not deleted immediately, instead, they are moved to a _RecycleBin folder on the repositories.

In Update 4 we have taken that a step further to add true air-gapped backup options that VCSPs can create services around for longer term retention with the Tenant to Tape feature. This allows a VCSP to offer additional level of data protection for their tenants. The tenant sends a copy of the backup data to their cloud repository, and the VCSP then configures backup to tape to send another copy to the tape media. If there is a situation that requires recovery if data in the cloud repository becomes unavailable, the VCSP can initiate a restore from tape.

VCSPs can also offer a tape out services to help their tenants achieve compliance and internal policies without maintaining their own tape infrastructure. Tapes can be stored by the service providers, or shipped back to tenant as shown in the diagram below.

To take advantage of this new Update 4 feature VCSPs will need to configure Tape Infrastructure on the Cloud Connect server. What’s great about Veeam is that we have the option to use traditional tape infrastructure or take advantage of Virtual Tape Libraries (VTLs) which can then be backed by Object Storage such as Amazon S3. I am not going to walk through that process in this post, there are a number of blogs and White Papers available that guide you on the setup of an Amazon Storage Gateway to use as a VTL.

Once the Tape Infrastructure is in place, as a VCSP with a Cloud Connect license when you upgrade to Update 4, under Tape Infrastructure you will see a new option called Tenant to Tape.

A tenant backup to tape job is a variant of a backup to tape job targeted at a GFS Media Pool which is available for Veeam customers with regular licensing. What’s interesting about this feature is that there are a number of options that allow flexibility on how the jobs are created which also leads to a change of use case for the feature depending on which option is chosen.

Choosing Backup Jobs will allow VCSPs to add any jobs that may be registered on the Cloud Connect server…though in reality there shouldn’t be any configured due to licensing constraints. The other two options provide the different use cases.

Backup Repositories:

This allows the VCSP to backup to tape one or more cloud repositories that can contain one or multiple tenants. The can allow the VCSP to backup the Cloud Connect repository in whole to an offsite location for longer term retention.

The ability to archive tenant Cloud Connect Backups to tape can help VCSPs protect their own infrastructure against disasters that may result in loss of tenant data. It can be used as another level of revenue generating service. As an example, there could be two service offerings for Cloud Connect Backup… one with a basic SLA which only has one copy of the backup data stored… and another with an advanced SLA that has data saved in two locations…the Cloud Connect Repository and the tape media. 

Tenants:

This option offers a lot more granularity and gives the VCSP the ability to offer an additional level of protection on a per tenant level. In fact you can also drill down to the Tenant repository level and select individual repositories if tenants have more than one configured.

Again, this can be done per tenant, or there can be one master job for all tenants.

It’s important to understand that all tasks within the tenant backup to tape feature are performed by the VCSP. Unless the VCSP has created a portal that has information about the jobs, the tenant is generally unaware of the tape infrastructure and the tenant can’t view or manage backup to tape jobs configured or perform operations with backups created by these jobs. There is scope for VCSPs to integrate such jobs and actions into their automation portals for self service.

Restores:

VCSPs can restore tenant data from tape for one tenant or more tenants at the same time. The restore can go to the original location or to a new location or be exported to backup files on local disk

Wrap Up:

Tenant to Tape or Tape as a Service for Cloud Connect Backup was a feature that didn’t get much airplay in the lead-up to the Update 4 launch, however it give VCSPs more options to protect tenant data and truly offer an air-gapped solution to better protect that data.

References:

https://www.veeam.com/wp-using-aws-vtl-gateway-deployment-guide.html

https://aws.amazon.com/about-aws/whats-new/2016/08/backup-and-archive-to-aws-storage-gateway-vtl-with-veeam-backup-and-replication-v9/

Backup & Replication 9.5 Update 4 – What’s In It For Service Providers

For ten plus years Veeam has continued to develop new innovative features and enhancements supporting our Cloud and Service Provider partners. As I posted earlier this week, there is a proven track record built upon a strong foundation of Veeam technology that backs up our strong leadership position in the Service Provider space. This accelerated in v7 with vCloud Director support…continued with Cloud Connect Backup in v8, Cloud Connect Replication in the v9 release and even more through the Backup and Replication 9.5 releases and Updates.

In my initial v9.5 Update 4 Top New Features post I covered off new core features and enhancements that are included in Update 4. Specifically there are a number of new features that VCSPs can take advantage of…

Over the next few weeks I am going to deep dive into each of the features listed above as they all deserve their own dedicated blog posts. With a release as huge as this, there is no shortage of content that can be created off the back up Update 4!

Beyond the core enhancements, there are also a significant number of general enhancements that are referenced in the What’s New Document. I’ve gone through that document and pulled out the ones that relate specifically to Cloud and Service Provider operations for those running IaaS and B/R/DRaaS offerings.

  • Maximum supported individual disk size and backup file size have been increased 10 times. With the default 1MB block size, the new theoretical VBK format maximums are 120TB for each disk in backup. Tested maximum is 100TB for both individual disks and backup files.
  • Optimized backup job initialization and finalization steps, resulting in up to 50% times faster backups of small VMs
  • Added experimental support for block cloning on deduplicated files for Windows Server 2019 ReFS
  • vPower NFS write cache performance has been improved, significantly improving I/O performance of instantly recovered VMs and making a better use of SSD drives often dedicated by customers to write cache.
  • vPower NFS scalability has been improved to more efficiently leverage expanded I/O capacity of scale-out backup repository for increased number of VMs that can be running concurrently
  • Support for Paravirtual SCSI controllers with more than 16 disks attached
  • Added JSON support
  • Added RESTful API coverage for viewing and managing agent-based jobs and their backups
  • Added the ability to export the selected restore point of a particular object in the backup job as a standalone full backup file (VBK)
  • Added ability to instantly publish a point-in-time state of any backed-up database to the selected SQL Server for dev/test purposes by running the database directly from the backup file
  • Added the ability to export a point-in-time state of any backed up database to a native SQL Server backup (.BAK file) to simplify the process of providing the database backup to SQL developers, BaaS clients or Microsoft Support
  • Added the ability to schedule Active Full backups on a particular day of the month, as opposed to just weekdays
  • Instant recovery of agent backups to a Hyper-V VM now support Windows 10 Hyper-V as the target hypervisor. This is particularly useful for managed service providers by enabling them to create low-cost all-in-one BCDR appliances to deploy at their clients’ premises.

What I pulled out above is just a small subset of all the general enhancements in Update 4. For Cloud Connect, there is a Post in the Veeam Forums here that goes through specific new features and enhancements in greater detail as well as fixes and known issues.

Stay tuned for future posts on the core new features and enhancements in Update 4 for Veeam Cloud and Service Providers.

References:

https://www.veeam.com/kb2878

http://www.veeam.com/veeam_backup_9_5_whats_new_wn.pdf

http://www.veeam.com/veeam_backup_9_5_u4_release_notes_rn.pdf

Veeam for Service Providers…Ten Plus Years of Innovation!

I remember the day I first came across Veeam. It was mid 2010 and I was working for Anittel at the time. We had a large virtualisation platform that hosted a number of high profile sites including a well known e-commerce site. There had been a serious data breach on one of those site and we were required by the Australian Federal Police to restore the website logs from a couple weeks back when the breach had first taken place.

We were using a well known product at the time to backup our vSphere platform and from the outside everything seemed ok. All backup reports where green and we thought the backups where verified. To cut a long and painful story short, when we came to restore the website logs we found that the backups had not worked as expected and we couldn’t retrieve data off a secondary partition due to a huge unknown bug in the software.

That was the end for that backup application (and interestingly enough they went out of business a few years later) and that afternoon we downloaded Veeam Backup & Replication v4 and went to work pushing that out into production. We (and I have) never looked back from there. Veeam did in fact Just Work! At that stage there were enough features in the software to cover all of the requirements for a VMware based hosting platform, and over the years as v5 and v6 were released more and more features and enhancements were released that made Veeam even better service providers.

By the time I left Anittel and headed to Zettagrid, Veeam had introduced more innovative features like Instant VM Recovery, vCloud Director Support, Cloud Connect Backup, the Scale Out Backup Repository just to name a few. In fact Veeam impressed me so much with their Service Provider features that I joined the company where I now focus my time on working with Service Providers as part of the Veeam Product Strategy Team focusing on our cloud and service providers products and features.

While I could bang on about all the features that Veeam has released over the years to enable us to become a significant player in the Cloud and Service Provider space, a picture tells a thousand words…and an interactive timeline showing just how innovative and focused Veeam has been on enabling our Cloud and Service Provider partners to succeed is priceless!

No other vendor has this track record of producing specific Cloud and Service Provider features and enhancements over the years and as you can see over the last three to five years we have moved with the industry to continue innovating in the cloud space by accelerating feature development and bringing great technology to the market.

If you are a Cloud and Service Provider and not using Veeam…what are you waiting for?

https://anthonyspiteri.net/veeam-vcsp-reverse-roadmap/

VCSP Important Notice: 9.5 Update 4 RTM Is Out…With vCloud Director Replication Support and more!

Today, Veeam has made available to our VCSP partners the RTM of Update 4 for Backup & Replication 9.5 (Build 9.5.4.2399). Update 4 is what we term a breaking update, meaning that if a Cloud Connect tenant upgrades from any previous 9.5 version before VCSPs this will break backup or replication functionality. With that in mind the RTM has been made available for our VCSP partners to ensure it is installed and tested before being pushed out to production before the GA release.

Veeam Backup & Replication releases from 9.0 (build 9.0.0.1715) can write backups via Cloud Connect to a cloud repository on 9.5 Update 4. For Cloud Connect Replication, existing Hardware Plan based replicas can go to a cloud host on 9.5 Update 4. To take advantage of the new vCloud Director based replication, tenants need to also be on Update 4.

As I detailed yesterday, there are a number of updates that need to be applied to Veeam ONE, Veeam Availability Console and Veeam Backup for Microsoft Office 365.

VCSP Features and Enhancements:

Update 4 is a very significant update and contains a number of enhancements and known issue fixes with a lot of those enhancements aimed at improving the scalability of the Backup & Replication platform that VCSPs can take advantage of. One important note is around the new Instance-based licensing model that all VCSPs should be aware of. There is an initial guide here, information in the VCSP Forums and there will be emails sent to explain the changes.

  • vCloud Director support – Massive Feature Enhancement! Simplifies setting up Veeam based DRaaS for Service Provides with vCD, and enhances tenants experience with additional capabilities provided by vCD
  • Capacity Tier – Move tenant’s backup files as they age out of operational restore window to a cheaper storage – AWS S3, Azure Blob or on premises object storage
  • Gateway pools – Create and assign pools of cloud gateways to the tenants
  • Tenant to tape jobs – Cloud Connect backups can be written to tape with the hand of GFS media pool and Backup to Tape jobs
  • Tenant-driven password change – Tenants can now change the password they use to connect to the service provider by editing one on the registered service provider
  • Platform Support – vCloud Director 9.5, VMware 6.7 Update 1 and Windows 2019 (1809) support.

There has also been a lot of work to improve and enhance scalability in the Backup & Replication Cloud Connect functionality to accomodate the increasing usage of Veeam Agent for Windows and Linux of which there is a new version (3.0) coming at the same time of Update 4 GA. For Veeam Availability Console, Update 4 will be taken advantage of fully in the upcoming major release a little later after the Update 4 GA.

Conclusion:

Once again, Update 4 for Veeam Backup & Replication is an important update to apply for VCSPs running Cloud Connect services in preparation for the GA release which will happen in about two weeks at our Velocity event. Once released I’ll link to the VeeamKB for a detailed look at the fixes but for the moment, if you have the ability to download the update do so and have it applied to your instances. For more info in the RTM, head to the VCSP Forum post here.

Important Updates for VAC, VBO and Veeam ONE … Update 4 is Coming!

Things are moving here at Veeam with the impending release of Veeam Backup & Replication 9.5 Update 4. In preparation for the release there have been a number of update patches released for our supporting platform products. Importantly for our Veeam Cloud and Service Providers who are expected to receive RTM details any day now, it’s important to understand that the following patches need to be applied ASAP before your main IaaS Veeam or Cloud Connect instances are updated to Update 4.

https://www.veeam.com/kb2832 – Veeam ONE
https://www.veeam.com/kb2835 – Veeam Availability Console
https://www.veeam.com/kb2809 – Veeam Backup for Microsoft Office 365

For Veeam ONE there is a little manual work to be done by way of an MSSQL script. If not executed before Update 4 is deployed, Veeam Cloud Connect monitoring and reporting in Veeam ONE 9.5 Update 3 will stop working.

For Veeam Availability Console,

the patch update is a Cumulative Patch for Update 1 of 2.0. This adds immediate compatibility support for Veeam Backup & Replication 9.5 Update 4 as well as Cloud Connect 9.5 Update 4 compatibility support which is how VAC does it’s communicating between the server instance and remote sites for monitoring and management of remote Backup Servers and Agents. Note that there are new features in Update 4 which will not be supported in this version of VAC…the next major release of VAC will add supportability for those features not supported.

As well as the Update 4 compatibility, there are also a number of resolved issues, the full list of which can be viewed in the VeeamKB. To apply the patch, head to the VeeamKB and follow the instructions. You need to have at least VAC 2.0 Update 1 Build 2.0.2.1750 as shown below.

From there, make sure you have a backup of the database, close down the Web UI and execute all three MSI packages as administrator on the server.

Once completed the patches are applied and VAC 2.0 Update 1 is up to date running on version number Server Version 2.0.2.1913. Note that updated Windows for Agent Builds have been pushed out and can be upgraded as per my post a few months back.

For Veeam Backup for Microsoft Office 365,

It’s important to note that standalone instances and also those installed ontop of instances with Veeam Backup & Replication Update 4, which would be most VCSPs who are utilising the Self Service feature through Cloud Connect need to be updated. DO NOT install on those running Update 3 or 3a. You need to running at least 2.0.0.567 or 2.0.0.594 before installing this cumulative patch before updating.

Like the Update patch for VAC, this is a Cumulative Patch and also includes a number of important resolved issues relating to SharePoint and OneDrive, Exchange Online, restore operations and general server fixes. The full list can be found in the Resolved Issues section of the VeeamKB. For those with tenants that run the Explorers for Exchange or SharePoint seperate to an installation of Veeam Backup & Replication 9.5 or those running pre Update 4 versions, there are also upgrades for both contained in the patch release.

All set for Update 4!

With all that in place, VCSPs should be ready to deploy the RTM of Update 4 when it becomes available. Stay tuned for more information on that front. There is lots to love about Update 4 for Service Providers and customers alike!

 

Enhanced Self Service Restore in Backup for Office 365 v2.0

Earlier in the year I gave an overview on the Self Service recovery capability of Veeam Backup for Office 365 which gave Veeam Cloud and Service Providers the ability to offer self service to their tenants for the recovery of Exchange data that’s been backed up on their platforms as a service.

As a bit of a refresher:

Tenant admins communicate with the Service Provider via the Cloud Gateway component which handles flow of data. The Service Provider grants the ability to their tenants so that each tenant can perform self restore operations using Veeam Explorer for Microsoft Exchange. By default, tenants are not able to restore anything from the backup without a Service Provider assistance.

The steps above show the self restore scenarios performed by the Tenant:

  • Tenants use Veeam Explorer for Microsoft Exchange to send restore requests via Veeam Cloud Gateway directly to the Service Provider.
  • On the Service Provider side, Veeam Backup for Microsoft Office 365 management server detects a proxy server responsible for processing tenant data.
  • Veeam Backup for Microsoft Office 365 management server locates an associated repository that contains a backup file that belongs to the Tenant.
  • Corresponding backup data is then transferred back to the tenant via Veeam Cloud Gateway.
What’s Changed in v2.0:

As mentioned, one of the big limitations in VBO v1.5 was the fact you could only restore the most recently backed up recovery point which limited it’s usefulness for most administrators looking to take advantage of the feature. That’s changed in VBO v2.0 with the ability to now choose a point in time from the Explorers. This is true for both Veeam Explorer for Exchange and Sharepoint (Which also does OneDrive).

Shown below is a Service Provider view of a restore operation for the Sliema organisation. As with the previous versions you have the ability to use latest or go back to a point in time.

As a reminder…the retention is set against the Backup Repository in VBO. Organisations are assigned to Repositories which dictates their own retention. At the tenant end, once the Veeam Explorer has been launched and the Connect to a Service Provider option has been chosen, you now see similar options to either do the latest, or go to a point in time.

If you go to choose a point in time that precedes the date of the first backup you will get the error below. Once a correct point in time has been selected the Self Service can begin. Shown below i’m able to go back to the 3rd of May 2018 restore point and perform actions on mail items. In this case, I was looking for a AWS Bill that I had deleted out of the mailbox and had gone way past my default Exchange retention settings. Back on the Service Provider end, you can see the active restore job session which is being facilitated through Cloud Connect. Conclusion:

To reiterate, the market for Office365 backups is significant and we have built in some pretty cool technology into Backup & Replication that works with Backup for Office365 that allows easy, self service capabilities that can be productized by Service Providers out of the box. Not only can Service Providers offer services to backup client Exchange, SharePoint or OneDrive Organisations but they can also extend that to offer self service which increases overall operational efficiencies at the provider end while also offering enhanced services to clients.

References:

https://helpcenter.veeam.com/docs/vbo365/guide/vex_sp_add.html?ver=20#pit

Configuring Service Provider Self Service Recovery with Veeam Backup for Microsoft Office 365

Quick Fix – Backup for Office 365 Self Service Recovery Fails with Incompatible Version

A couple of weeks ago we released version 2.0 of Veeam Backup for Office 365 which added support for SharePoint and OneDrive. Earlier this year I wrote about the awesome self service capabilities that are included for Veeam Cloud and Service Providers in the VBO platform, and also the huge opportunity that exists in the provider space to offer backup service for Exchange. Add to that SharePoint and OneDrive and that opportunity only gets bigger.

I’m putting together a couple of posts around the self service of SharePoint and OneDrive in the 2.0 release, but in the meantime this is a very quick fix post for those that might be getting the below error when trying to connect to service provider endpoints running VBO services for Exchange Online.

Incompatible Veeam Backup for Office 365 server version, received 9.6.3.567, expected 9.6.0.1308

To resolve this issue, then tenant needs to download the VBO 2.0 download package and install the new version of the Veeam Explorer for Microsoft Exchange that’s included in the release.

This will update the existing Explorer version from that distributed with Veeam Backup & Replication 9.5. The awesome thing about getting the upgrade as part of the VBO 2.0 package is that for the 1.5 release where self service was first introduced, tenants had to wait for Update 3 for Backup & Replication to consume the service.

Once this has been updated you can once again connect to the Cloud Connect infrastructure of the Service Provider that allows the self service recoverability function to take place.

Upgrading Windows Agents with Veeam Availability Console

One of the Veeam Availability Console’s key features is it’s ability to deploy and manage Veeam Agent for Windows. This is done through the VAC Web Console and is achieved through the connectivity of the providers Cloud Connect Gateway to the tenant’s Veeam Backup & Replication instance. Weather this is managed by a service provider or by the tenant, VAC also has the ability to remotely upgrade Windows Agents.

The way that this works is by the Veeam Availability Console periodically connecting to the Veeam Update Server and checks whether a new version of the agent software is available. If a new version is available, VAC displays a warning next to the agents saying that it is outdated as shown below.

Updating the backup agents from the Veeam Update Server is performed via the master agent that sits on-premises. This agent is deployed during the initial Service Provider configuration form the Veeam Backup & Replication server. The master agent downloads the backup agent setup file from the Veeam Update Server and then uploads this setup file to systems selected via the update scope and initiates the update.

To initiate the upgrade, select the agents from the Backup Agents Tab under Clients -> Discovery. Once selected click on the Backup Agent dropdown and click upgrade.

Note: Once you click Upgrade the process will be kicked off…there is no further confirmation. There is also a Patch option which allows you to apply patches to the agents in between major build releases.

Once initiated, all agents will be shown as updating as shown below.

Taking a look at the Resource Monitor of one of the endpoints being updated, you can see that the machine is receiving the update from the local server that has the master agent and that the agent is talking back to the VAC server via Cloud Connect Port 6180.

And you can see the Windows Installer running the agent update msi.

Back to the VAC console, and after a while you will see the update deployment status complete

And the endpoint now has the updated agent version running.

Which is reflected in the VAC Console.

Conclusion:

That’s the very straight forward process of having the Veeam Availability Console upgrade Veeam Windows Agents under it’s management. Again, this can be done by the service provider or it’s a task that can be executed by the tenant through their own console login given the correct permissions. There are a few other options for those that deployed the agents with the help of a 3rd party tool and also for those doing it offline…for a run down of that process, head to the help pages linked below.

References:

https://helpcenter.veeam.com/docs/vac/provider_admin/update_backup_agents.html?ver=20

Office 365 Backups and the Opportunity that Exists for Service Providers

In recent weeks i’ve become reacquainted with an old friend…There was a time where eighty to ninety percent of my day job was working in and around Exchange Server. If I had started this blog in 2005 it would have been dominated with posts around the Hosting of Exchange Server and probably be named Exchange is Life!. I take pride in my Hosted Exchange Org and User creation scripts that I created before Hosting Control Panels where even a thing.

Over the last five or six years my interest in Exchange diminished due to moving roles and also due to some lingering ill feelings about the way in which Microsoft treated their initial Hosting partners as they started what would become, Office 365 back in the late 2000’s. That said I have remained aware of the Exchange landscape and while there is still a lot of on-premises Exchange instances and still a number of decent Hosted Exchange providers out there, there is no stopping Office 365’s growth.

I even jumped on the bandwagon by moving my personal SliemaLabs domain over to an Office 365 Exchange subscription late last year. That domain initially lived on an Exchange Server I ran from home, and then on a Hosted Exchange platform I built and now it’s completed it’s own journey to Office 365.

Having spent a bit of time recently looking at the 1.5 version of our Backup for Microsoft Office 365 product…more specifically the new self service feature that came in Backup & Replication 9.5 Update 3. I’ve had a renewed sense of purpose around the Exchange ecosystem…and that purpose is to ensure that all service providers understand the opportunity that exists around creating offerings for the backing up and availability of Office365 services.

This post follows a post that was released on the Veeam.com blog by Paul Mattes (VP of Global Cloud Group at Veeam) talking about the success of our Backup for Microsoft Office 365 product.

In 2017, more than 25,000 organizations installed our Office 365 backup solution, representing 2.3 million Microsoft Office mailboxes. We saw a staggering 327% quarter-over-quarter growth in Q4 of last year.

And the reasons why all Office 365 users should consider an external backup solution for their data hosted in Microsoft’s SaaS cloud platform.

It’s important to remember that SaaS platform providers, like Microsoft Office 365, take on the responsibility of application uptime and the underlying infrastructure. But it is the customer’s responsibility to manage and protect their vital business data.

This is public cloud in a nutshell…Ultimately the customer has the responsibility to ensure all data is backed up correctly. I won’t go into the technical aspects as to why Office 365 requires additional backups solutions. There a plenty of good online resources, a Gartner report is available here Microsoft’s has an offical page on High Availability and Business Continuity guide. Doing research into the nature of SaaS you understand the need for third party backup solutions.

The Office 365 Opportunity:

From a service provider point of view there is an opportunity to tap into the 85 million user Exchange Online market and offer availability services for organisations using Office 365. This is a multi-billion dollar market that exists today and services based around backup and management of that data are central to tapping into that opportunity. Just breaking down the ANZ market alone, there are approximately 4.25 million Office 365 users of which if only 5% was captured would represent a combined 3.5 to 5 million dollar market.

For those VCSPs who have already deployed Cloud Connect and offering Backup services, the ground work has been laid with regards to having the infrastructure in place to extend that service to offer Veeam Backup for Office 365 aaS.

The billable components of this service are licenses and then storage costs. Managed Service Providers can also build in management fees that offer an end to end solution for their clients. Where it should be seen to be extremely attractive for VCPSs is in the potential for the storage revenue to be significant early and then continue to grow as tenant’s backup and retain more and more mailboxes in addition to new tenants coming on board.

We have given our VCSPs the tools to be able to build a strong service around Office 365 backups with the 1.5 release of Backup for Office 365 focused on scalability and automation. Add to that the self service feature that came in Update 3 for Backup & Replication and there is no excuse to not start thinking about offering this as a service.

Looking beyond Exchange Online, version 2 of Backup for Office 365 will include the ability to backup SharePoint and OneDrive as well…have a think about what that represents in terms of revenue opportunities just on the potential for storage consumption alone.

Again, I want to emphasis that this market is huge and what’s on offer in terms of potential revenue can’t be ignored. I’m excited about the next 12-18 months in being able to see our VCSPs grab this opportunity…don’t let it slip!

References:

https://technet.microsoft.com/en-us/library/exchange-online-high-availability-and-business-continuity.aspx

The Limitations of Microsoft Office 365 Backup

 

 

Configuring Service Provider Self Service Recovery with Veeam Backup for Microsoft Office 365

For a while now I’ve talked about the increasing functionality of the the Cloud Connect Gateway and that it is central to a lot of features and services that exist within Veeam Backup & Replication. With the release of 9.5 Update 3 we added a feature that allows multi-tenant self service recoverability of a tenants Office365 mailbox backup hosted by Veeam Cloud and Service Providers utilising Veeam Backup for Microsoft Office 365 1.5 that was released late last year.

Overview:

Tenant admins communicate with the Service Provider via the Cloud Gateway component which handles flow of data. The Service Provider grants the ability to their tenants so that each tenant can perform self restore operations using Veeam Explorer for Microsoft Exchange. By default, tenants are not able to restore anything from the backup without a Service Provider assistance.

The steps above show the self restore scenarios performed by the Tenant:

  • Tenants use Veeam Explorer for Microsoft Exchange to send restore requests via Veeam Cloud Gateway directly to the Service Provider.
  • On the Service Provider side, Veeam Backup for Microsoft Office 365 management server detects a proxy server responsible for processing tenant data.
  • Veeam Backup for Microsoft Office 365 management server locates an associated repository that contains a backup file that belongs to the Tenant.
  • Corresponding backup data is then transferred back to the tenant via Veeam Cloud Gateway.

IMPORTANT!

When planning solution components deployment, remember that Veeam Backup for Microsoft Office 365 v1.5 and Veeam Backup & Replication 9.5 Update 3 must be installed on the same server.

Example:

These days I don’t have access to a local Exchange Server or to a corporate Exchange Online instance but I did migrate my personal domain over to Office365 just before Christmas. That account has only one mailbox, but that’s enough to demonstrate the Office365 Service Provider backup and tenant self service recovery use case.

Service Provider Side:

For Service Providers to backup tenants on-premises or Office 365 Exchange mailboxes they need to first configure a new organization in Veeam Backup for Office 365. I’m not going to go through the steps for that as it’s been covered in other posts and is very simple to configure, however to prepare for the self service capability the service provider needs to ensure that the Cloud Connect Gateways are setup and configured and accessible externally.

In Backup for Office 365 you have to enable and configure the RestAPI and Authentication Settings under their respective tabs in the Options menu. This includes selecting an SSL certificate for both services…I’m just using a self signed certificate but obviously service providers will want a correctly signed public certificate to productise this feature.

With the organization configured I created a new job and backed up the Exchange Organization. Again, for this example I just have the one mailbox but the theory is the same weather it’s one, five, fifty or five thousand mailboxes.

From here, without any self service configured the Service Provider can access the mailboxe(s) to perform whole or granular item level recovery using the Veeam Explorer for Exchange. As shown below I can access any mailbox from the service provider’s end and perform recovery to a number of different locations

For each tenant (not per Exchange User) there needs to be a Cloud Connect tenant account created on the Backup & Replication server. This will be used at the tenant end by the admin to configure a Service Provider in the Backup & Replication console which will then be detected and used by the Veeam Explorer for Exchange to use to connect into the service provider and authenticate with an applicable Exchange account.

Tenant End:

For the tenant admin to use Veeam Explorer for Exchange to perform mailbox recovery you first have to configure a Service Provider using Cloud Connect tenant credentials as provided by the Service Provider. It’s worth mentioning here that you can have no license installed in Backup & Replication and are still able to add a Service Provider to the Backup Infrastructure menu. Once connected, firing up the Explorer for Exchange you will use the Service Provider option in the Add Store dropdown.

In the drop down list, select the Service Provider account configured in the Backup Infrastructure menu. If multiple exist you will see each one in the drop down. You also configure the username and password that connects to the Exchange Organization. This can be an admin account that is allowed impersonation, or you can enter in an individual account.

Once connected (which can take some time with the GUI of the Explorer for Exchange) any mailbox that the account has authorization over will be seen and mailbox recovery can begin.

An interesting thing to do is to check what is happening from a network connectivity point of view during this process. While performing a restore you can see open connections from the tenant side to Cloud Connect gateway on port 6180 and also you can see a connection to Office365 on port 443 completing the loop.

Back at the Service Provider end in the Backup for Office365 console you can see active Explorer for Exchange sessions as running jobs. Below you can see the local one, plus a remote session.

Automation:

For Service Providers with the capability to automate the setup and provisioning of these services through PowerShell or the RestAPIs here is a great example of what can be achieved with Backup for Office365 and the creation of a self service portal web interface. You can use the built in Swagger UI to evaluate the capabilities of RestAPIs.

The Swagger UI can be accessed via the following URL:

https://<Backup-Office365>:<Port>/swagger/ui/index

From there you can authenticate and work through the live examples.

Conclusion:

The market for Office365 backups is significant and we have built in some pretty cool technology into Backup & Replication that works with Backup for Office365 that allows easy, self service capabilities that can be productized by Service Providers out of the box. Not only can Service Providers offer services to backup client Exchange Organisations but they can also extend that to offer self service which increases overall operational efficiencies at the provider end while also offering enhanced services to clients.

References:

https://helpcenter.veeam.com/docs/vbo365/guide/vbo_mail_baas.html?ver=15

https://helpcenter.veeam.com/docs/vbo365/rest/swaggerui.html?ver=15

« Older Entries