Enhancing DRaaS with Veeam Cloud Connect and vCloud Director

Source: Veeam

The state of disaster recovery

While many organizations have understood the importance of the 3-2-1 rule of backup in getting at least one copy of their data offsite, they have traditionally struggled to understand the value of making their critical workloads available with replication technologies. Replication and Disaster Recovery as a Service (DRaaS) still predominantly focus on the Availability of Virtual machines and the services and applications that they run. The end goal is to have critical line of business applications identified, replicated and then made available in the case of a disaster.

The definition of a disaster varies depending on who you speak to, and the industry loves to use geo-scale impact events when talking about disasters, but the reality is that the failure of a single instance or application is much more likely than whole system failures. This is where Replication and Disaster Recovery as a Service becomes important, and organizations are starting to understand the critical benefits of combining offsite backup together with replication of their critical on-premises workloads.

Veeam Cloud Connect

While the cloud backup market has been flourishing, it’s true that most service providers who have been successful with Infrastructure as a Service (IaaS) have spent the last few years developing their Backup, Replication and Disaster Recovery as a Service offerings. With the release of Veeam Backup & Replication v8, Cloud Connect Backup was embraced by our cloud and service provider partners and became a critical part of their service offerings. With version 9, Cloud Connect Replication was added, and providers started offering Replication and Disaster Recovery as a Service.

Cloud Connect Replication was released with industry-leading network automation features, and the ability to abstract both Hyper-V and vSphere compute resources and have those resources made available for tenants to replicate workloads into service provider platforms and have them ready for full or partial disaster events. Networking is the hardest part to get right in a disaster recovery scenario and the Network Extension Appliance streamlined connectivity by simplifying networking requirements for tenants.

While Cloud Connect Replication as it stood pre-Update 4 was strong technology…it was missing one thing…

Introducing vCloud Director support for Veeam Cloud Connect Replication

VMware vCloud Director has become the de facto standard for service providers who offer Infrastructure as a Service. While always popular with top VMware Cloud Providers since its first release back in 2010, the recent enhancements with support for VMware NSX, a brand new HTML5-based user interface, together with increased interoperability, has resulted in huge growth in vCloud Director being deployed as the cloud management platform of choice.

Veeam has had a long history supporting vCloud Director, with the industry’s first support for vCloud Director-aware backups released in Veeam Backup & Replication v7. With the release of Update 4, we added support for Veeam Cloud Connect to replicate directly into vCloud Director virtual data centers, allowing both our cloud and service provider partners, and tenants alike, to take advantage of the enhancements VMware has built into the platform.

 

 

By extending Cloud Connect Replication to take advantage of vCloud Director as a way to allocate service provider cloud resources natively, we have given providers the ability to utilize the constructs of vCloud Director and have their tenants consume cloud resources easily and efficiently.

 

Benefits of vCloud Director with Cloud Connect Replication

By allowing tenants to consume vCloud Director resources, it allows them to take advantage of more powerful features when dealing with full disaster, or the failure of individual workloads. Not only will full or partial failovers be more transparent with the use of the vCloud Director HTML5 Tenant UI, but networking functionality will also be enhanced by tapping into VMware’s industry leasing Network Virtualization technology, NSX.

With tenants able to view and access VM replicas via the vCloud Director HTML5 UI, they will have greater visibility and access before and after failover events. The vCloud Director HTML5 UI will also allow tenants to see what is happening to workloads as they boot and interact with the guest OS directly, if required. This dramatically reduces the reliance on the service provider helpdesk and ensures that tenants are in direct control of their replicas.

 

 

From a networking point of view, being able to access the NSX Edge Gateway for replicated workloads means that tenants can take advantage of the advanced networking features available on the NSX Edge Gateway. While the existing Network Extension Appliance did a great job in offering basic network functionality, the NSX Edge offers:

  • Advanced Firewalling and NAT
  • Advanced Dynamic Routing (BGP, OSPF and more)
  • Advanced Load Balancing
  • IPsec and L2VPN
  • SSL VPN
  • SSL Certificate Services

 

Put all that together with the ability to manage and configure everything through the vCloud Director HTML5 UI and you start to get an understanding of how utilizing NSX via vCloud Director enhances Cloud Connect Replication for both service providers and tenants.

There are also a number of options that can be used to extend the tenant network to the service provider cloud network when actioning a partial failover. Tenants and service providers can configure custom IPsec VPNs or use the IPsec functionality of the NSX Edge Gateway to be in place prior to partial failover.

The Network Extension Appliance is still available for deployment in the same way as before Update 4 and can be used directly from within a vCloud Director virtual data center to automate the extension of a tenant network so that the failed over workload can be accessible from the tenant network, even though it resides in the service provider’s environment.

Conclusion

For Veeam Cloud & Service Providers (VCSP) that underpin their backup and replication service offerings with Veeam Cloud Connect, the addition of vCloud Director support means that there is an even stronger case to deliver replication and disaster recovery to customers. For end users, the added benefits of the vCloud Director HTML5 UI, and enhanced networking services backed by NSX, means that you are able to have more confidence in recovering from disasters, and in your ability to provide greater business continuity.

Resources:

The post Enhancing DRaaS with Veeam Cloud Connect and vCloud Director appeared first on Veeam Software Official Blog.


Enhancing DRaaS with Veeam Cloud Connect and vCloud Director

Harness the power of cloud storage for long-term retention with Veeam Cloud Tier

Source: Veeam

The cost and efficiency of data

All organizations are experiencing explosive data growth. Data growth continues to accelerate at almost exponential speed and with that comes pain points of organizations trying to manage that growth. More data means more robust applications to handle larger data sets, which also means more infrastructure to handle applications and the data itself. While the cost and management of on-premises storage has come down as hardware and disk technologies improve, organizations still face significant overhead when maintaining their own hardware infrastructure.

Taking that a step further as it relates to backups, when you combine the growth of data together with more strict regulations around data retention, the challenges that come with managing storage platforms for production and backup workloads becomes even more complex. The reality persists that organizations still struggle to achieve the economy of scale both from an operational and cost point of view that makes storing data long term viable.

The rise of Object Storage

Object Storage has fundamentally shifted the storage landscape, mainly due to its popularity in the public cloud space but also because it offers advantages over traditional block and file-based storage systems. Object Storage overcomes many of the limitations of file and block due to its design and fundamental concept of being able to scale out infinitely. Because a large percentage of backup data is considered to be for long-term retention. Object Storage seems to be a perfect fit.

Though the likes of Amazon, Azure and IBM Cloud offer Object Storage, the amount of organizations that have deployed Object Storage to their on-premises environments remains relatively low. The popular trend is to consume cloud-based Object Storage platforms to take advantage of the hyper-scalers own economies of scale which can’t be matched. With the cost of storage at fractions of a cent per GB, organizations desire to consume cloud-based Object Storage has increased and many have been made aware of its benefits.

Introducing Veeam Cloud Tier

With the launch of Update 4 for Veeam Backup & Replication 9.5, we have added Veeam Cloud Tier as a new innovative way to extend backup repositories to the cloud effectively delivering an infinitely scalable Scale-out Backup Repository. By using the new Object Storage Repository as a Capacity Tier Extent as part of the Scale-out Backup Repository, we have fundamentally changed the way in which organizations and our Veeam Cloud & Service Provider (VCSP) partners will think about how they design and architect backup repositories.

 

VCT-AS-01

 

By extending the Scale-out Backup Repository to take advantage of Object Storage, whether that be Amazon S3, Azure Blob, IBM Cloud Object Storage or any S3-Compatible platform (hosted or internal), we have enabled this feature to take advantage of cloud storage technologies to tier data blocks and offload them from the local Scale-out Backup Repository Performance Tier extents to Capacity Tier extents which can be configured to consume storage services as shown below.

 

VCT-AS-02

How is Veeam Cloud Tier different?

The innovative technology we have built into this feature allows for data to be stripped out of Veeam backup files (which are part of a sealed chain) and offloaded as blocks of data to Object Storage leaving a dehydrated Veeam backup file on the local extents with just the metadata remaining in place. This is done based on a policy that is set against the Scale-out Backup Repository that dictates the operational restore window of which local storage is used as the primary landing zone for backup data and processed as a Tiering Job every four hours.

The result is a space saving, smaller footprint on the local storage without sacrificing any of Veeam’s industry-leading recovery operations. This is what truly sets this feature apart and means that even with data residing in the Capacity Tier, you can still perform:

  • Instant VM Recoveries
  • Entire computer and disk-level restores
  • File-level and item-level restores
  • Direct Restore to Amazon EC2, Azure and Azure Stack

Just stepping back to think about what that mean. With Veeam Cloud Tier you are now able to recover or restore directly from Object Storage without the need for any additional, potentially expensive components. With that, you can start to understand just how innovative a feature Veeam Cloud Tier is!

In addition to that, we have built in further space saving efficiencies in the form of effective source side dedupe where by the same blocks of data are not offloaded to Object Storage, reducing the amount of consumed storage and reducing data transfer times up to the Capacity Tier. We have also added Intelligent Block Recovery that will source data blocks from the local backup files instead of what is tiered to Object Storage resulting in not only faster recovery times, but more importantly, cost savings when pulling data back when using Object Storage services that charge for egress.

Conclusion

For all Veeam customers and partners, both end users and VCSP partners alike, Veeam Cloud Tier represents an important inflection point in the way in which backup repositories are designed and built. No longer are there limitations on how big backup repositories can grow before complications arise from the accelerated growth of data. We have leveraged the power of the cloud with the efficiencies and cost savings of Object Storage platforms to deliver a feature that is unique in the market and we have been able to deliver this in such a way that no industry leading Veeam functionality has been lost.

Update 4 is now Generally Available and can be downloaded here.

The post Harness the power of cloud storage for long-term retention with Veeam Cloud Tier appeared first on Veeam Software Official Blog.


Harness the power of cloud storage for long-term retention with Veeam Cloud Tier

Now taking nominations for the 2019 Veeam Innovation Awards for Veeam Partners

Source: Veeam

The nomination window for the 2019 Veeam Innovation Awards for Partners is closing in a few days, so we’re taking a minute to highlight some of the VIA 2018 winners announced earlier this year with a few VCSPs.

At VeeamON 2018 in Chicago we held our inaugural Veeam Innovation Awards or VIAs. The idea behind the awards where to highlight our partners that do great things with great technology. Veeam has long offered our partners the ability to innovate on top of our core product set. This is most evident in our Veeam Cloud and Service Provider community where being able to differentiate among providers can mean the difference between success and failure in an industry that is ultra-competitive.

Having come from a successful VCSP in Australia where I worked alongside developers to create services based on the Veeam Backup & Replication platform I understand what it takes to develop and integrate Veeam into service offerings. In fact, having spent the majority of my career working within the Service Provider space I made sure that I was aware of what my competitors where doing. I often did research to find out how their innovations where stacking up to ours. There is a lot of intellectual property that goes into developing services, however we all start with the same base.

In the case of Veeam, what we offer today is a powerful platform that offers service providers immense flexibility, performance and reliability on which to offer cloud-based data protection. Weather this be for Infrastructure VMs, Backup as a Service/Replication as a Service through Cloud Connect or more recently backup for Office 365, our providers have been able to leverage Veeam’s automation functionality using our APIs and PowerShell commandlets to integrate those services into their own cloud management platforms.

With that, it’s no surprise that VCSPs featured heavily in the inaugural VIAs…

Probax

Probax is a VCSP headquartered out of Perth, Western Australia and are 100% reseller focused. Having already integrated Veeam Cloud Connect into their MSP reseller portal they created the Honeycomb VTL Archive product which leverages Veeam Backup Copy jobs taking GFS backup chains and moving them to low cost storage…all managed through the Probax Web Console. They have also created a service around the backup of Office 365 leveraging Veeam’s Backup for Microsoft Office 365 which has again been directly integrated into their Web Console. They embodied the spirit of the VIA’s by looking outside the box and solving the problem of air-gapping longer-term backup files in a protected state…all through the use of Veeam’s APIs and PowerShell capabilities.  Check out the Probax video.

iLand

iLand was another one of the four winners in 2018 and they took a slightly different approach with their submission having already lead the industry with their innovation around automation and provisioning of Veeam Infrastructure backups as well as offering Cloud Connect Backup & Replication services from their award winning control panel. iLand Catalyst is an in-house developed assessment tool that looks at storage requirements, latency considerations and other key metrics that enable their customer to be successful with Veeam based iLand solutions. This form of innovation looks to extend the usability of their Veeam platform to enable customers to understand how to size and plan for services effectively taking out the guess work often involved in purchasing cloud-based resources for backup and disaster recovery.  Check out the iLand video.

Next week, we’ll be highlighting the other two VIA2018 awardees – SiS and Merrimac.

Once again, it’s great to see our Veeam Cloud and Service Providers leading the way in offering innovative solution based on the Veeam Availability Platform…I’m looking forward to seeing what innovations are put forward at Veeam Velocity 2019 for the second incarnation of the VIAs!.
To find out more about the 2019 VIAs or to nominate your solution, please click here.

The post Now taking nominations for the 2019 Veeam Innovation Awards for Veeam Partners appeared first on Veeam Software Official Blog.


Now taking nominations for the 2019 Veeam Innovation Awards for Veeam Partners

Why our software-driven, hardware agnostic approach makes sense for backups

Source: Veeam

Having been hands-on in service provider land for the entirety of my career prior to joining Veeam, I understand the pain points that come with offering backup and recovery services. I’ve spent countless hours working on getting the best combination of hardware and software for those services. I also know firsthand the challenges that storage platforms pose for architecture, engineering and operations teams who design, implement and manage these platforms.

Storage scalability

An immutable truth that exists in our world is that backup and storage go hand in hand and you can’t have one without the other. In recent times, there has been an extreme growth in the amount of data being backed up and the sprawl of that data has also become increasingly challenging to manage. While data is growing quicker than it ever has, in relative terms the issues created by that haven’t changed in the last ten or so years — though they have been magnified.

Focusing on storage, those that have deployed any storage platform understand that there will come a point where hardware and software constraints start to come into play. I’ve not yet experienced or heard of a storage system that doesn’t apply some limitation on scale or performance at some point. Whether you are constrained by physical disk or controller based limits or software overheads, the reality is no system is infinitely scalable and free of challenge.

The immediate solution to resolve these challenges in my experience (and anecdotally) has always been to throw more hardware at the platforms by purchasing more. Whether it be performance or disk constraints, the end result is always to expand capacity or upgrade the core hardware components to get the system back to a point where it’s performing as expected.

That said, there are a number of systems that do work well, and if architected and managed in the correct way will offer longer term service sustainability. When it comes to designing storage for backup data, the principals that are used to design for other workloads such as virtual machines cannot be applied. Backup data is a long game and portability of that data should be paramount when choosing what storage to use.

How Veeam helps

Veeam offers tights integration with a number of top storage vendors via our storage integrations. Not only do these integrations offer flexibility to our customers and partners, but they also offer absolute choice and mobility when it comes to the short and long-term retention of backup data.

Extending that portability message — the way in which backup data is stored should mean that when storage systems reach the end of their lifetime, data isn’t held a prisoner to the hardware. Another inevitability of storage is that there will come a time when it needs replacing. This is where Veeam’s hardware agnostic, software-defined approach to backup comes into play.

Recently, there have been a number of products that have come into the market that offer an all-in-one solution for data protection in the form of software tied to hardware appliances. The premise of these offerings is ease of use and single platform to manage. While it’s true that all-in-one solutions are attractive, there is a sting in the tail of any platform that offers software that is tied to hardware.

Conclusion

Fundamentally, the issues that apply to storage platforms apply to these all-in-one appliances. They will reach a point where performance starts to struggle, upgrades are required and, ultimately, systems need to be replaced. This is where the ability to have freedom of choice and a decoupled approach to software and hardware ultimately results in total control of where your backup data is stored, how it performs and when that data is required to be moved or migrated.

You only achieve this through backup software that’s separated from the hardware. While it might seem like a panacea to have an all-in-one solution, there needs to be consideration as to what this means three, five or ten years into the future. Again, portability and choice is king when it comes to choosing a backup vendor. Lock in should be avoided at all costs.

The post Why our software-driven, hardware agnostic approach makes sense for backups appeared first on Veeam Software Official Blog.


Why our software-driven, hardware agnostic approach makes sense for backups

Bringing Clarity to Veeam’s vSphere client plug-in

Source: Veeam

With the release of vSphere 6.5, VMware introduced a supported version of the HTML5 vSphere Client that was bundled as part of the vCenter Server Appliance. Built upon VMware’s Clarity UI Framework, the move to the new HTML5 client had begun. The 6.5 release had partial functionality compared to the Flash-based Web Client, however, with the release of vSphere 6.7 in April, the HTML5 vSphere Client was brought up to feature parity and is now the preferred way to configure and manage vSphere environments.

Veeam has always supported VMware features, and with the release of Veeam Backup & Replication v7 back in August of 2013, we released our first version of the vSphere Web Client Plug-in for the Flash-based Web Client. With the news that the 6.7 release of vSphere will mark the final release of the Flash Web Client, it was time to upgrade the client for the new Clarity-based HTML5 Client. This will ship with the release of Veeam Backup & Replication Update3a, and just like the rest of the Clarity UX, the new version of the plug-in is impressive.

First off, it’s worth mentioning that the new HTML5 Client Plug-in will not work in 6.5 vSphere environments. The traditional Client Plug-in will still need to be used with the 6.5 Flash Web Client (as with earlier 5.x versions of vSphere). Installation is still handled via the Veeam Enterprise Manager as shown below.

Once installed from Enterprise Manager, the Plug-in should be visible in the HTML5 vSphere Client’s Menu. As per the old version of the Plug-in, there are two tabs presented, with the Settings tab used to setup password authentication and hook up your Veeam ONE instance.

The real beauty of us being able to leverage the Clarity UI is found in the Summary tab. This is still the place to get an overview of your Backup Repositories, Processed VMs, VM Overview and Job Statistics, however there is now a clean look and feel to the views that matches perfectly with the rest of the Web Client.

As with the previous version, you are able to call out to Veeam ONE to generate targeted reports against the Backup Repositories, Protected VMs and Job Statuses. And also, as with previous versions, you can create restore points for selected VMs using VeeamZIP (full backup) or Quick Backup (incremental backup) by right-clicking on the VM from the vSphere Client, without the need to use Veeam backup management console.


For more information on the updated Client Plug-in, including an overview and getting started, head to the online Veeam Help Pages and make sure you take advantage of this Veeam Backup & Replication Update 3a feature to further enhance your visibility and reporting of your vSphere backup environments.

Read more

The post Bringing Clarity to Veeam’s vSphere client plug-in appeared first on Veeam Software Official Blog.


Bringing Clarity to Veeam’s vSphere client plug-in

Simplifying cloud to cloud connectivity with Veeam PN

Source: Veeam

Veeam PN was launched as part of Veeam Recovery to Microsoft Azure, but Veeam PN has some great standalone use cases. In the last post, I showed how to access home lab/office machines while on the road using Veeam PN.

In this blog post, I’ll be covering a very real-world solution with Veeam PN where it will be used to easily connect geographically disparate cloud hosting zones, enabling you to achieve High Availability for applications and provide cross cloud application and services access. This is probably the most exciting of the three use cases I will cover in this blog series on Veeam PN, and with multi-cloud adoption in full swing, this is a very timely and useful capability.

Taking this use case one step further, how can cloud-to-cloud Availability be achieved in the most cost effective and operationally efficient way? There are obviously a few ways to connect clouds, and many other solutions out there, whether that be via some sort of MPLS, IPSec, L2VPN or stretched network solution. What Veeam PN achieves is simplicity — it’s very easy to configure, and it’s also very cost effective (remember it’s FREE). This makes it one of the best ways to connect one to one or one to many cloud zones with little to no overhead.

Cloud-to-cloud-to-cloud Veeam PN appliance deployment model

In this scenario, I want each vCloud Director zone to have access to the other zones and be always connected. I also want to be able to connect in via the OpenVPN endpoint client and have access to all zones remotely. All zones will be routed through the Veeam PN Hub Server deployed into Azure via the Azure Marketplace. To go over the Veeam PN deployment process, read my first post and also visit this VeeamKB that describes where to get the OVA and how to deploy and configure the appliance for first use.

Components

  • Veeam PN Hub Appliance x 1 (Azure)
  • Veeam PN Site Gateway x 3 (One Per Zettagrid vCD Zone)
  • OpenVPN Client (For remote connectivity)

Networking overview and requirements

  • Veeam PN Hub Appliance – Incoming Ports TCP/UDP 1194, 6179 and TCP 443
    • Azure VNET 10.0.0.0/16
    • Azure Veeam PN Endpoint IP and DNS Record
  • Veeam PN Site Gateways – Outgoing access to at least TCP/UDP 1194
    • Perth vCD Zone 192.168.60.0/24
    • Sydney vCD Zone 192.168.70.0/24
    • Melbourne vCD Zone 192.168.80.0/24
  • OpenVPN Client – Outgoing access to at least TCP/UDP 6179

In my setup, the Veeam PN Hub Appliance has been deployed into Microsoft Azure mainly because that’s where I was able to test out Veeam PN initially, but also because in theory it provides a centralized, highly available location for all the site-to-site connections to terminate into. This central hub can be deployed anywhere, and as long as it’s got HTTPS connectivity configured correctly to access the web interface, you can start to configure your site and standalone clients.

Configuring site clients for cloud zones (site-to-site)

In order to configure the Veeam PN Site Gateway you’ll need to register the sites from the Veeam PN Hub Appliance. When you register a client, Veeam PN generates a configuration file that contains VPN connection settings for the client. You must use the configuration file (downloadable as an XML) to set up the Site Gateways. Referencing the diagram at the beginning of the post, I needed to register three separate client configurations as shown below.

Once this has been completed, you need to deploy a Veeam PN Site Gateway in each vCloud Hosting Zone, and because we are dealing with an OVA, the OVFTool will need to be used to upload the Veeam PN Site Gateway appliances. I’ve previously created and blogged about an OVFTool upload script using PowerShell. Each Site Gateway needs to be deployed and attached to the vCloud vORG Network that you want to extend, in my case it’s the 192.168.60.0, 192.168.70.0 and 192.168.80.0 vORG Networks.

Once each vCloud zone has the Site Gateway deployed and the corresponding XML configuration file added, you should see all sites connected in the Veeam PN Dashboard.

At this stage, we have connected each vCloud Zone to the central Hub Appliance which is configured now to route to each subnet. If I was to connect an OpenVPN Client to the Hub Appliance, I could access all subnets and be able to connect to systems or services in each location. Shown below is the Tunnelblick OpenVPN Client connected to the Hub Appliance showing the injected routes into the network settings.

You can see above that the 192.168.60.0, 192.168.70.0 and 192.168.80.0 static routes have been added and set to use the tunnel interfaces default gateway which is on the central Hub Appliance.

Adding static routes to cloud zones (cloud to cloud to cloud)

To complete the setup and have each vCloud zone talking to each other, we need to configure static routes on each zone network gateway/router so that traffic destined for the other subnets knows to be routed through to the Site Gateway IP, through to the central Hub Appliance onto the destination and then back. To achieve this, you just need to add static routes to the router. In my example, I have added the static route to the vCloud Edge Gateway through the vCD Portal as shown below in the Melbourne Zone.

Conclusion

To summarize, below are the 5 steps that were taken to setup and configure the configuration of a cloud-to-cloud-to-cloud network using Veeam PN and its site-to-site connectivity feature. By doing so, allowing cross-site connectivity while enabling access to systems and services via the point-to-site VPN:

  1. Deploy and configure Veeam PN Hub Appliance
  2. Register cloud sites
  3. Register endpoints
  4. Deploy and configure Veeam PN Site Gateway in each vCloud zone
  5. Configure static routes in each vCloud zone

These five steps took me less than 30 minutes, which also took into consideration the OVA deployments as well. At the end of the day, I’ve connected three disparate cloud zones which all access each other through a Veeam PN Hub Appliance deployed in Microsoft Azure. From here, there is nothing stopping me from adding more cloud zones that could be situated in any public cloud, whether AWS, IBM or Google. I could even connect my home office or a remote site to the central Hub to give full coverage.

The key here is that Veeam Powered Network offers a very simple solution to what is traditionally a complex and costly one. Again, this will not suit all use cases, but at its most basic functional level, it’s a great solution for customers who have a need for cross-cloud connectivity.

Go give it a try! Get started with Veeam PN.

The post Simplifying cloud to cloud connectivity with Veeam PN appeared first on Veeam Software Official Blog.


Simplifying cloud to cloud connectivity with Veeam PN

Simplified remote access for home labs and offices with Veeam PN

Source: Veeam

On January 2018, Veeam publicly announced the release of Veeam PN (powered network) version 1, a lightweight SDN appliance that was released completely FREE to use. And while Veeam PN was released as part of a greater solution focused on extending network Availability for Microsoft Azure, Veeam PN can also be deployed as a standalone tool via a downloadable OVA. Veeam PN has some key standalone use cases we’ll explore in this blog series.

While testing the tool through it’s early dev cycles, it was clear there was an opportunity to allow access with home labs and other home devices, all without having to setup and configure relatively complex VPN or remote access solutions.

There are plenty of existing solutions that do what Veeam PN can, however, the biggest difference with comparing the VPN functionality with other VPN solutions, is that Veeam PN is purpose-built and easy-to-use, and setup is only within a couple clicks. Veeam PN’s underlying technology is built on OpenVPN, so that in itself provides users with a certain level of familiarity and trust. The other great thing about leveraging OpenVPN is that any Windows, MacOS or Linux client will work with the configuration files generated for point-to-site connectivity.

Home lab remote connectivity overview

While on the road, users need to easily access home lab/office machines. In my own case, I’m on the road quite a bit and need access without having to rely on published services externally via my entry-level Belkin router, I also didn’t have a static IP which always proved problematic for remote services while on the road. At home, I run a desktop that acts as my primary Windows workstation which also has VMware Workstation installed. I then have my SuperMicro 5028D-TNT4 server that has ESXi installed and runs my nested ESXi lab. I need access to at least RDP into that Windows workstation, but also get access to the management vCenter, SuperMicro IPMI and other systems running on the 192.168.1.0/24 subnet.

 

 

In the above diagram, you can see I also wanted to directly access workloads in the nested ESXi environment, specifically on the 172.17.0.1/24 and 172.17.1.1/24 networks. With the use of the Tunnelblick OpenVPN Client on my MBP, I am able to create a point-to-site connection to the Veeam PN Hub which is in turn connected via site-to-site to each of the subnets I want to connect into.

Deploying and configuring Veeam PN

As mentioned above, to get stared, you will need to download the Veeam PN OVA from Veeam.com. This Veeam KB describes where to get the OVA and how to deploy and configure the appliance for first use. If you don’t have a DHCP enabled subnet to deploy the appliance into, you can configure the network as a static by accessing the VM console, logging in with the default credentials and modifying the/etc/networking/interface file.

Components:

  • Veeam PN Hub Appliance x 1
  • Veeam PN Site Gateway x number of sites/subnets required
  • OpenVPN Client

The OVA is 1.5 GB, and when deployed, the virtual machine has the base specifications of 1 vCPU, 1 GB of vRAM and a 16 GB of storage, which if thin provisioned, consumes just over 5 GB initially.

Networking requirements:

  • Veeam PN Hub Appliance – Incoming Ports TCP/UDP 1194, 6179 and TCP 443
  • Veeam PN Site Gateway – Outgoing access to at least TCP/UDP 1194
  • OpenVPN Client – Outgoing access to at least TCP/UDP 6179

Note that as part of the initial configuration, you can configure the site-to-site and point-to-site protocol and ports which is handy if you are deploying into a locked-down environment and want to have Veeam PN listen on different port numbers.

 

 

In my setup, the Veeam PN Hub Appliance has been deployed into Azure, mainly because that’s where I was able to test out the product initially, and in theory it provides a centralized, highly available location for all the site-to-site connections to terminate into. This central hub can be deployed anywhere and as long as it’s got HTTPS connectivity configured correctly, you can access the web interface and start to configure your site and standalone clients.

Configuring site clients (site-to-site)

To complete the configuration of the Veeam PN Site Gateway, you need to register the sites from the Veeam PN Hub Appliance. When you register a client, Veeam PN generates a configuration file that contains VPN connection settings for the client. You must use the configuration file (downloadable as an XML) to set up the Site Gateways. Referencing the diagram at the beginning of the post, I needed to register three separate client configurations as shown below.

 


 

Once this was completed, I deployed three Veeam PN Site Gateways on my home office infrastructure as shown in the diagram — one for each site or subnet I wanted to have extended through the central hub. I deployed one to my Windows VMware Workstation instance on the 192.168.1.0/24 subnet and, as shown below, I deployed two Site Gateways into my nested ESXi lab on the 172.17.0.0/24 and 172.17.0.1/24 subnets respectively.

 

 

From there I imported the site configuration file into each corresponding Site Gateway that was generated from the central Hub Appliance and in as little as three clicks on each one, all three networks where joined using site-to-site connectivity to the central hub.

Configuring remote clients (point-to-site)

To be able to connect into my home office and home lab when on the road, the final step is to register a standalone client from the central Hub Appliance. Again, because Veeam PN is leveraging OpenVPN, what we are producing here is an OVPN configuration file that has all the details required to create the point-to-site connection — noting that there isn’t any requirement to enter in a username and password as Veeam PN is authenticating using SSL authentication.

 

 

For my MBP, I’m using the Tunnelblick OpenVPN Client. I’ve found it to be an excellent client, but it obviously being OpenVPN, there are a bunch of other clients for pretty much any platform you might be running. Once I imported the OVPN configuration file into the client, I was able to authenticate against the Hub Appliance endpoint as the site-to-site routing was injected into the network settings.

 

 

You can see above that the 192.168.1.0, 172.17.0.0 and 172.17.0.1 static routes have been added and set to use the tunnel interfaces default gateway which is on the central Hub Appliance. This means that from my MBP, I can now get to any device on any of those three subnets no matter where I am in the world — in this case I can RDP to my Windows workstation, connect to vCenter or ssh into my ESXi hosts.

Conclusion

To summarize, here are the steps that were taken in order to setup and configure the extension of a home office network using Veeam PN through its site-to-site connectivity feature to allow access to systems and services via a point-to-site VPN:

  1. Deploy and configure Veeam PN Hub Appliance
  2. Register sites
  3. Register endpoints
  4. Deploy and configure Veeam PN Site Gateway
  5. Setup endpoint and connect to Hub Appliance

Those five steps can take less than 15 minutes, which also takes into consideration the OVA deployments as well. This is a very streamlined, efficient process compared to other processes, which can take hours and would involve a more complex set of commands and configuration steps. The simplicity of the solution is what makes it very useful for home lab users wanting a quick and easy way to access their systems. It just works!

Again, Veeam PN is completely FREE, and downloadable in OVA format. And this use case I described, I have been using it without issues for a number of months, and it adds to the flexibility of the Veeam PN solution.

The post Simplified remote access for home labs and offices with Veeam PN appeared first on Veeam Software Official Blog.

Simplified remote access for home labs and offices with Veeam PN

Veeam Recovery to Microsoft Azure featuring Veeam PN now available!

Source: Veeam

Networking has always been one of the most complex parts of any IT solution, and whether you are connecting into a remote site, connecting branch offices together or extending on-premises networks to the cloud, there is traditionally a high level of complexity and cost that’s involved in establishing a reliable networking solution. When it comes to networking during a disaster, the level of complexity and margin for error is magnified. In relative terms, it has become easy to back up, replicate and then recover workloads, but getting access to those recovered systems remains a cumbersome process.

At VeeamON 2017, we announced the Release Candidate of Veeam PN (Veeam Powered Network) which — in combination with our existing Veeam Backup & Replication 9.5 feature Veeam Restore to Microsoft Azure — created a new total solution for networking and restoration called Veeam Recovery to Microsoft Azure. At the heart of this new solution is Veeam PN, which extends an on-premises network to an Azure network, enhancing our ability to back up anything, anywhere and restore to Azure.

Veeam PN

Deployable from the Azure Marketplace, the Veeam PN Appliance can be setup within minutes and be ready to act as the central hub for remote sites that have the Veeam PN Appliance deployed as a site gateway. It can also be used for remote users who connect to the central hub via an OpenVPN client application. Used in conjunction with Veeam Restore to Microsoft Azure, workloads can be recovered into Azure and then accessed remotely via the extended network created by Veeam PN.

Veeam PN is now Generally Available

NEW Veeam PN is a FREE solution that allows administrators to create, configure and connect site-to-site or point-to-site VPN tunnels easily through an intuitive and simple UI all within a couple of clicks. No need to deal with complex, time-consuming set ups — cloud connectivity is now made easy! There are two components to Veeam PN, a Hub Appliance that’s deployable from the Azure Marketplace, and a Site Gateway that’s downloadable from the Veeam.com website and deployed on-premises from an OVA, which means it can be installed into a number of virtualization platforms. New to the GA release is the ability to install from the Veeam.com Linux repositories using your package management system of choice depending on distribution.

Veeam PN for Microsoft Azure (Veeam Powered Network) is a free solution designed to simplify and automate the setup of a data recovery site in Microsoft Azure using lightweight software-defined networking (SDN).

 

Veeam PN is built upon OpenVPN which is a trusted and mature virtual private networking technology platform. We have created an intuitive, simple user interface which simplifies the entire networking configuration process.

Total on-demand recovery in the cloud

Having an easy way to leverage the public cloud as a recovery site should be available for every organization no matter the size, yet many recovery solutions still lack the ease of use, reliability, and can come with a steep price tag. With Veeam Recovery to Microsoft Azure, you get a reliable, turn key solution for creating an on-demand recovery site — available whenever you need it. This is truly a set-it and forget it solution, ideal for any sized organization wanting to gain new recovery options, without the need to build or maintain a costly recovery site.

Veeam PN highlights

  • Provides seamless and secure networking between on-premises and Azure-based IT resources
  • Delivers easy-to-use and fully automated site-to-site network connectivity between any site
  • Designed for both SMB and enterprise customers, as well as service providers.

Conclusion

Networking is still the most complex part of executing a successful data recovery plan. With Veeam PN, you can easily extend on-premises networks to recovery networks, and provide connectivity from remote sites back to recovery networks. Veeam PN achieves this together with Restore to Microsoft Azure via site-to-site connectivity, extending on-premises sites to Azure recovery networks. It also provides access for remote users, with the ability to connect into the HUB appliance in Azure and be connected to systems and services via point-to-site connectivity.

Veeam Recovery to Microsoft Azure is available now!

 

Helpful resources:

The post Veeam Recovery to Microsoft Azure featuring Veeam PN now available! appeared first on Veeam Software Official Blog.

Veeam Recovery to Microsoft Azure featuring Veeam PN now available!

Plugging into vSphere 6.5 enhancements to increase Availability

Source: Veeam

It’s been nearly a year since VMware released vSphere 6.5 which marked the 12th major release of VMware’s hypervisor and hypervisor management product suite. And while VMware has been focusing on more recent products like vSAN and NSX, it shouldn’t be forgotten that vSphere still remains at the core of the virtualization platform on top of which all other products are consumed. Veeam has a strong history of working with and supporting vSphere features, and the 6.5 release is no different.

As timing would have it, vSphere 6.5 was released a week before Veeam Backup & Replication 9.5, and with that, Veeam officially supported vSphere 6.5 with Veeam Backup & Replication 9.5 Update 1 which was released in January. Since then, VMware recently released Update 1 for vSphere 6.5 which brought a number of features and enhancements over the GA release. This is officially supported in Veeam Backup & Replication 9.5 Update 2.

vSphere 6.5 brought a simpler customer experience with automation and management at scale being a core focus. Enhancements focused on:

  • vCenter Operations
  • Storage
  • Security
  • Automation
  • Networking
  • Availability

There is a VMware technical white paper that contains the vSphere 6.5 What’s New information as well as the general release notes (plus release notes for vSphere 6.5 Update 1). Rather than go through the whole list, this article will focus on new features we at Veeam support, specifically covering how we plug into those vSphere features and enhancements to increase the efficiency of Veeam Backup & Replication which in turn creates a more efficient and trusted Availability platform.

vCenter Operations

With vCenter 6.5, there is now a native backup and restore function if you run the vCenter Server Appliance (VCSA) that enables users to back up vCenter and the Platform Service Controllers directly from the vCenter Appliance Management Interface (VAMI) or the API. In addition to that, we have come out with a technical white paper on how to back up and recover the VCSA and PSC with Veeam to ensure full recoverability of your vCenter components.

vSphere 6.5 enhancements to increase Availability

With the release of vSphere 6.5, the HTML5 Web Client was available as a side-by-side alternative to the existing Flash-based Web Client. This HTML5 is a big step forward and is based on a VMware Fling. The version included in the GA of 6.5 had partial functionality, meaning it was not a one-to-one replacement for the Flash client, and as of Update 1, the HTML client has about 90% of general workflows completed. The HTML5 client can be accessed from https://<vcenter>/ui and requires no browser plugins to work.

Veeam has its own Web Client Plugin that’s currently compatible with the Flash-based Web Client and gives backup administrators an operational view of Veeam Backup & Replication as well as the ability to perform full backups with VeeamZIP or incrementals with Quick Backup. The Web Client Plugin also works when Veeam ONE is installed. You can also examine the Protected VMs report that provides a list of which VMs are protected by Veeam Backup & Replication and those which are not.

Storage

With regards to storage, vSphere 6.5 introduced VMFS 6 and offered support for advanced drive format support. VVol 2.0 was also enhanced in 6.5 and Veeam fully supports backup and recovery operations to both VVol and VMFS6 backed datastores. There have also been significant improvements in snapshot performance which leads to more efficient backup windows and less stress on applications due to less risk of VM stun if Veeam Hot-Add mode is used as a backup transport mode.

vSAN has also been improved in the vSphere 6.5 timeframe with the release of vSAN 6.5. Veeam is fully vSAN-aware and has some built-in logic in the job engine that detects if a VM is on a vSAN datastore and then works out which Veeam Proxy should be the primary for the VM Hot-Add, ensuring an optimal backup traffic path from the host to the backup repository.

Security

Security has become a big focus for VMware and vSphere 6.5, and Update 1 added significant improvements to VM security. Apart from encrypted vMotion and secure boot, one of the most important features is the introduction of encrypted VMs.

Encryption occurs at the hypervisor level and not at the VM guest level, and therefore works with any guest OS and datastore type. Encryption is managed via policy, and the policy can be applied to many VMs, regardless of their guest OS. Verifying that the VM is encrypted is as simple as confirming that the policy is applied. The policy framework being used leverages vSphere Storage Policy Based Management (SPBM). Veeam Backup & Replication fully supports encrypted VMs for backup and recovery operations.

Automation

There is an enhanced set of APIs released as part of vSphere 6.5 including an API explorer as part of the vCenter Server Appliance (VCSA). However, vSphere 6.5 discontinued the VIX API that previous Veeam versions leveraged for network-less guest interaction for functionality such as application-aware processing. As part of Veeam’s vSphere 6.5 support effort, we have switched the corresponding functionality to the new vSphere API for guest interaction, so that you can continue using the existing product functionality with vSphere 6.5.

There is also a new VM tag API support by way of new APIs for programmatic access and management of vSphere tags. With its support by Veeam, you can continue using advanced backup policies based on tags even after you upgrade to vSphere 6.5, which is all part of Storage-Based Policy Management.

Networking and Availability

Finally, there have been a number of under the hood enhancements to networking including dedicated gateways for VMkernel adapters and datapath enhancements that improve the scalability or the vSphere Distributed Switch. While not directly related to backup, having a resilient networking stack is critical for Veeam to work as efficiently as possible when performing backup and restore tasks. With regards to Availability in terms of core vSphere enhancements, there is new Proactive HA and Admission control improvements as well as DRS enhancements.

Veeam vSphere enhancements

In Veeam Backup & Replication 9.5, we released some significant scalability enhancements to specifically optimize the backup and recoverability experience for our users. In general, there was a doubling of I/O performance that can shorten backup windows by up to five times while reducing the load on core virtualization platform components such as vCenter. Advanced Data Fetcher improves backup performance for individual virtual disks while reducing the load on primary storage due to the reduced number of I/O operations required to complete a backup. This was a VMware feature in 9.5 and is used by Backup from Storage Snapshots, Hot-Add and Direct NFS modes. VMware vSphere Infrastructure Cache maintains an in RAM mirror of vSphere infrastructure hierarchy to accelerate the Building VM list operation when creating or modifying a job. This also removes loads from vCenter. The cache is maintained with real-time updates via a subscription to vCenter Server infrastructure change events.

That put together with the other vSphere supportability talked about above, continues to show Veeam’s commitment to ensuring its VMware customers are getting the best Availability experience possible, and we are set to continue that when Veeam Backup & Replication v10 becomes available.

See also:

The post Plugging into vSphere 6.5 enhancements to increase Availability appeared first on Veeam Software Official Blog.

Plugging into vSphere 6.5 enhancements to increase Availability

The VCSP opportunity with Veeam Agent for Windows

Source: Veeam

For a good part of the last 18 months of my previous role as Lead Architect at a leading Veeam Cloud & Service Provider (VCSP) partner I was involved in a project to try and come up with an easy way for our clients to perform in-guest backups of their IaaS virtual machines. At that time it involved clumsy and complex methods of performing file-level or application-aware backups to an external location. Not only were those methods problematic, they often led customers to consuming storage that wasn’t part of our own service offerings.

There had to be a better way to build out that new service offering in such a way that we could give our clients a more streamlined approach to offsite backups that also generated income for us in the form of clients using our own storage as targets for the offsite backups to be stored in. At the time, I knew about Veeam Endpoint Backup but it did not have an option to back up externally unless we exposed our Veeam Backup & Replication server over the internet, which in many ways defeated the requirement of the project for simplicity in the service offering.

Cloud Connect comes through again!

NEW Veeam Agent for Microsoft Windows 2.0 has the ability to back up directly to Veeam Cloud Connect repositories without any additional investments from the VCSP. It just works as part of any existing Cloud Connect Backup infrastructure built on Veeam Backup & Replication 9.5 Update 2. As we did with Cloud Connect Backup and then Cloud Connect Replication in resolving the complexity around getting virtual machine backups, backup copy jobs and replicas up into a cloud platform, we have now resolved the complexity of getting physical servers and workstations as well as cloud-based Windows instances into cloud environments operated by our VCSP partners.

The Availability challenge

As mentioned, there exists a challenge in being able to provide robust backup for physical servers and workstations that cannot be virtualized due to complex hardware configurations or regulatory compliance regulations. There is also a challenge in being able to provide low RPOs for users on workstations, laptops and tablets whether in corporate, remote or home offices and there is also a big challenge around being able to back up and recover Windows instances that reside in public cloud environments as well as those workloads that sit on alternative hypervisors to VMware and Hyper-V.

The agent solution

Veeam Agent for Microsoft Windows solves all those challenges listed above and would have certainly been the answer to the project in my previous role. All VCSPs running Cloud Connect can now extend their Backup as a Service (BaaS) offerings with the capabilities provided by Veeam Agent for Microsoft Windows in a combination with Veeam Backup & Replication 9.5 Update 2.

VCSPs can now offer their partners and clients Veeam Agent for Microsoft Windows licensing through the VCSP program and also provide new and existing tenants with the ability to create sub-tenants and consume storage using Cloud Connect repositories as the offsite backup target. With Veeam Agent for Microsoft Windows allowing to back up directly to Cloud Connect repositories, we have opened the way to back up offsite physical servers, workstations and endpoints as well as workloads running in Azure, AWS or any other public cloud.

The VCSP agent opportunity

Let this opportunity sink in – the ability to offer offsite backup services beyond virtual machines sitting on VMware or Hyper-V to both on-premises and remote offices, physical workloads as well as workloads residing in public clouds. The physical market opportunity is truly open for business by Veeam with the release of Veeam Agent for Microsoft Windows and VCSPs should be, if not already, looking to this new Veeam Agent offering to deliver value to customers and increase adoption of Cloud Connect Backup services.

With over one million downloads of Veeam Endpoint Backup, we are already seeing a great number of users upgrading to Veeam Agent for Microsoft Windows 2.0. With all the Veeam Endpoint Backup users upgrading to the newer version, imagine one million endpoints, which you as a VSCP can help to protect by backing up offsite to a Cloud Connect repository… think about that!

So, if you are a VCSP looking for new opportunities to offer your customers backup services around physical servers, workstations and Windows-based cloud workloads, don’t wait! Make sure you look at Veeam Agent for Microsoft Windows 2.0 and get in position to offer your partners and clients service offerings that take advantage of Veeam’s enhanced features for VCSPs in Veeam Backup & Replication 9.5 Update 2.

The post The VCSP opportunity with Veeam Agent for Windows appeared first on Veeam Software Official Blog.

The VCSP opportunity with Veeam Agent for Windows