Why we chose WireGuard for Veeam PN v2

Source: Veeam

The challenge with OpenVPN

In 2017, Veeam PN was released as part of Veeam Recovery to Microsoft Azure. The Veeam PN use case went beyond the extending of Azure networks for workload recoverability and was quickly adopted by IT enthusiasts for use of remote connectivity to home labs and the connectivity of remote networks that could be spread out across cloud and on-premises platforms.

Our development roadmap for Veeam PN had been locked in, however, we found that customers wanted more. They wanted to use it for data protection, with Veeam Backup & Replication to move data between sites. When moving backup data utilizing the underlying physical connections to its maximum is critical. With OpenVPN, our R&D found that it couldn’t scale and perform to expectation no matter what combination of CPU and other resources we threw at it.

Veeam Powered Network v2 featuring WireGuard

We strongly believe that WireGuard is the future of VPNs with significant advantages over more established protocols like OpenVPN and IPsec. WireGuard is more scalable and has proven to outperform OpenVPN in terms of throughput. This is why we chose to make a tough call to rip out OpenVPN and replace it with WireGuard for site-to-site VPNs. For Veeam PN developers, this meant the rip and replacement of existing source code and meant that existing users of Veeam PN would not be able to perform an in-place upgrade.

Further to our own belief in WireGuard, we also looked at it as the protocol of choice due to the rise of it in the Open Source world as a new standard in VPN technologies. WireGuard offers a higher degree of security through enhanced cryptography that operates more efficiently, leading to increased performance and security. It achieves this by working in kernel and by using fewer lines of code (4,000 compared to 600,000 in OpenVPN) and offers greater reliability when connecting hundreds of sites…again thinking about performance and scalability for more specific backup and replication use cases.

Recent support for WireGuard becoming a defacto standard in VPNs was ratified by Linus Torvalds:

 

“Can I just once again state my love for [WireGuard] and hope it gets merged soon? Maybe the code isn’t perfect, but I’ve skimmed it, and compared to the horrors that are OpenVPN and IPSec, it’s a work of art.”

Linus Torvalds, on the Linux Kernel Mailing List

Increased security and performance

WireGuard’s security was also a factor in moving on from OpenVPN. Security is always a concern with any VPN, and WireGuard takes a more simplistic approach to security by relying on crypto versioning to deal with cryptographic attacks… in a nutshell it’s easier to move through versions of primitives to authenticate rather than client server negotiation of cipher type and key lengths.

Because of this streamlined approach to encryption in addition to the efficiency of the code WireGuard can outperform OpenVPN, meaning that Veeam PN can sustain significantly higher throughputs (testing has shown performance increases of 5x to 20x depending on CPU configuration) which opens up the use cases to be for more than just basic remote office or homelab use. Veeam PN can now be considered as a way to connect multiple sites together and have the ability to transfer and sustain hundreds of Mb/s which is perfect for data protection and disaster recovery scenarios.

Solving the UDP problem, easy configuration and point-to-site connectivity

One of the perceived limitations of WireGuard is the fact that it does all it’s work over UDP, which can cause challenges when deploying into locked down networks that by default trust TCP connections more than UDP. To solve this potential road block for adoption, our developers worked out a way to encapsulate (with minimal overhead) the WireGuard UDP over TCP to give customers choice depending on their network security setup.

By incorporating WireGuard into an all in one appliance (or installable via a simple script on an already installed Ubuntu Server), we have made the installation and configuration of complex VPNs simple and reliable. We have kept OpenVPN as the protocol for connecting point-to-site for the moment due to the wider distribution of OpenVPN Clients across platforms. Client access through to the Veeam PN Hub is done via OpenVPN with site-to-site access handled by WireGuard.

Other enhancements

Core what we wanted to achieve with Veeam PN is simplifying complexity and we wanted to ensure this remained in place regardless of what was doing the heavy lifting underneath. The addition of WireGuard is easily the biggest enhancement from Veeam PN v1, however, there are several other enhancements listed below

  • DNS forwarding and configuring to resolve FQDNs in connected sites.
  • New deployment process report.
  • Microsoft Azure integration enhancements.
  • Easy manual product deployment.

Conclusion

Once again, the premise of Veeam PN is to offer Veeam customers a free tool that simplifies the traditionally complex process around the configuration, creation and management of site-to-site and point-to-site VPN networks. The addition of WireGuard as the site-to-site VPN platform will allow Veeam PN to go beyond the initial basic use cases and become an option for more business-critical applications due to the enhancements that WireGuard offers. Once again, we chose WireGuard because we believe it is the future of VPN protocols and we are excited to bring it to our customers with Veeam PN v2.

Download it now!

Helpful resources:

The post Why we chose WireGuard for Veeam PN v2 appeared first on Veeam Software Official Blog.


Why we chose WireGuard for Veeam PN v2

Centralized managed backup with Veeam Availability Console v3

Source: Veeam

Existing challenges of delivering managed backup solutions

Having worked in the cloud and managed services space before joining Veeam, and now working directly with our own VCSP partners, I understand the challenges that come with providing a managed backup service to customers.  Having one platform that encompasses the ability to provide visibility, management and automation as well as self-service is something that most service providers, whether they offer a full managed offering or provide IaaS desire.

When it comes to customers using Veeam Backup & Replication for business-critical backup and data availability services whether it be a single site or across multiple sites, having a centralized system to log into and get an overview of the current state of their backups while being able to action jobs and report on is something also desired.  For cloud and managed service providers that operate a channel or reseller program, allocating access and allowing granular control to their own partners who in turn can manage their own customers is something that is invaluable and also something that has been requested for a long time.

Evolving the managed backup portal

When Veeam first released the Managed Backup Portal as a hosted offering on Azure for our partners back in 2016, the problem that was being solved was around the management and visibility of on-premises customer Veeam Backup & Replication installations. As mentioned above, one of the biggest issues any managed service provider has is the ability to have a single console to gather information and manage client services. The Managed Backup Portal was Veeam’s way to dip our toes in the water and begin to understand what our VCSP partners really wanted from a central management and monitoring platform.

When Veeam Availability Console v2 was released as the successor to the Managed Backup Portal Veeam added core functionality around Veeam Agent for Microsoft Windows deployment and management as well as enhancing the monitoring of remote customer Backup & Replication servers. When Update 1 for v2 was released last year the platform had evolved further with added features and enhancements around visibility for Linux Agents and new granular user roles… however there were still key features that our VCSP partners were after.

Introducing Veeam Availability Console v3

With the release of Veeam Availability Console v3, we have taken huge strides in delivering to VCSP partners a console that acts as the central place to manage all aspects of their backup offerings. Not only does it build on the previous releases, but also looks to place VAC as a critical component of any Veeam-powered service provider offering.

Key new features and enhancements:

  • Reseller Role for more granular access and control
  • Enhanced licensing management and rental usage reporting
  • Support for Veeam Instance Licensing
  • Multiple Cloud Connect server support
  • Enhanced RESTful APIs

This release also delivers full support for all recently shipping Veeam products including Veeam Backup & Replication 9.5 Update 4 (Including Cloud Connect enhancements and vCloud Director support and integration) as well as Veeam Agent for Microsoft Windows 3.0 and the new ability to create multiple jobs. There are also enhancements to support, Windows Event Logging and notifications while also increasing security.

Reseller role

The new reseller role allows providers that have partners or that are running channel programs to offer their partners access to an out-of-the-box console. This console, that can be rebranded for each reseller, has pre-built functionality that allows the reseller to manage customers as well as taking advantage of the new features shipped with v3.

Resellers maintain full visibility of their customers while still being able to control backup and replication jobs, deploy agents and perform aggregated license management and reporting. Granular roles and permissions allow for greater flexibility of customer management with the ability to now map resellers to Site Scopes, which is a new feature in v3 that sets the level of access and ties it to one or more Cloud Connect server installations.

License management and rental usage reporting

The new Usage Reports section provides enhanced reporting for on-premises Veeam Backup & Replication servers, Veeam Agents and for Veeam Cloud Connect services. Important for VCSP partners is the new Cloud Connect usage reporting which provides a detailed report of all Cloud Connect licenses and breaks it down on a per tenant level as well allowing for easier end of month billing and license reporting.

License usage can be managed from the console (or via the RESTful API) which now offers the ability to install, delete or update the license key of the remote Backup & Replication servers, Cloud Connect servers, as well as force Auto Update of the license key for the selected server. Another significant enhancement is that VCSPs no longer require customers to enable the “Allow Remote Management” checkbox while configuring a service provider at the remote site to enable license reporting. Something which is significant for those cloud service providers who may not offer managed services.

Scalability and automation enhancements

Previously, Veeam Availability Console had the ability to connect to only one Cloud Connect Server instance. This meant that VCSPs were required to pair one VAC instance to a Cloud Connect instance. Larger providers that have multiple zones had to deploy the Veeam Availability Console plus Cloud Connect paring in each zone. Based on internal lab testing, VAC v3 has the ability to add up to 50 Cloud Connect servers (number can vary depending on the infrastructure setup) under the one VAC server.

This adds the ability to see the entire Cloud Connect infrastructure from a single console while supporting the ability to scale-out a single instance of VAC to cover all tenants and services under management. Not only does it add the ability to expand locally, but now VCSP partners can have GEO locations as sites all managed under the same portal login.

Automation through the RESTful API continues to be enhanced with a number of added API calls, expanding the existing set with greater ability around configuration, billing and backup management, while adding requests for customer and reseller management, license management, alarms and more. As with previous released of Veeam Availability Console , this is all easily consumable via the Swagger UI.

Conclusion

Combining all this in a managed services platform ticks all the boxes for service providers offering managed backup services of all types and allows complete control, manageability, reporting as well as offering scalability of service. With the release of Veeam Availability Console v3, all Veeam Cloud & Service Providers should have this installed into their environments to act as the central mechanism for visibility, management and control as well as the source of truth for license management and reporting.

The post Centralized managed backup with Veeam Availability Console v3 appeared first on Veeam Software Official Blog.


Centralized managed backup with Veeam Availability Console v3

Enhancing DRaaS with Veeam Cloud Connect and vCloud Director

Source: Veeam

The state of disaster recovery

While many organizations have understood the importance of the 3-2-1 rule of backup in getting at least one copy of their data offsite, they have traditionally struggled to understand the value of making their critical workloads available with replication technologies. Replication and Disaster Recovery as a Service (DRaaS) still predominantly focus on the Availability of Virtual machines and the services and applications that they run. The end goal is to have critical line of business applications identified, replicated and then made available in the case of a disaster.

The definition of a disaster varies depending on who you speak to, and the industry loves to use geo-scale impact events when talking about disasters, but the reality is that the failure of a single instance or application is much more likely than whole system failures. This is where Replication and Disaster Recovery as a Service becomes important, and organizations are starting to understand the critical benefits of combining offsite backup together with replication of their critical on-premises workloads.

Veeam Cloud Connect

While the cloud backup market has been flourishing, it’s true that most service providers who have been successful with Infrastructure as a Service (IaaS) have spent the last few years developing their Backup, Replication and Disaster Recovery as a Service offerings. With the release of Veeam Backup & Replication v8, Cloud Connect Backup was embraced by our cloud and service provider partners and became a critical part of their service offerings. With version 9, Cloud Connect Replication was added, and providers started offering Replication and Disaster Recovery as a Service.

Cloud Connect Replication was released with industry-leading network automation features, and the ability to abstract both Hyper-V and vSphere compute resources and have those resources made available for tenants to replicate workloads into service provider platforms and have them ready for full or partial disaster events. Networking is the hardest part to get right in a disaster recovery scenario and the Network Extension Appliance streamlined connectivity by simplifying networking requirements for tenants.

While Cloud Connect Replication as it stood pre-Update 4 was strong technology…it was missing one thing…

Introducing vCloud Director support for Veeam Cloud Connect Replication

VMware vCloud Director has become the de facto standard for service providers who offer Infrastructure as a Service. While always popular with top VMware Cloud Providers since its first release back in 2010, the recent enhancements with support for VMware NSX, a brand new HTML5-based user interface, together with increased interoperability, has resulted in huge growth in vCloud Director being deployed as the cloud management platform of choice.

Veeam has had a long history supporting vCloud Director, with the industry’s first support for vCloud Director-aware backups released in Veeam Backup & Replication v7. With the release of Update 4, we added support for Veeam Cloud Connect to replicate directly into vCloud Director virtual data centers, allowing both our cloud and service provider partners, and tenants alike, to take advantage of the enhancements VMware has built into the platform.

 

 

By extending Cloud Connect Replication to take advantage of vCloud Director as a way to allocate service provider cloud resources natively, we have given providers the ability to utilize the constructs of vCloud Director and have their tenants consume cloud resources easily and efficiently.

 

Benefits of vCloud Director with Cloud Connect Replication

By allowing tenants to consume vCloud Director resources, it allows them to take advantage of more powerful features when dealing with full disaster, or the failure of individual workloads. Not only will full or partial failovers be more transparent with the use of the vCloud Director HTML5 Tenant UI, but networking functionality will also be enhanced by tapping into VMware’s industry leasing Network Virtualization technology, NSX.

With tenants able to view and access VM replicas via the vCloud Director HTML5 UI, they will have greater visibility and access before and after failover events. The vCloud Director HTML5 UI will also allow tenants to see what is happening to workloads as they boot and interact with the guest OS directly, if required. This dramatically reduces the reliance on the service provider helpdesk and ensures that tenants are in direct control of their replicas.

 

 

From a networking point of view, being able to access the NSX Edge Gateway for replicated workloads means that tenants can take advantage of the advanced networking features available on the NSX Edge Gateway. While the existing Network Extension Appliance did a great job in offering basic network functionality, the NSX Edge offers:

  • Advanced Firewalling and NAT
  • Advanced Dynamic Routing (BGP, OSPF and more)
  • Advanced Load Balancing
  • IPsec and L2VPN
  • SSL VPN
  • SSL Certificate Services

 

Put all that together with the ability to manage and configure everything through the vCloud Director HTML5 UI and you start to get an understanding of how utilizing NSX via vCloud Director enhances Cloud Connect Replication for both service providers and tenants.

There are also a number of options that can be used to extend the tenant network to the service provider cloud network when actioning a partial failover. Tenants and service providers can configure custom IPsec VPNs or use the IPsec functionality of the NSX Edge Gateway to be in place prior to partial failover.

The Network Extension Appliance is still available for deployment in the same way as before Update 4 and can be used directly from within a vCloud Director virtual data center to automate the extension of a tenant network so that the failed over workload can be accessible from the tenant network, even though it resides in the service provider’s environment.

Conclusion

For Veeam Cloud & Service Providers (VCSP) that underpin their backup and replication service offerings with Veeam Cloud Connect, the addition of vCloud Director support means that there is an even stronger case to deliver replication and disaster recovery to customers. For end users, the added benefits of the vCloud Director HTML5 UI, and enhanced networking services backed by NSX, means that you are able to have more confidence in recovering from disasters, and in your ability to provide greater business continuity.

Resources:

The post Enhancing DRaaS with Veeam Cloud Connect and vCloud Director appeared first on Veeam Software Official Blog.


Enhancing DRaaS with Veeam Cloud Connect and vCloud Director

Harness the power of cloud storage for long-term retention with Veeam Cloud Tier

Source: Veeam

The cost and efficiency of data

All organizations are experiencing explosive data growth. Data growth continues to accelerate at almost exponential speed and with that comes pain points of organizations trying to manage that growth. More data means more robust applications to handle larger data sets, which also means more infrastructure to handle applications and the data itself. While the cost and management of on-premises storage has come down as hardware and disk technologies improve, organizations still face significant overhead when maintaining their own hardware infrastructure.

Taking that a step further as it relates to backups, when you combine the growth of data together with more strict regulations around data retention, the challenges that come with managing storage platforms for production and backup workloads becomes even more complex. The reality persists that organizations still struggle to achieve the economy of scale both from an operational and cost point of view that makes storing data long term viable.

The rise of Object Storage

Object Storage has fundamentally shifted the storage landscape, mainly due to its popularity in the public cloud space but also because it offers advantages over traditional block and file-based storage systems. Object Storage overcomes many of the limitations of file and block due to its design and fundamental concept of being able to scale out infinitely. Because a large percentage of backup data is considered to be for long-term retention. Object Storage seems to be a perfect fit.

Though the likes of Amazon, Azure and IBM Cloud offer Object Storage, the amount of organizations that have deployed Object Storage to their on-premises environments remains relatively low. The popular trend is to consume cloud-based Object Storage platforms to take advantage of the hyper-scalers own economies of scale which can’t be matched. With the cost of storage at fractions of a cent per GB, organizations desire to consume cloud-based Object Storage has increased and many have been made aware of its benefits.

Introducing Veeam Cloud Tier

With the launch of Update 4 for Veeam Backup & Replication 9.5, we have added Veeam Cloud Tier as a new innovative way to extend backup repositories to the cloud effectively delivering an infinitely scalable Scale-out Backup Repository. By using the new Object Storage Repository as a Capacity Tier Extent as part of the Scale-out Backup Repository, we have fundamentally changed the way in which organizations and our Veeam Cloud & Service Provider (VCSP) partners will think about how they design and architect backup repositories.

 

VCT-AS-01

 

By extending the Scale-out Backup Repository to take advantage of Object Storage, whether that be Amazon S3, Azure Blob, IBM Cloud Object Storage or any S3-Compatible platform (hosted or internal), we have enabled this feature to take advantage of cloud storage technologies to tier data blocks and offload them from the local Scale-out Backup Repository Performance Tier extents to Capacity Tier extents which can be configured to consume storage services as shown below.

 

VCT-AS-02

How is Veeam Cloud Tier different?

The innovative technology we have built into this feature allows for data to be stripped out of Veeam backup files (which are part of a sealed chain) and offloaded as blocks of data to Object Storage leaving a dehydrated Veeam backup file on the local extents with just the metadata remaining in place. This is done based on a policy that is set against the Scale-out Backup Repository that dictates the operational restore window of which local storage is used as the primary landing zone for backup data and processed as a Tiering Job every four hours.

The result is a space saving, smaller footprint on the local storage without sacrificing any of Veeam’s industry-leading recovery operations. This is what truly sets this feature apart and means that even with data residing in the Capacity Tier, you can still perform:

  • Instant VM Recoveries
  • Entire computer and disk-level restores
  • File-level and item-level restores
  • Direct Restore to Amazon EC2, Azure and Azure Stack

Just stepping back to think about what that mean. With Veeam Cloud Tier you are now able to recover or restore directly from Object Storage without the need for any additional, potentially expensive components. With that, you can start to understand just how innovative a feature Veeam Cloud Tier is!

In addition to that, we have built in further space saving efficiencies in the form of effective source side dedupe where by the same blocks of data are not offloaded to Object Storage, reducing the amount of consumed storage and reducing data transfer times up to the Capacity Tier. We have also added Intelligent Block Recovery that will source data blocks from the local backup files instead of what is tiered to Object Storage resulting in not only faster recovery times, but more importantly, cost savings when pulling data back when using Object Storage services that charge for egress.

Conclusion

For all Veeam customers and partners, both end users and VCSP partners alike, Veeam Cloud Tier represents an important inflection point in the way in which backup repositories are designed and built. No longer are there limitations on how big backup repositories can grow before complications arise from the accelerated growth of data. We have leveraged the power of the cloud with the efficiencies and cost savings of Object Storage platforms to deliver a feature that is unique in the market and we have been able to deliver this in such a way that no industry leading Veeam functionality has been lost.

Update 4 is now Generally Available and can be downloaded here.

The post Harness the power of cloud storage for long-term retention with Veeam Cloud Tier appeared first on Veeam Software Official Blog.


Harness the power of cloud storage for long-term retention with Veeam Cloud Tier

Now taking nominations for the 2019 Veeam Innovation Awards for Veeam Partners

Source: Veeam

The nomination window for the 2019 Veeam Innovation Awards for Partners is closing in a few days, so we’re taking a minute to highlight some of the VIA 2018 winners announced earlier this year with a few VCSPs.

At VeeamON 2018 in Chicago we held our inaugural Veeam Innovation Awards or VIAs. The idea behind the awards where to highlight our partners that do great things with great technology. Veeam has long offered our partners the ability to innovate on top of our core product set. This is most evident in our Veeam Cloud and Service Provider community where being able to differentiate among providers can mean the difference between success and failure in an industry that is ultra-competitive.

Having come from a successful VCSP in Australia where I worked alongside developers to create services based on the Veeam Backup & Replication platform I understand what it takes to develop and integrate Veeam into service offerings. In fact, having spent the majority of my career working within the Service Provider space I made sure that I was aware of what my competitors where doing. I often did research to find out how their innovations where stacking up to ours. There is a lot of intellectual property that goes into developing services, however we all start with the same base.

In the case of Veeam, what we offer today is a powerful platform that offers service providers immense flexibility, performance and reliability on which to offer cloud-based data protection. Weather this be for Infrastructure VMs, Backup as a Service/Replication as a Service through Cloud Connect or more recently backup for Office 365, our providers have been able to leverage Veeam’s automation functionality using our APIs and PowerShell commandlets to integrate those services into their own cloud management platforms.

With that, it’s no surprise that VCSPs featured heavily in the inaugural VIAs…

Probax

Probax is a VCSP headquartered out of Perth, Western Australia and are 100% reseller focused. Having already integrated Veeam Cloud Connect into their MSP reseller portal they created the Honeycomb VTL Archive product which leverages Veeam Backup Copy jobs taking GFS backup chains and moving them to low cost storage…all managed through the Probax Web Console. They have also created a service around the backup of Office 365 leveraging Veeam’s Backup for Microsoft Office 365 which has again been directly integrated into their Web Console. They embodied the spirit of the VIA’s by looking outside the box and solving the problem of air-gapping longer-term backup files in a protected state…all through the use of Veeam’s APIs and PowerShell capabilities.  Check out the Probax video.

iLand

iLand was another one of the four winners in 2018 and they took a slightly different approach with their submission having already lead the industry with their innovation around automation and provisioning of Veeam Infrastructure backups as well as offering Cloud Connect Backup & Replication services from their award winning control panel. iLand Catalyst is an in-house developed assessment tool that looks at storage requirements, latency considerations and other key metrics that enable their customer to be successful with Veeam based iLand solutions. This form of innovation looks to extend the usability of their Veeam platform to enable customers to understand how to size and plan for services effectively taking out the guess work often involved in purchasing cloud-based resources for backup and disaster recovery.  Check out the iLand video.

Next week, we’ll be highlighting the other two VIA2018 awardees – SiS and Merrimac.

Once again, it’s great to see our Veeam Cloud and Service Providers leading the way in offering innovative solution based on the Veeam Availability Platform…I’m looking forward to seeing what innovations are put forward at Veeam Velocity 2019 for the second incarnation of the VIAs!.
To find out more about the 2019 VIAs or to nominate your solution, please click here.

The post Now taking nominations for the 2019 Veeam Innovation Awards for Veeam Partners appeared first on Veeam Software Official Blog.


Now taking nominations for the 2019 Veeam Innovation Awards for Veeam Partners

Why our software-driven, hardware agnostic approach makes sense for backups

Source: Veeam

Having been hands-on in service provider land for the entirety of my career prior to joining Veeam, I understand the pain points that come with offering backup and recovery services. I’ve spent countless hours working on getting the best combination of hardware and software for those services. I also know firsthand the challenges that storage platforms pose for architecture, engineering and operations teams who design, implement and manage these platforms.

Storage scalability

An immutable truth that exists in our world is that backup and storage go hand in hand and you can’t have one without the other. In recent times, there has been an extreme growth in the amount of data being backed up and the sprawl of that data has also become increasingly challenging to manage. While data is growing quicker than it ever has, in relative terms the issues created by that haven’t changed in the last ten or so years — though they have been magnified.

Focusing on storage, those that have deployed any storage platform understand that there will come a point where hardware and software constraints start to come into play. I’ve not yet experienced or heard of a storage system that doesn’t apply some limitation on scale or performance at some point. Whether you are constrained by physical disk or controller based limits or software overheads, the reality is no system is infinitely scalable and free of challenge.

The immediate solution to resolve these challenges in my experience (and anecdotally) has always been to throw more hardware at the platforms by purchasing more. Whether it be performance or disk constraints, the end result is always to expand capacity or upgrade the core hardware components to get the system back to a point where it’s performing as expected.

That said, there are a number of systems that do work well, and if architected and managed in the correct way will offer longer term service sustainability. When it comes to designing storage for backup data, the principals that are used to design for other workloads such as virtual machines cannot be applied. Backup data is a long game and portability of that data should be paramount when choosing what storage to use.

How Veeam helps

Veeam offers tights integration with a number of top storage vendors via our storage integrations. Not only do these integrations offer flexibility to our customers and partners, but they also offer absolute choice and mobility when it comes to the short and long-term retention of backup data.

Extending that portability message — the way in which backup data is stored should mean that when storage systems reach the end of their lifetime, data isn’t held a prisoner to the hardware. Another inevitability of storage is that there will come a time when it needs replacing. This is where Veeam’s hardware agnostic, software-defined approach to backup comes into play.

Recently, there have been a number of products that have come into the market that offer an all-in-one solution for data protection in the form of software tied to hardware appliances. The premise of these offerings is ease of use and single platform to manage. While it’s true that all-in-one solutions are attractive, there is a sting in the tail of any platform that offers software that is tied to hardware.

Conclusion

Fundamentally, the issues that apply to storage platforms apply to these all-in-one appliances. They will reach a point where performance starts to struggle, upgrades are required and, ultimately, systems need to be replaced. This is where the ability to have freedom of choice and a decoupled approach to software and hardware ultimately results in total control of where your backup data is stored, how it performs and when that data is required to be moved or migrated.

You only achieve this through backup software that’s separated from the hardware. While it might seem like a panacea to have an all-in-one solution, there needs to be consideration as to what this means three, five or ten years into the future. Again, portability and choice is king when it comes to choosing a backup vendor. Lock in should be avoided at all costs.

The post Why our software-driven, hardware agnostic approach makes sense for backups appeared first on Veeam Software Official Blog.


Why our software-driven, hardware agnostic approach makes sense for backups

Bringing Clarity to Veeam’s vSphere client plug-in

Source: Veeam

With the release of vSphere 6.5, VMware introduced a supported version of the HTML5 vSphere Client that was bundled as part of the vCenter Server Appliance. Built upon VMware’s Clarity UI Framework, the move to the new HTML5 client had begun. The 6.5 release had partial functionality compared to the Flash-based Web Client, however, with the release of vSphere 6.7 in April, the HTML5 vSphere Client was brought up to feature parity and is now the preferred way to configure and manage vSphere environments.

Veeam has always supported VMware features, and with the release of Veeam Backup & Replication v7 back in August of 2013, we released our first version of the vSphere Web Client Plug-in for the Flash-based Web Client. With the news that the 6.7 release of vSphere will mark the final release of the Flash Web Client, it was time to upgrade the client for the new Clarity-based HTML5 Client. This will ship with the release of Veeam Backup & Replication Update3a, and just like the rest of the Clarity UX, the new version of the plug-in is impressive.

First off, it’s worth mentioning that the new HTML5 Client Plug-in will not work in 6.5 vSphere environments. The traditional Client Plug-in will still need to be used with the 6.5 Flash Web Client (as with earlier 5.x versions of vSphere). Installation is still handled via the Veeam Enterprise Manager as shown below.

Once installed from Enterprise Manager, the Plug-in should be visible in the HTML5 vSphere Client’s Menu. As per the old version of the Plug-in, there are two tabs presented, with the Settings tab used to setup password authentication and hook up your Veeam ONE instance.

The real beauty of us being able to leverage the Clarity UI is found in the Summary tab. This is still the place to get an overview of your Backup Repositories, Processed VMs, VM Overview and Job Statistics, however there is now a clean look and feel to the views that matches perfectly with the rest of the Web Client.

As with the previous version, you are able to call out to Veeam ONE to generate targeted reports against the Backup Repositories, Protected VMs and Job Statuses. And also, as with previous versions, you can create restore points for selected VMs using VeeamZIP (full backup) or Quick Backup (incremental backup) by right-clicking on the VM from the vSphere Client, without the need to use Veeam backup management console.


For more information on the updated Client Plug-in, including an overview and getting started, head to the online Veeam Help Pages and make sure you take advantage of this Veeam Backup & Replication Update 3a feature to further enhance your visibility and reporting of your vSphere backup environments.

Read more

The post Bringing Clarity to Veeam’s vSphere client plug-in appeared first on Veeam Software Official Blog.


Bringing Clarity to Veeam’s vSphere client plug-in

Simplifying cloud to cloud connectivity with Veeam PN

Source: Veeam

Veeam PN was launched as part of Veeam Recovery to Microsoft Azure, but Veeam PN has some great standalone use cases. In the last post, I showed how to access home lab/office machines while on the road using Veeam PN.

In this blog post, I’ll be covering a very real-world solution with Veeam PN where it will be used to easily connect geographically disparate cloud hosting zones, enabling you to achieve High Availability for applications and provide cross cloud application and services access. This is probably the most exciting of the three use cases I will cover in this blog series on Veeam PN, and with multi-cloud adoption in full swing, this is a very timely and useful capability.

Taking this use case one step further, how can cloud-to-cloud Availability be achieved in the most cost effective and operationally efficient way? There are obviously a few ways to connect clouds, and many other solutions out there, whether that be via some sort of MPLS, IPSec, L2VPN or stretched network solution. What Veeam PN achieves is simplicity — it’s very easy to configure, and it’s also very cost effective (remember it’s FREE). This makes it one of the best ways to connect one to one or one to many cloud zones with little to no overhead.

Cloud-to-cloud-to-cloud Veeam PN appliance deployment model

In this scenario, I want each vCloud Director zone to have access to the other zones and be always connected. I also want to be able to connect in via the OpenVPN endpoint client and have access to all zones remotely. All zones will be routed through the Veeam PN Hub Server deployed into Azure via the Azure Marketplace. To go over the Veeam PN deployment process, read my first post and also visit this VeeamKB that describes where to get the OVA and how to deploy and configure the appliance for first use.

Components

  • Veeam PN Hub Appliance x 1 (Azure)
  • Veeam PN Site Gateway x 3 (One Per Zettagrid vCD Zone)
  • OpenVPN Client (For remote connectivity)

Networking overview and requirements

  • Veeam PN Hub Appliance – Incoming Ports TCP/UDP 1194, 6179 and TCP 443
    • Azure VNET 10.0.0.0/16
    • Azure Veeam PN Endpoint IP and DNS Record
  • Veeam PN Site Gateways – Outgoing access to at least TCP/UDP 1194
    • Perth vCD Zone 192.168.60.0/24
    • Sydney vCD Zone 192.168.70.0/24
    • Melbourne vCD Zone 192.168.80.0/24
  • OpenVPN Client – Outgoing access to at least TCP/UDP 6179

In my setup, the Veeam PN Hub Appliance has been deployed into Microsoft Azure mainly because that’s where I was able to test out Veeam PN initially, but also because in theory it provides a centralized, highly available location for all the site-to-site connections to terminate into. This central hub can be deployed anywhere, and as long as it’s got HTTPS connectivity configured correctly to access the web interface, you can start to configure your site and standalone clients.

Configuring site clients for cloud zones (site-to-site)

In order to configure the Veeam PN Site Gateway you’ll need to register the sites from the Veeam PN Hub Appliance. When you register a client, Veeam PN generates a configuration file that contains VPN connection settings for the client. You must use the configuration file (downloadable as an XML) to set up the Site Gateways. Referencing the diagram at the beginning of the post, I needed to register three separate client configurations as shown below.

Once this has been completed, you need to deploy a Veeam PN Site Gateway in each vCloud Hosting Zone, and because we are dealing with an OVA, the OVFTool will need to be used to upload the Veeam PN Site Gateway appliances. I’ve previously created and blogged about an OVFTool upload script using PowerShell. Each Site Gateway needs to be deployed and attached to the vCloud vORG Network that you want to extend, in my case it’s the 192.168.60.0, 192.168.70.0 and 192.168.80.0 vORG Networks.

Once each vCloud zone has the Site Gateway deployed and the corresponding XML configuration file added, you should see all sites connected in the Veeam PN Dashboard.

At this stage, we have connected each vCloud Zone to the central Hub Appliance which is configured now to route to each subnet. If I was to connect an OpenVPN Client to the Hub Appliance, I could access all subnets and be able to connect to systems or services in each location. Shown below is the Tunnelblick OpenVPN Client connected to the Hub Appliance showing the injected routes into the network settings.

You can see above that the 192.168.60.0, 192.168.70.0 and 192.168.80.0 static routes have been added and set to use the tunnel interfaces default gateway which is on the central Hub Appliance.

Adding static routes to cloud zones (cloud to cloud to cloud)

To complete the setup and have each vCloud zone talking to each other, we need to configure static routes on each zone network gateway/router so that traffic destined for the other subnets knows to be routed through to the Site Gateway IP, through to the central Hub Appliance onto the destination and then back. To achieve this, you just need to add static routes to the router. In my example, I have added the static route to the vCloud Edge Gateway through the vCD Portal as shown below in the Melbourne Zone.

Conclusion

To summarize, below are the 5 steps that were taken to setup and configure the configuration of a cloud-to-cloud-to-cloud network using Veeam PN and its site-to-site connectivity feature. By doing so, allowing cross-site connectivity while enabling access to systems and services via the point-to-site VPN:

  1. Deploy and configure Veeam PN Hub Appliance
  2. Register cloud sites
  3. Register endpoints
  4. Deploy and configure Veeam PN Site Gateway in each vCloud zone
  5. Configure static routes in each vCloud zone

These five steps took me less than 30 minutes, which also took into consideration the OVA deployments as well. At the end of the day, I’ve connected three disparate cloud zones which all access each other through a Veeam PN Hub Appliance deployed in Microsoft Azure. From here, there is nothing stopping me from adding more cloud zones that could be situated in any public cloud, whether AWS, IBM or Google. I could even connect my home office or a remote site to the central Hub to give full coverage.

The key here is that Veeam Powered Network offers a very simple solution to what is traditionally a complex and costly one. Again, this will not suit all use cases, but at its most basic functional level, it’s a great solution for customers who have a need for cross-cloud connectivity.

Go give it a try! Get started with Veeam PN.

The post Simplifying cloud to cloud connectivity with Veeam PN appeared first on Veeam Software Official Blog.


Simplifying cloud to cloud connectivity with Veeam PN

Simplified remote access for home labs and offices with Veeam PN

Source: Veeam

On January 2018, Veeam publicly announced the release of Veeam PN (powered network) version 1, a lightweight SDN appliance that was released completely FREE to use. And while Veeam PN was released as part of a greater solution focused on extending network Availability for Microsoft Azure, Veeam PN can also be deployed as a standalone tool via a downloadable OVA. Veeam PN has some key standalone use cases we’ll explore in this blog series.

While testing the tool through it’s early dev cycles, it was clear there was an opportunity to allow access with home labs and other home devices, all without having to setup and configure relatively complex VPN or remote access solutions.

There are plenty of existing solutions that do what Veeam PN can, however, the biggest difference with comparing the VPN functionality with other VPN solutions, is that Veeam PN is purpose-built and easy-to-use, and setup is only within a couple clicks. Veeam PN’s underlying technology is built on OpenVPN, so that in itself provides users with a certain level of familiarity and trust. The other great thing about leveraging OpenVPN is that any Windows, MacOS or Linux client will work with the configuration files generated for point-to-site connectivity.

Home lab remote connectivity overview

While on the road, users need to easily access home lab/office machines. In my own case, I’m on the road quite a bit and need access without having to rely on published services externally via my entry-level Belkin router, I also didn’t have a static IP which always proved problematic for remote services while on the road. At home, I run a desktop that acts as my primary Windows workstation which also has VMware Workstation installed. I then have my SuperMicro 5028D-TNT4 server that has ESXi installed and runs my nested ESXi lab. I need access to at least RDP into that Windows workstation, but also get access to the management vCenter, SuperMicro IPMI and other systems running on the 192.168.1.0/24 subnet.

 

 

In the above diagram, you can see I also wanted to directly access workloads in the nested ESXi environment, specifically on the 172.17.0.1/24 and 172.17.1.1/24 networks. With the use of the Tunnelblick OpenVPN Client on my MBP, I am able to create a point-to-site connection to the Veeam PN Hub which is in turn connected via site-to-site to each of the subnets I want to connect into.

Deploying and configuring Veeam PN

As mentioned above, to get stared, you will need to download the Veeam PN OVA from Veeam.com. This Veeam KB describes where to get the OVA and how to deploy and configure the appliance for first use. If you don’t have a DHCP enabled subnet to deploy the appliance into, you can configure the network as a static by accessing the VM console, logging in with the default credentials and modifying the/etc/networking/interface file.

Components:

  • Veeam PN Hub Appliance x 1
  • Veeam PN Site Gateway x number of sites/subnets required
  • OpenVPN Client

The OVA is 1.5 GB, and when deployed, the virtual machine has the base specifications of 1 vCPU, 1 GB of vRAM and a 16 GB of storage, which if thin provisioned, consumes just over 5 GB initially.

Networking requirements:

  • Veeam PN Hub Appliance – Incoming Ports TCP/UDP 1194, 6179 and TCP 443
  • Veeam PN Site Gateway – Outgoing access to at least TCP/UDP 1194
  • OpenVPN Client – Outgoing access to at least TCP/UDP 6179

Note that as part of the initial configuration, you can configure the site-to-site and point-to-site protocol and ports which is handy if you are deploying into a locked-down environment and want to have Veeam PN listen on different port numbers.

 

 

In my setup, the Veeam PN Hub Appliance has been deployed into Azure, mainly because that’s where I was able to test out the product initially, and in theory it provides a centralized, highly available location for all the site-to-site connections to terminate into. This central hub can be deployed anywhere and as long as it’s got HTTPS connectivity configured correctly, you can access the web interface and start to configure your site and standalone clients.

Configuring site clients (site-to-site)

To complete the configuration of the Veeam PN Site Gateway, you need to register the sites from the Veeam PN Hub Appliance. When you register a client, Veeam PN generates a configuration file that contains VPN connection settings for the client. You must use the configuration file (downloadable as an XML) to set up the Site Gateways. Referencing the diagram at the beginning of the post, I needed to register three separate client configurations as shown below.

 


 

Once this was completed, I deployed three Veeam PN Site Gateways on my home office infrastructure as shown in the diagram — one for each site or subnet I wanted to have extended through the central hub. I deployed one to my Windows VMware Workstation instance on the 192.168.1.0/24 subnet and, as shown below, I deployed two Site Gateways into my nested ESXi lab on the 172.17.0.0/24 and 172.17.0.1/24 subnets respectively.

 

 

From there I imported the site configuration file into each corresponding Site Gateway that was generated from the central Hub Appliance and in as little as three clicks on each one, all three networks where joined using site-to-site connectivity to the central hub.

Configuring remote clients (point-to-site)

To be able to connect into my home office and home lab when on the road, the final step is to register a standalone client from the central Hub Appliance. Again, because Veeam PN is leveraging OpenVPN, what we are producing here is an OVPN configuration file that has all the details required to create the point-to-site connection — noting that there isn’t any requirement to enter in a username and password as Veeam PN is authenticating using SSL authentication.

 

 

For my MBP, I’m using the Tunnelblick OpenVPN Client. I’ve found it to be an excellent client, but it obviously being OpenVPN, there are a bunch of other clients for pretty much any platform you might be running. Once I imported the OVPN configuration file into the client, I was able to authenticate against the Hub Appliance endpoint as the site-to-site routing was injected into the network settings.

 

 

You can see above that the 192.168.1.0, 172.17.0.0 and 172.17.0.1 static routes have been added and set to use the tunnel interfaces default gateway which is on the central Hub Appliance. This means that from my MBP, I can now get to any device on any of those three subnets no matter where I am in the world — in this case I can RDP to my Windows workstation, connect to vCenter or ssh into my ESXi hosts.

Conclusion

To summarize, here are the steps that were taken in order to setup and configure the extension of a home office network using Veeam PN through its site-to-site connectivity feature to allow access to systems and services via a point-to-site VPN:

  1. Deploy and configure Veeam PN Hub Appliance
  2. Register sites
  3. Register endpoints
  4. Deploy and configure Veeam PN Site Gateway
  5. Setup endpoint and connect to Hub Appliance

Those five steps can take less than 15 minutes, which also takes into consideration the OVA deployments as well. This is a very streamlined, efficient process compared to other processes, which can take hours and would involve a more complex set of commands and configuration steps. The simplicity of the solution is what makes it very useful for home lab users wanting a quick and easy way to access their systems. It just works!

Again, Veeam PN is completely FREE, and downloadable in OVA format. And this use case I described, I have been using it without issues for a number of months, and it adds to the flexibility of the Veeam PN solution.

The post Simplified remote access for home labs and offices with Veeam PN appeared first on Veeam Software Official Blog.

Simplified remote access for home labs and offices with Veeam PN

Veeam Recovery to Microsoft Azure featuring Veeam PN now available!

Source: Veeam

Networking has always been one of the most complex parts of any IT solution, and whether you are connecting into a remote site, connecting branch offices together or extending on-premises networks to the cloud, there is traditionally a high level of complexity and cost that’s involved in establishing a reliable networking solution. When it comes to networking during a disaster, the level of complexity and margin for error is magnified. In relative terms, it has become easy to back up, replicate and then recover workloads, but getting access to those recovered systems remains a cumbersome process.

At VeeamON 2017, we announced the Release Candidate of Veeam PN (Veeam Powered Network) which — in combination with our existing Veeam Backup & Replication 9.5 feature Veeam Restore to Microsoft Azure — created a new total solution for networking and restoration called Veeam Recovery to Microsoft Azure. At the heart of this new solution is Veeam PN, which extends an on-premises network to an Azure network, enhancing our ability to back up anything, anywhere and restore to Azure.

Veeam PN

Deployable from the Azure Marketplace, the Veeam PN Appliance can be setup within minutes and be ready to act as the central hub for remote sites that have the Veeam PN Appliance deployed as a site gateway. It can also be used for remote users who connect to the central hub via an OpenVPN client application. Used in conjunction with Veeam Restore to Microsoft Azure, workloads can be recovered into Azure and then accessed remotely via the extended network created by Veeam PN.

Veeam PN is now Generally Available

NEW Veeam PN is a FREE solution that allows administrators to create, configure and connect site-to-site or point-to-site VPN tunnels easily through an intuitive and simple UI all within a couple of clicks. No need to deal with complex, time-consuming set ups — cloud connectivity is now made easy! There are two components to Veeam PN, a Hub Appliance that’s deployable from the Azure Marketplace, and a Site Gateway that’s downloadable from the Veeam.com website and deployed on-premises from an OVA, which means it can be installed into a number of virtualization platforms. New to the GA release is the ability to install from the Veeam.com Linux repositories using your package management system of choice depending on distribution.

Veeam PN for Microsoft Azure (Veeam Powered Network) is a free solution designed to simplify and automate the setup of a data recovery site in Microsoft Azure using lightweight software-defined networking (SDN).

 

Veeam PN is built upon OpenVPN which is a trusted and mature virtual private networking technology platform. We have created an intuitive, simple user interface which simplifies the entire networking configuration process.

Total on-demand recovery in the cloud

Having an easy way to leverage the public cloud as a recovery site should be available for every organization no matter the size, yet many recovery solutions still lack the ease of use, reliability, and can come with a steep price tag. With Veeam Recovery to Microsoft Azure, you get a reliable, turn key solution for creating an on-demand recovery site — available whenever you need it. This is truly a set-it and forget it solution, ideal for any sized organization wanting to gain new recovery options, without the need to build or maintain a costly recovery site.

Veeam PN highlights

  • Provides seamless and secure networking between on-premises and Azure-based IT resources
  • Delivers easy-to-use and fully automated site-to-site network connectivity between any site
  • Designed for both SMB and enterprise customers, as well as service providers.

Conclusion

Networking is still the most complex part of executing a successful data recovery plan. With Veeam PN, you can easily extend on-premises networks to recovery networks, and provide connectivity from remote sites back to recovery networks. Veeam PN achieves this together with Restore to Microsoft Azure via site-to-site connectivity, extending on-premises sites to Azure recovery networks. It also provides access for remote users, with the ability to connect into the HUB appliance in Azure and be connected to systems and services via point-to-site connectivity.

Veeam Recovery to Microsoft Azure is available now!

 

Helpful resources:

The post Veeam Recovery to Microsoft Azure featuring Veeam PN now available! appeared first on Veeam Software Official Blog.

Veeam Recovery to Microsoft Azure featuring Veeam PN now available!