Get centralized, off-site backup and replication with Veeam Cloud Connect for the Enterprise

Source: Veeam

“Yes, we’ve had another disaster in our remote office”

It’s problem that’s continuing to plague organizations around the globe. For example, a large global organization was faced with recent outages of their end-user-facing, retail-sales application costing the company thousands of dollars. A mandate from the CIO placed the IT team in a position where they HAD to figure out how to centrally protect the applications and services at their remote office/branch offices (ROBOs), as well as their headquarters (HQ) datacenter.

It’s unfortunate, but this challenge is becoming more and more commonplace in the today’s virtualized datacenter. Senior executives are now demanding centralized, off-site backup AND replication of their many remote offices and datacenters to the HQ datacenter, or in some cases, to the public cloud.

Enterprise organizations have come to discover that there are not many cost-efficient options available that allow them to solve this problem. One option that’s been found is to purchase tape drives for each remote location and ship tape backups to HQ. A second option is to either set up a new or leverage the existing VPN/MPLS connection to each remote office. This would require additional bandwidth to enable the new remote, disk-based backup strategy. Senior executives and IT staff have quickly learned that both of these approaches present significant management challenges.

A better solution, adopted by more than 200,000 organizations worldwide, is Veeam Availability Suite to protect the on-premises virtualized infrastructure. Veeam Availability Suite makes resolving the problem and plugging into Veeam Cloud Connect for the Enterprise (VCC-E) extremely easy.

What is Veeam Cloud Connect for the Enterprise?

You’ve likely heard of Veeam Cloud Connect for Service Providers (VCC-SP). Veeam Cloud Connect for the Enterprise technically operates EXACTLY the same. The only difference is that, within this model, enterprise IT teams operate as the service provider (this is true for most large enterprise IT shops because they share many of the same characteristics). Cloud Connect offers benefits that help simplify several of the ROBO data-protection challenges that enterprises must solve.

Historically, IT had to manage remote connections (VPN) over their corporate MPLS WAN from the headquarters datacenter to each of the remote offices. It’s often cost prohibitive to purchase a connection fast enough to handle the application and backup traffic, which can also result in management challenges. It used to be that if a remote connection to these sites was not available, each location would have to be managed individually. This also ends up resulting in many management challenges! In addition, strict firewall rules at each site and at the main HQ increase the complexity of deploying a remote backup solution. Bottom line? Backing up data from ROBOs to the HQ datacenter simply wasn’t feasible for most enterprises in the past.

Veeam Cloud Connect has solved these key enterprise challenges today by removing the requirement for VPN connections, as well as consolidating all traffic over a single TCP/UDP port for simplified deployment. Traffic traversing the internet is authenticated with TLS and secured with AES-256-bit encryption, which is achieved by Veeam Backup & Replication using a component called the Cloud Gateway. These servers reside within the WAN/DMZ zone of the HQ datacenter and broker the connection between their remote offices, with all incoming traffic natively load-balanced across each of the gateway servers. This traffic is then passed through the internal network interface of the Cloud Gateway to the Veeam infrastructure backup repository for backup or backup copy jobs, or the hypervisor host for replication jobs.

Bandwidth requirements for these ROBO sites is a very costly resource. Some enterprises must even rely on satellite connectivity to the more remote locations. Luckily, VCC-E can leverage a purpose-built, software-based, WAN Acceleration technology, which reduces the required bandwidth by at least 10x!

This way, if there’s an application failure in a remote site, there are many options that allow IT to recover entire VMs, individual items from an application or execute a partial failover of an application in the HQ datacenter. And when true disaster strikes and IT is left with a smoking crater, the centralization that Cloud Connect provides allows IT to execute entire remote-site failover with just a few clicks!

How do I use VCC-E?

VCC-E allows enterprise IT teams to streamline ROBO DR by allowing these sites to send copies of local backups, or even just backup directly, to the central backup repository. As a result, they maintain full control of their data.

VCC-E can be consumed using three approaches:

  1. Most commonly, VCC-E is installed in the HQ datacenter. This allows the Enterprise to centrally operate and manage the Availability strategy for the entire organization. This is accomplished by having the ability to quickly restore VMs back to the original location, or even to the HQ datacenter in case of a complete disaster in the remote site. For the most critical remote locations, IT can create replicas of the VMs for fast failover and minimal RTO.
  2. If the HQ datacenter lacks the required storage capacity, leveraging a public cloud provider, like Microsoft Azure, becomes a great option. In fact, the VCC-E appliance is ready in the Azure Marketplace for deployment today, while Express Routes to Azure data centers are being deployed all over the world! If you’re a current Azure customer, you can easily deploy the pre-built Veeam Cloud Connect appliance and provision cloud repositories for all of your internal “tenants,” such as the HQ datacenter and ROBOs.
  3. Sign an agreement with a regional, national or worldwide hosting provider that can offer the enterprise-dedicated or shared Infrastructure as a Service (IaaS) resources in which to run VCC-E. This allows the enterprise organization to own and manage the service offering (off-site backup and replication) without having to own the maintenance of the compute, storage, networking, HVAC and electrical components.

Veeam Cloud Connect for the Enterprise sample deployment

Veeam Cloud Connect for the Enterprise sample deployment

There are many pros and cons to each of the above approaches, and that’s why it’s important to keep in mind that the technology behind VCC-E is flexible enough to fit into any one of these three deployment options.

How do I get VCC-E?

VCC-E is available immediately for existing Veeam customers with at least 100 sockets of Veeam Backup & Replication. And for a short period only, you can try it before you buy it with a FREE 6-month production key for an unlimited number of VMs — all without any up-front commitment. This limited-time offer provides current customers with a unique opportunity to test-drive Veeam Cloud Connect for the Enterprise and decide if it addresses their ROBO or off-site DR needs.

The post Get centralized, off-site backup and replication with Veeam Cloud Connect for the Enterprise appeared first on Veeam Software Official Blog.

Get centralized, off-site backup and replication with Veeam Cloud Connect for the Enterprise

Microsoft focuses on strategic database administration by moving to Azure

Source: Microsoft
At Microsoft, our Information Security and Risk Management team—which manages our most hyper-sensitive information, in our largest databases—moved its entire database environment to Azure. The migration required careful planning and testing, but the move itself was simple. With automated administration and performance monitoring, our database administrators have time to focus on strategic projects such as data modeling, architecture design, and code reviews.
Microsoft focuses on strategic database administration by moving to Azure

Veeam Management Pack data in Microsoft Operations Manager Suite (Part 2)

Source: Veeam

In the previous post we discussed what the Microsoft Operations Manager Suite (OMS) is and how it can be used as a powerful extension for your Operations Manager solution on-premises. We already showed you how to connect them together and how to make sure that data from your Veeam Management Pack is being streamed to the OMS solution. Today we are going to look at alerts and use OMS to create some custom queries, use custom fields and experiment with the preview of PowerBI to create stunning visualization dashboards.

We also already mentioned that alerts data is going to be automatically available in OMS after connecting the two solutions and after you have enabled the Alerts Management solution. These alerts that appear in Operations Manager will almost instantly be available in OMS.

Making those alerts visible is done by using log queries. These log queries are run at regular intervals. The solution comes with some queries out of the box, but we are going to use some of our own search queries to display specific alerts from our Management Pack. I am not going into detail on how you need to create such a custom search. You can find the information on Microsoft TechNet.

Let’s look at some sample queries.

Sample queries

The first query we are going to use will display critical alerts coming from the Veeam Management pack in the past hour.

Type=Alert (AlertSeverity=error or AlertSeverity=critical) TimeGenerated>NOW-24HOUR AlertState!=Closed AlertName=Veeam* | measure count() by AlertName

Veeam Management Pack data in Microsoft Operations Manager Suite

The result will be the above chart displaying those alerts.

Let’s separate our search by virtualization platforms and create a query specific for Hyper-V Alerts:

Type=Alert (AlertSeverity=error or AlertSeverity=critical) TimeGenerated>NOW-24HOUR AlertState!=Closed AlertName=Veeam*HyperV* | select SourceDisplayName, AlertName

Veeam Management Pack data in Microsoft Operations Manager Suite

As you can see in the above image, we have 13 alerts on our Hyper-V platform. Now let’s continue with this query and image we have an SLA or KPI in our organization, defined for the operations team. Now you can setup an alert rule based on the number of open Hyper-V alerts. To do so, you need to add an alert rule.

Veeam Management Pack data in Microsoft Operations Manager Suite

Custom Fields

When you are streaming data into OMS, it is sometimes necessary to do some additional configuration to make the data work for you. For example, with the recently announced custom logs support in OMS, you will have to use custom fields to extract certain parts out of your raw data.

But besides for custom logs, these custom fields can also be very useful for Veeam Alerts.

For example, you can extract the Class type from almost each Operations Manager alert, which is contained in the SourceFullName property.

Veeam Management Pack data in Microsoft Operations Manager Suite

Also from the above example, you can see that for certain Alerts the name of the VM, Host, Datastore and other different metric information can be extracted.

Keep in mind that each VM ID in Veeam Management Pack also contains the vCenter name, so this could also be extracted for all VM-related alerts (VMware).

For example, let’s select to extract fields from the AlertDescription field of the “Veeam VMware: Virtual Machine memory Usage Analysis” alert.

First, run the following query:

Type=Alert (AlertSeverity=error or AlertSeverity=critical) TimeGenerated>NOW-24HOUR AlertName=”Veeam VMware: Virtual Machine Memory Usage Analysis”

After receiving the alerts from your query, click on the dots for the AlertDescription field and select “Extract fields from Alert

 

Veeam Management Pack data in Microsoft Operations Manager Suite

Make sure we’ve specified that the field is relevant only for this particular Alert (click the checkbox next to the alert name) – for any other alert the text is going to be different and the custom field will not be extracted or could be extracted incorrectly which could create a mess in your OMS.

Select the host name in the Alert text, specify the name for the Custom Field and make sure the custom field is extracted correctly from all the Alert descriptions (tweak if necessary). Finally click Save.

Veeam Management Pack data in Microsoft Operations Manager Suite

Now we can group those Memory usage alerts by Hosts to identify the host with the most memory pressure issues.

You might even take this one step further and extract the configured RAM value, make an OMS alert and then associate an Azure automation runbook to add RAM for the affected VM.

Power BI

As already said in the first part of this series, developments for new features in OMS are done in a rapid pace and one of the more promising features (in preview as of the time of writing) is Power BI. Again, this can be very useful for the data that is collected by the Veeam Management Pack.

Note: Before you can do this, you need to enable this functionality in the Preview Features.

Veeam Management Pack data in Microsoft Operations Manager Suite

After that, you need to connect your PowerBI account to OMS. For more information, check out the article Integrating OMS and Power BI.

After that you should be able to configure OMS for streaming data into PowerBI. Just go to search and select all performance data Type=Alert, and then you can stream all the data or filter it (for example by reporting Management Server).

Finally, click on the PowerBI menu item and let’s create a schedule to regularly push (or stream) data and do some visualization around it.

Veeam Management Pack data in Microsoft Operations Manager Suite

Veeam Management Pack data in Microsoft Operations Manager Suite

Specify the Name for the Rule, Dataset Name and Schedule, which is going to be used to push data into PowerBI.

Veeam Management Pack data in Microsoft Operations Manager Suite      p2 img11

After that your dataset should appear under Settings > PowerBI, where you can enable/disable synchronization, delete datasets and observe the health of the dataset synchronization.

Veeam Management Pack data in Microsoft Operations Manager Suite

Veeam Management Pack data in Microsoft Operations Manager Suite

When the data is pushed to PowerBI, you can start creating useful visualization dashboards.

As an example, in the below image, you can see a dashboard that displays the overall volume of Veeam Alerts and how it’s spread across different object classes and by total volume of the specific alerts.

Veeam Management Pack data in Microsoft Operations Manager Suite

Conclusion

By getting your alerts data from the Veeam Management Pack into OMS, you can use search queries, use custom fields and even experiment already with the PowerBI preview functionality and bring additional value to your organization. What we showed is just one small example that can be used and depending on your needs you will be able to extract the data you need and make those rules and visualizations necessary.

In the next part, we are going to look at how we can add performance data into OMS and use that data to build charts and visualizations.

The post Veeam Management Pack data in Microsoft Operations Manager Suite (Part 2) appeared first on Veeam Software Official Blog.

Veeam Management Pack data in Microsoft Operations Manager Suite (Part 2)

Reporting an Incident

Source: SANS security tip
Eventually, we all get hacked. The bad guys are very persistent and we can all make a mistake. If a phone call from the “Help Desk” doesn’t sound quite right, if an email seems suspicious or if a program you installed starts acting funny, ask for help! Your security team is there to help you. The sooner you report an incident, the sooner we can help resolve the problem.
Reporting an Incident

Optimizing predictive analytics using Cortana Intelligence Suite on Azure

Source: Microsoft
With an immense amount of data to manage across business groups, Microsoft IT continually works to develop logical methods to store and retrieve business intelligence data. We developed a solution with Cortana Intelligence Suite on Azure that optimizes predictive analytics for our marketing teams. The tools are customizable and scalable, and they allow us to look at big data with accurate predictive models in an automated workflow, for quicker and deeper insights into our business.
Optimizing predictive analytics using Cortana Intelligence Suite on Azure

Engaging users with a Microsoft Azure-based universal app (Article)

Source: Microsoft
Microsoft IT developed an Azure-based app to encourage user and product feedback from members of the Microsoft Elite early adopter program. The new Elite app gave members a central point of interaction with the program across multiple device platforms. The broad acceptance of this app gave us a more comprehensive view into the early adoption process and helped to improve our product development management.
Engaging users with a Microsoft Azure-based universal app (Article)

Veeam Management Pack data in Microsoft Operations Manager Suite (Part 1)

Source: Veeam

If you are a System Center Operations Manager (OpsMgr) user, you must have heard already about the Microsoft Operations Manager Suite (OMS). Whether you are at an event, watching a webinar or reading online about this solution, the most asked question we get around OMS is whether you should keep investing in OpsMgr or start moving to OMS. Before I get to that point, let’s have a look at what OMS exactly is.

What is OMS?

OMS is a cloud-services based solution that is able to retrieve data from your servers or through your operations management solution and gives you insight in that data through solution packs. These solution packs can be chosen from a gallery and come with pre-defined thresholds, rules and algorithms but can be customized by creating your own dashboards and thresholds. Solutions such as log analytics, IT automation, security and compliance and more are already available today. The list of solution or intelligence packs grows at a fast pace and additional services are delivered by Microsoft very quickly. In essence, it delivers in the cloud what Operations Manager has delivered on-premises already for years but is being developed very fast, whereas development in Operations Manager is slower and takes longer to get to the market.

Veeam Management Pack data in Microsoft Operations Manager Suite

So I can replace OpsMgr?

Does this mean I should stop investing in my Operations Manager installation and start moving to this cloud-based service? Can I remove the burden of maintaining the operations manager installation on-premises and just use the services from the cloud-based solution without having to worry about updates or down time?

You probably can when you have a few servers in your environment and don’t want to go through that burden of deploying an on-premises solution. You probably also can if you don’t mind delegation or don’t need specific insight into your hardware or other specific items. And you probably also can if you don’t worry about delegation…

While it is perfectly possible to only use OMS, it is the combination of OMS and OpsMgr that makes it a very strong solution.

The Veeam Management Pack

The Veeam Management Pack is a solution for Microsoft Operations Manager that provides you with app-to-metal visibility of your virtual and physical environments, giving you the visibility into VMware, Hyper-V and Veeam Backup and Replication. It is a third party management pack with lots of data gathering and intelligence built-in.

Veeam Management Pack data in Microsoft Operations Manager Suite

Using the power of both

In this series of blog posts, we are going to use the Veeam Management Pack and it’s data and intelligence and create some custom charts and dashboards, effectively using the power of both solutions combined. We are going to stream alerts and performance data and build custom views and dashboards based on data gathered from a VMware environment. Of course this can be done also from the data of our Hyper-V solution or Veeam Backup & Replication solution in our management pack.

To get started, we need to connect our existing, on-premises Operations Manager solution (that has the Veeam Management Pack installed) to your OMS subscription. I won’t go into details on how to create this subscription, those steps can be found on Microsoft TechNet.

After you have created a workspace, you can connect your existing on-premises solution to OMS.

This is rather easy to do.

Just click on “Register to Operations Management Suite”, and enter your OMS account credentials and connect to a Workplace.

Veeam Management Pack data in Microsoft Operations Manager Suite

Then, make sure that all Management Servers or agents with Veeam VMware Collectors are connected to OMS which can be done by going to Operations Management SuiteManaged Computers, clicking Add Computer/Group and adding Windows Computer with Veeam VMware Collectors installed on them.

Veeam Management Pack data in Microsoft Operations Manager Suite

From now on, depending on the solutions you have configured or selected in OMS, data is already being streamed to OMS. For example, if you have deployed Alert Management then alerts data is going to be available in OMS out of the box. On the other hand, streaming performance data into the cloud isn’t that simple. OMS does provide a way of adding counters from Windows Performance Manager but it doesn’t contain the possibility to add custom WMI namespaces. So to be able to stream VMware performance data, which is collected by our management pack, you will need to do some additional configuration steps.

In the next part, we are going to look at the alerts that are being streamed and use that data or those alerts to create some visualization.

In the last part we are going to look at performance data and how to stream that into OMS and again use that raw data to create some queries and visualizations.

The post Veeam Management Pack data in Microsoft Operations Manager Suite (Part 1) appeared first on Veeam Software Official Blog.

Veeam Management Pack data in Microsoft Operations Manager Suite (Part 1)

Leading Digital Transformation

Source: Cisco
Earlier this month, I attended a unique, one-week program at the IMD Business School in Lausanne with 400 executives from all over the world. The program was named “Orchestrate Winning Performance: How to survive and win in today’s digital world.” The ice-breaker question on Monday morning was eye-opening for all attendees: What is the impact […]Leading Digital Transformation

Leveraging Active Directory Recycle Bin: Best practices for AD protection (Part 4)

Source: Veeam

Read the full series:

Ch.1 — Backing up Domain Controller
Ch.2 — How to recover a Domain Controller
Ch.3 — Reanimating Active Directory tombstone objects
Ch.4 — Leveraging Active Directory Recycle Bin

 

This post is part four of a series where I discuss granular recovery of Active Directory objects and different scenarios and tools for such operations.

In the previous article, I described the cases where administrators worked with Domain Controllers running Active Directory off a functional level of Windows Server 2003 and Windows Server 2008. I detailed the steps they had to do in order to reanimate the tombstone objects using LDP and Veeam Explorer for Microsoft Active Directory utilities.

Today, I’m moving on to newer systems with the Active Directory recycle bin feature enabled.

With Windows Server 2008 R2, Microsoft implemented a long-awaited Active Directory recycle bin. This extended the standard life cycle of an Active Directory object and changed the logic of object deletion. With this feature enabled, the object started going to the deleted objects container right after deletion, where it stays for the lifetime of the deleted object (equal to recycled object lifetime by default). Most important, the system is able to preserve all of the object’s link-valued and non-link-valued attributes for the same lifetime period. This means you can easily restore an object with those attributes during this period.

Once the lifetime is over, the system changes the object status to recycled and drops most of its attributes. Additionally, the object becomes logically equal to what used to be tombstone in Windows Server 2003 and Windows Server 2008. The only difference is that you can’t restore or reanimate the recycled object now. A garbage collector removes it automatically after a recycled object lifetime expires (180 days by default).

Active Directory object life cycle with Active Directory recycle bin enabled

Figure 1. Active Directory object life cycle with Active Directory recycle bin enabled

Enabling Active Directory recycle bin

So far, the Active Directory recycle bin is not enabled by default on any Windows Server OS. To utilize this tool, you should prepare your environment, make sure that every DC in your forest is running Windows Server 2008 R2 and newer, and set your forest functional level to Windows 2008 R2 or above.

NOTE: Enabling the Active Directory recycle bin as well as any other substantial change to Active Directory (or other production systems) may be an intimidating task. You can use Veeam Virtual Lab technology to test schema upgrades or any other potentially impactful change before you do so in production. Additionally, the virtual lab can hold other VMs you have which are critical, so that they can go through the change as well and test multi-tiered applications for compatibility after the changes. The virtual lab can run from backups, replicas or even storage snapshots (depending on configuration). This way, there are no surprises in production.

Before using the Active Directory recycle bin, keep in mind that:

  1. Enabling the Active Directory recycle bin changes all current tombstone objects into recycled objects, so you won’t be able to restore them once enabling is done.
  2. The process of restoring multiple dependent objects can be difficult, because it requires a strict order of restore, starting from the higher-placed objects.
  3. In Windows Server 2008 R2, every operation related to the Active Directory recycled bin should be done via PowerShell cmdlets, no GUI provided. Windows Server 2012 and above introduce Active Directory Administration Center (ADAC), where all recycle bin operations can be performed via GUI.
  4. The recycle bin doesn’t have anything in common with Active Directory backup, and it won’t help to restore a whole DC if it is damaged.

Enabling Active Directory recycle bin in Windows Server 2012 via ADAC

Figure 2. Enabling Active Directory recycle bin in Windows Server 2012 via ADAC

The Pros & Cons of Active Directory recycle bin

When you enable the Active Directory recycle bin, you will notice a new Deleted Objects container visible via the Active Directory Administration Center. By browsing this container, you can see all deleted but not recycled objects, check their properties and restore them to a default or custom place.

Navigating through the Deleted Objects container in the Active Directory recycle bin

Figure 3. Navigating through the Deleted Objects container in the Active Directory recycle bin

Even though it looks much easier to perform granular recovery operations using this functionality than using LDP utility or performing authoritative restore of a domain controller, it also has some considerations. Below, I outlined the pros and cons of using Active Directory with the recycle bin feature enabled.

Pros:

  • A universal method for Windows Server 2008 R2 functionality level (or newer) domains
  • Great lifetime period (180 days by default is a sufficient time for majority cases)
  • Object attributes are preserved for a lifetime period
  • Recovery doesn’t require a reboot of a DC
  • GUI for Windows Server 2012 and newer

Cons:

  • Doesn’t work for Windows Server 2008 functionality level (or older) domains
  • Doesn’t work for changed objects (object can be restored if deleted, not changed)
  • Recovery is limited by a lifetime period value
  • Doesn’t protect against issues with DC itself (never be good as a backup copy)
  • No automation for hierarchy recovery

The second drawback is the most disturbing. What if the object wasn’t deleted, but occasionally changed, and the mistake is noticed after a while? Unfortunately, recycle bin won’t help here, and you have an issue to solve.

Solving recycle bin limitations with Veeam

Considering cons of recycle bins, they might not be a deal-breaker for some of you. However, those who want an ultimate solution should look somewhere else. Here comes Veeam, offering the same Veeam Explorer for Active Directory, which was previously discussed. This tool simply eliminates limitations of Active Directory recycle bin. With this utility, your Active Directory objects are protected as long as you keep backups around. It works for domain controllers with forest functional level of Windows Server 2003 and newer. Most importantly, it is a part of Veeam Backup & Replication, and is included in the Free Edition.

With a combination of Veeam Backup & Replication and Veeam Explorer for Active Directory, you can restore the entire DC at once and recover individual Active Directory objects: OUs, computer and users accounts with their passwords, GPOs, DNS records and more. Besides that, it’s easy to launch the Explorer and compare objects in a backup copy with live objects in production to notice the difference and changed objects attributes.

The example below shows a situation in which an administrator noticed a change in attributes of a user account and was asked to recover the user account to a previous condition.

Recovering changed Active Directory objects

Figure 4: Recovering changed Active Directory objects

Either way, thinking about possible Active Directory disasters in advance and testing different tools to prevent and fix these disasters will help you sleep soundly at night.

Hope this series triggered your mind and made you recheck your Active Directory protection strategy. Feel free to reach out to me in the comments to discuss more.

Helpful resources

The post Leveraging Active Directory Recycle Bin: Best practices for AD protection (Part 4) appeared first on Veeam Software Official Blog.

Leveraging Active Directory Recycle Bin: Best practices for AD protection (Part 4)