Three Musts for 21st Century Services

Source: Cisco
Remember the lonely Maytag repairman, just sitting around waiting for something to break?  Those days of break-fix service models are over. Today, technical and professional services have become central to every aspect of most companies’ operations. That’s because businesses today rely more and more on complex technologies that power digital transformation through every aspect of […]Three Musts for 21st Century Services

Why snapshots alone are not backups

Source: Veeam

Having a clear picture of what VM snapshots and backups can do for you is critical when your data is at stake. To dispel any doubts, snapshots are NOT backups. They are two different processes designed to address different needs. Today, I’m going to explain the discrepancy between VM snapshots and backups and provide you with a few scenarios where each of them best fits.

While it is true that many Veeam products will use a snapshot as part of a backup — a snapshot by itself is not a backup. This logic applies to VMware VM snapshots, Hyper-V checkpoints and storage snapshots as well.

How do snapshots work?

In a nutshell, a VM snapshot is the process of saving the data state of a VM with the possibility to revert to that point in time. The VM can be powered off, powered on or suspended when snapshots are taken. Multiple snapshots are organized in a parent-child hierarchy.

Usually, snapshots are used to test software updates or for unsafe operations on a VM, and then returned to the initial state if needed — think about it as a bookmark or an undo button. Snapshots are not a full copy of the base disk, therefore, they are not sufficient to restore a VM in case of storage failure.

VMware snapshots

In VMware VMs, the virtual disk is a .vmdk file residing on a data store (LUN). When a snapshot is created in Snapshot Manager, the original disk becomes read-only, and all the new data changes are written into a temporary .vmdk delta disk, pointing to the original one. The delta disk is the difference between the state at the moment when the snapshot was taken and the current state of the virtual disk. The process of taking a VMware snapshot also involves the creation of two additional files: snapshots and metadata information (.vmsd) and the running state information (.vmsn). After a snapshot is deleted (committed), all the changes are merged to the original .vmdk file, and it returns to read-write mode.

Why snapshots alone are not backups

Figure 1. Snapshots in VMware vSphere client

To ensure a healthy use of snapshots in vSphere virtualized environments, VMware provides several best practices:

  • Use a maximum of 32 snapshots in a chain, but for better performance, use only two to three snapshots
  • Don’t leave a snapshot running for more than 24 – 72 hours. It will increase in size, and your storage can run out of space
  • Do not use snapshots as backups. If the original virtual disk is deleted, you cannot restore a VM from snapshots

Hyper-V checkpoints

Things are slightly different with Hyper-V snapshots (renamed Hyper-V checkpoints starting with Windows Server 2012 R2). When a Hyper-V checkpoint is created in Hyper-V Manager, the running VM is paused and an .avhd(x) differencing disk is created in the same folder as the parent virtual disk (.vhd /.vhdx) to stock the changes, along with an .xml configuration file copy. The original virtual disk is set as read-only and, if the VM is running, there will be two more associated files — the VM saved state (.bin) and memory information (.vsv), then the VM is resumed.

Why snapshots alone are not backups

Figure 2. Checkpoints in Hyper-V Manager

Microsoft recommendations for Hyper-V checkpoints include:

  • Don’t use snapshots on VMs that host time-sensitive services, such as Microsoft Exchange Server or Active Directory Domain Services
  • Don’t expand existing virtual storage of a VM when there are snapshots on it, as they will get compromised
  • Use Hyper-V Manager to delete .avhd(x) files from the snapshots tree, instead of deleting them manually

What about storage snapshots?

Storage snapshots are a great framework to leverage as part of a backup job. Veeam Backup & Replication supports many storage arrays for both Backup from Storage Snapshots and Veeam Explorer for Storage Snapshots. There are a few points to cover here as well:

  • Even with a support array to leverage Veeam Explorer for Storage Snapshots, you still need to take a backup to go to different storage. Veeam Explorer for Storage Snapshots is a recovery-only technique from the source array that took the snapshot.
  • Backup from Storage Snapshots is a great way to take a backup using the power of the storage array and move the data to different storage.

One of Veeam’s evangelists, Rick Vanover, likes to say that: “We have nothing but evidence in the form of customer success stories that good arrays do indeed fail — so please take your backups onto different storage and follow the 3-2-1 Rule.”

When should I use snapshots?

Snapshots are a short-term solution to be used mostly in testing and development environments for patching, updates, or to test things quickly and rollback in case of failure. They are less recommended in production. However, there are certain scenarios where snapshots really come in handy for the production environment. For example, if you take risky actions, such as an OS update or configuration changes that could harm your system, then snapshots are a good idea.

Why aren’t snapshots recommended for production environments? Mainly for data integrity reasons. With snapshots, you’re not making a copy of the virtual hard disk. There is the VM virtual disk and the delta disk, which means that if the VM disk volume gets damaged, then your snapshots are gone as well because they can’t be merged on the base disk. Snapshots don’t protect you against disk breakdowns, and you’ll still have a single point of failure.

Another reason is performance-based. Snapshots can impact the performance of VMs. This does not happen very often – this occurs only in some particular situations, but it can happen. For example, running highly loaded VMs on aged (and thus increased in size) snapshots would definitely worsen the performance of those VMs, especially if they use dynamic disks. It is a common mistake to keep a VM running on a snapshot for a long time — the snapshot will increase in size because it will absorb all the changes, instead of the source disk. Consequently, committing will take much longer and it could even stun the VM during the merge process.

Wait, doesn’t Veeam use snapshots?

Good observation! Veeam Backup & Replication does indeed use snapshots as part of a backup job. It can use a VMware VM snapshot, a Hyper-V checkpoint or a storage snapshot. It is important to note that the snapshot by itself is not a backup – but it can be used as a critical part of the backup process. This is because the snapshot is used as part of the data movement process to a backup file or a replicated VM. The snapshot is removed when the backup job is complete.

How are backups different than snapshots?

A backup is a consistent VM copy that gives you the possibility to restore it in case the original files are compromised by a disaster or a human mistake. Unlike snapshots, backups are independent of the VM, and they can easily be exported and stored off premises (in the cloud, on tape or other remote storage). Read about the golden 3-2-1 Rule.

Veeam Backup & Replication leverages VSS technology (Volume Shadow Copy Service) and application-aware image processing to create image-level VM backups. Image-level VM backups allow you to protect an entire workload — virtual disk, operating system, software applications and system configuration files. All of those are stored in a single image-level VM backup file, which provides multiple restore options for your business-critical applications — from full VM recovery to granular, application-item recovery.

Furthermore, Veeam Backup & Replication is designed with numerous technologies for optimized backup traffic and backup file size reduction, such as deduplication, compression or WAN acceleration, and it gives you the ability to test your backup recoverability with SureBackup. Also, Veeam provides you with an alternative way to quickly test and troubleshoot your VM, the Virtual Lab. Here you can create an isolated virtual environment that doesn’t impact your production and perform different operations, like testing software updates or running trainings.

What if my environment cannot tolerate snapshots of any type?

This is a real possibility today. One way to go about the backup process is to use Veeam Agent for Microsoft Windows or Veeam Agent for Linux. These new Veeam backup products don’t use any infrastructure snapshots at all below the operating system. For Windows, the VSS framework is used to make an image-based backup, and for Linux, the veeamsnap is used to have an image of the file system.

Additionally, coming in Veeam Backup & Replication v10, the Veeam CDP capability will provide a replication engine for VMware virtual machines that doesn’t use VMware snapshots. This is leveraging the vSphere APIs for I/O Filtering or VAIO that work in the storage path of the VM.

Conclusion

VM snapshots alone cannot be used as a reliable way to protect your data and restore it in case of a failure, but they’re very handy for quick testing and troubleshooting. Additionally, a VM snapshot can be used if it is part of a comprehensive sequence of events to do a backup or a replication job. Remember, however, to keep an eye on snapshot amounts and properly manage them in order to avoid any storage and performance issues. On the other hand, image-level VM backups provide a high level of applications and data protection, allow for low RPO and support virtually any recovery scenario — from a full-VM to application-item restore.

Useful resources

The post Why snapshots alone are not backups appeared first on Veeam Software Official Blog.

Why snapshots alone are not backups

Get the most of your VMware alarms with Veeam ONE

Source: Veeam

Monitoring data center performance is an essential part of every IT administrator’s job that shouldn’t be overlooked. There are many avenues you can go down when looking at a tool to help monitor performance, but with Veeam, you can do this with Veeam ONE. Veeam ONE has many capabilities, but one of the most important features is the alarm it triggers when part of your virtual environment isn’t working as it should. Pre-built alarms included in Veeam ONE keep IT administrators up-to-date on the operations and issues occurring in their environment in real-time. With over 200 pre-built alarms included in Veeam ONE, users can identify, troubleshoot and react to any issue that may affect critical applications and business operations. Predefined alarms monitor VMware vSphere and vCloud Director, Microsoft Hyper-V, Veeam Cloud Connect and any internal Veeam ONE issues.

Data collection in Veeam ONE occurs immediately after connecting to your virtual center, ESXi hosts, Hyper-V hosts or Veeam Backup & Replication servers. Alarms are based on a set of best practices used to benchmark in comparison with your environment and trigger an alarm when metrics are not aligned. Once an alarm is triggered, users will see details and information in the Veeam ONE console. Some alarms can be resolved manually when triggered and others can be resolved automatically. It is important to note you can modify alarms to fit your business. This includes editing rules, assigning alarms to different objects or creating actions for when certain alarms fire off. Actions created include receiving an email alert on the issue or instructing Veeam ONE to run a script once an alarm is triggered. Within the alarm settings, users can change thresholds or aggregation allowing you to tailor the alarms to fit your business.

Veeam ONE Alarm Settings

Fig. 1: Alarm settings

The Alarm settings wizard is shown above. This wizard allows you to adjust the alarm, add different rules to the alarm, enable actions to happen once the alarm has been triggered and allow users to add custom notes on how to resolve the alarm in the knowledge base section. With simple changes, you can set the alarm criteria to be customized for certain servers without affecting other counters in Veeam ONE.

VMware vSphere alarms

There are many Veeam ONE built-in alarms that detect issues in VMware vSphere infrastructure components. The alarms included alert on everything from the vCenter Server, to clusters and hosts, and all the way down to datastores and virtual machines. Veeam ONE will also look at vCloud Director vApps, organization and more.

Veeam ONE Monitor View of Alarms

Fig. 2: Monitor view of alarms

An important alarm that Veeam ONE will trigger is Host connection failure. As the name states, this alarm monitors VMware vCenter Server API for events indicating that a host is disconnected. Similarly, alarms such as Host available memory will inform you when the host is low on memory or Host CPU usage when CPU usage has exceeded the defined threshold. As mentioned previously, there are alarms to detect issues with virtual machines. Some of these include Orphaned VM backup snapshot, High Memory Usage and Heartbeat missing. Along with an alarm to detect high memory usage on the host, there is a High balloon memory utilization alarm notifying you if there is an increased consumption of the VMware Tools memory controller, also known as the “balloon driver,” within a VM.

Alarms also detect if there are VMs in your environment that have no backups/replicas. This can help ensure that you are meeting SLAs and will be notified if your backup/replica are not meeting defined recovery point objectives (RPOs).

A notable alarm included in Veeam ONE is the Possible ransomware activity alarm, which detects if there is any suspicious activity occurring on the VM. These alarms — plus much more — will provide visibility into your data center to ensure Availability for your business.

Veeam ONE Ransomware Alarm

Fig. 3: Ransomware alarm details

Veeam Backup & Replication alarms

There are many alarms to help detect issues within your virtual infrastructure, but there are also alarms for your data protection operations. Alarms are configured to warn about events or issues that can cause data loss or prevent Veeam Backup & Replication from working properly. Alarms detect connectivity issues, state of Veeam Backup & Replication components, failing jobs or jobs finishing with warnings, any configuration issues, long running jobs plus much more. Veeam ONE can even detect if your backup repository is running out of free space, which is shown with the Backup Repository Free Space alarm.

Veeam Backup & Replication Monitoring

Fig. 4: Veeam Backup & Replication monitoring

Conclusion

Alarms identify if something isn’t working properly in your environment, allowing you to quickly resolve and troubleshoot the issue. Veeam ONE provides visibility into the data center to ensure healthy operations for your business. This blog post describes just some of the alarms included in Veeam ONE, but there are many more to help ensure your data center is operating as it should. Veeam ONE is a great tool to utilize in your business, not only for the alarms, but also provides monitoring, reporting and business view categorization.

If you want to learn more about Veeam ONE and how it provides visibility to the Always-On Business, check out some of the following resources:

The post Get the most of your VMware alarms with Veeam ONE appeared first on Veeam Software Official Blog.

Get the most of your VMware alarms with Veeam ONE

File inclusions and exclusions explained with Veeam Backup & Replication

Source: Veeam

A few years ago, the file exclusion engine was introduced to Veeam Backup & Replication. This was primarily meant to handle situations such as a large set file data that you didn’t need in an image-based backup. One example I had users liked was a SQL Server (especially before Veeam Explorer for Microsoft SQL Server) that had SQL Server DBAs performing SQL Server Agent jobs or SQL Server Maintenance Plans to export flat backups on disk and transaction log exports.

With the file exclusion, Veeam could optionally take the image-based backup of the VM running SQL Server and exclude the disk geometry that stored the files specified in the backup job. This is an extension of the same logic used in the backup job to exclude the swap file.

The other half of this capability is the file inclusion. This becomes very interesting as it can be very useful for giving parts of a VM the opportunity to have additional RPOs in addition to that of a regular Veeam backup job that takes the whole image. The figure below shows where you can set a file inclusion:

File inclusions and exclusions

This may seem like a small capability, but when you think about the logic for including files only, it can be very flexible. With this configuration in a backup job, a few things need to be considered:

  • The backup format is still a VBK
  • Virtual machine metadata (VM name, host, cluster, network, etc.) are saved — but they can’t be used as you only have the files of a folder selected with the inclusion
  • You can have an additional backup (possibly with a less frequent RPO) for the VM for the entire image
  • You can do a backup copy job of this restore point
  • This backup will be smaller than the image-based backup and has storage efficiencies of the source file data

When talking to customers and partners, this capability has been very useful as an extra backup job to give “that one folder” (that is very important) a bit more Availability than what the regular backup job may bring. It is important to additionally note that at VeeamON we announced NAS backup support for Veeam Backup & Replication v10. This will be an option as well, but if the system is a virtual machine and the requirement for a file backup logic is very specific to include all files in a folder, this logic may be better. The NAS backup logic coming in v10 will be based on revisions of a file at the time of the backup job. The retention is also based on the number of revisions where the file inclusion job is based on a restore point (always) for all files selected in the backup job.

An additional angle here is an extra layer of ransomware resiliency. By having the file inclusions in a separate backup job, this may be more resilient in a situation where you restore a file server from an image-based backup only to have the ransomware re-infect the restored data. This is the perfect time to remind everyone about SureBackup (which by the way is 7 years old in 2017!).

Do you have a use case where you have an image-based backup and a separate backup job just for some particular files? The file inclusions and exclusions may be something to consider. Share your ideas below.

The post File inclusions and exclusions explained with Veeam Backup & Replication appeared first on Veeam Software Official Blog.

File inclusions and exclusions explained with Veeam Backup & Replication

Kids and Education

Source: SANS security tip
One of the most effective methods you can use to protect kids online is to talk to them. The younger you start talking to them, and they to you, the better. Hold regular conversations about online safety issues, even going so far as to show them actual negative events that have taken place. If you don’t know what your kids are doing, simply ask. Play the clueless parent and ask them to show you what the latest technologies are and how they use them. Quite often, kids love the idea of being the teacher and will open up.
Kids and Education

Redkix, an email-friendly team messaging platform, launches its public beta

Source: Tech News – Enterprise
 When you first look at Redkix, it looks like any other Slack clone, but while you could definitely use it just like Slack, the team offers an important twist on the standard company chat theme: it plays nice with email. After a year of private testing with about 7,000 users, the team is opening up its public beta today and launching its paid premium program in private beta.
Oudi Antebi… Read MoreRedkix, an email-friendly team messaging platform, launches its public beta

Veeam Agent for Microsoft Windows 2.0: What’s New?

Source: Veeam

This is the beginning of a series of blogs that will give you an in-depth how-to of the many new capabilities that are available in Veeam Agent for Microsoft Windows 2.0.

If this is the first time you are hearing about our new product, I recommend you first review the following announcement blog post where I have previously provided an overview of the three editions of Veeam Agent for Microsoft Windows and some of the new functionalities. In this blog post, we will take a deeper look at some of the top features this release brings.

Direct backup to Veeam Cloud Connect

With the release of Veeam Backup & Replication v8 in 2014, Veeam introduced a new way in which businesses could extend their data protection strategy to include a cloud repository hosted by a trusted service provider. This technology is called Veeam Cloud Connect and it allows businesses to easily set up offsite backups and replication to a Veeam Cloud & Service Provider (VCSP) with just a few clicks, directly in their Backup & Replication console.

This functionality had an incredible success within our customer base and we received many requests to enable the same functionality from Veeam Endpoint Backup users. So, we did. Veeam Agent for Microsoft Windows 2.0 now supports direct backup to Veeam Cloud Connect repositories. This allows our users to easily make secure offsite backups of servers and workstations located outside of the network perimeter (for example, a server in the remote office, or a laptop of a mobile user).

Plus, our VCSPs can now further enhance their backup as a service (BaaS) offering as in addition to VMs, they are now able to protect their customers’ virtual, physical and cloud-based Windows instances.

Veeam Agent for Microsoft Windows 2.0: What’s New

Backup to a cloud repository

Encryption with password loss protection

Security is extremely important, especially when we’re talking about cloud backups. But, maintaining the integrity of your data within today’s modern world is paramount. Veeam Agent for Microsoft Windows provides the option to encrypt backup files at the source — before the data leaves the protected computer, allowing users to protect their sensitive information from unauthorized access and also prevent unwanted manipulations of the backup files. Because this functionality is so important, we have made it available in ALL editions, including FREE!

More importantly, because all Veeam technologies are tightly integrated, backup encryption does not impact the data reduction ratios of built-in compression and WAN Acceleration, as is the case when using third-party bandwidth reduction solutions.

Veeam Agent for Microsoft Windows 2.0: What’s New

Source-side encryption settings

Additionally, Veeam Agent for Microsoft Windows 2.0 can optionally include the decryption key in your custom recovery media to ensure seamless bare metal recovery from an encrypted backup. This enables IT managers to maintain the ability to restore a backup even if the password set by the user is lost or unknown. Of course, if you chose this option, you should keep your recovery disk in a secure location!

Veeam Agent for Microsoft Windows 2.0: What’s New

Option to include the decryption key within the recovery media

Direct backup to ReFS v3.1 repository

There’s no doubt that our advanced ReFS integration was the biggest innovation of our latest Veeam Backup & Replication release, version 9.5. We’re consistently hearing our customers saying the same thing — please add more game changing functionality like this! So, of course we had no choice but to add the same ReFS integration to Veeam Agent for Microsoft Windows 2.0 as well, for it to benefit from all the coolness this integration provides when using our agent to perform local backups on Windows Server 2016 or Windows 10 Creators Update.

Veeam Agent for Microsoft Windows 2.0: What’s New

Scheduling synthetic full backups in the Advanced Settings of the Configure Backup wizard.

With this integration, the agent will use fast cloning of the block in the existing backup files to make the synthetic backup creation much faster while consuming no additional space — which is why we’re calling such backups “spaceless.” By the way, we’re often asked how to make sure of that fast cloning — you should look for a [fast clone] tag in the synthetic full backup action log line.

Veeam Agent for Microsoft Windows 2.0: What’s New

Synthetic backup utilizing Block Clone API

Please note that synthetic full backups are available in paid editions only — however, we still recommend using ReFS even in FREE edition for improved reliability, thanks to built-in data integrity streams.

Summary

This is just the beginning, so do keep your eye out for the rest of the Veeam Agent for Microsoft Windows 2.0 how-to series. Meanwhile, head over to our website and download your copy of our product to begin ensuring Availability of all your physical and cloud instances! To familiarize yourself with our product, you can either use a free edition or get a FREE six-month subscription for unlimited workstations and servers!

For a complete run-down of everything that’s new in Veeam Agent for Microsoft Windows 2.0, check out the official What’s New document.

Share your comments below and tell us how you’re planning to use the brand new Veeam Agent for Microsoft Windows!

The post Veeam Agent for Microsoft Windows 2.0: What’s New? appeared first on Veeam Software Official Blog.

Veeam Agent for Microsoft Windows 2.0: What’s New?