Compliant data recovery with Veeam DataLabs Staged Restore

Source: Veeam

It’s safe to argue that, to date, the May 2018 implementation of the General Data Protection Regulation (GDPR) in the European Union, as well as the two-year ramp-up period that lead to the activation date, has elevated the status and industry press coverage of compliance-related issues more than any other data protection and compliance standard set by governing bodies.

The truth is, today, the stakes are high for organizations that continue to struggle with the proper management of sensitive, personal data or regularly failed audits, and IT professionals know this. In fact, in a recent study, Veeam customers were asked which corporate governance regulations have had the greatest impact on their data protection strategy and even though the new standard had been active for less than half a year, 28% answered “GDPR”, which was enough to make it second on a long list of regulation standards, some of which have been in effect for two decades (source: ESG Data Protection Landscape Survey).

So why is there so much concern? Because no business can afford a data breach and the subsequent debilitating press coverage, or customer alienation and fines that accompany such a negative event. According to a 2018 study, the average total cost of a data breach is $3.86 million, which for those of you who are curious, breaks down to $148 lost or stolen per record! And probably most concerning, for those respondents who had been through a data breach, they said they’re not completely convinced they can prevent a future data breach event from occurring. Almost 28% of this group indicated a recurring material breach was likely to happen over the next two years (source: 2018 Cost of a Data Breach Study).

The good news is, for Veeam customers who are losing sleep at night over compliance or other use cases, the latest release of Veeam Availability Suite includes Veeam DataLabs Staged Restore, which is a new and powerful feature designed to help manage compliance and ensure that sensitive data is removed from backups before the data has a chance to make it back to a live environment. Veeam DataLabs Staged Restore can also be used for other helpful use cases outside of compliance, including masking data for DevOps.

As I have already mentioned, the primary purpose of Veeam DataLabs Staged Restore is to enable a process to be injected into the recovery process of your virtual machines (VMs) that can help you easily and confidently manage compliance-related issues, such as those related to GDPR. The most typical use case is ensuring compliance after a failure scenario when recovering a machine back into production where data potentially needs to be removed or masked.

The ability to inject a script into the recovery process allows for the restore point to be modified before landing into the environment. In this scenario, a use case may be a DevOps environment where a business would like to leverage the latest version of data in their own segregated environment for versioning. But, from an operations point of view, the data may contain personal identifiable information (protected by compliance standards) that must be masked before landing in the new environment.

Workflow

Veeam DataLabs Staged Restore is one of the latest additions you will see as a selection option when the entire VM recovery wizard is started. If needed, this also gives us the option to inject an additional script into the VM we are recovering. The wizard shown below has several options.

 

Virtual lab – The virtual lab is an isolated virtual environment that is fully fenced off from the production environment. The network configuration of the virtual lab mirrors the network configuration of the production environment.

Application group (optional) – An application group consists of any VMs that the machine you are recovering may need to have to authenticate and function. It’s a group of dependants to the proposed machine for recovery.

Script – It’s required that the script remains located on the Veeam Backup & Replication server as this is the route taken for the injection into the virtual lab.

Credentials – For the script to be injected into the VM and to be executed, the required credentials should have the ability to authenticate and run the script.

Advanced – This allows for different options to take place. The first option is memory. As part of the recovery process, if you would like to increase or decrease the memory percentage assigned to the VM, then you can manage that here. You can also define boot and application time. This will depend on the services and resources available on the VM, but those that can be adjusted accordingly as well.

 

Once the wizard is completed, the recovery process will begin with the virtual lab appliance powering on within the environment, along with the presentation of the backup folder from the backup repository to your virtual environment. This uses a patented technology called vPower NFS.

vPower NFS

vPower NFS is used to present the backup file into your virtual environment as a datastore. This allows for a very fast way to get a machine up and running in the environment. However, the performance depends on the performance of the backup disk being used. So, the next step in the process is to power on that VM from the new datastore into our virtual lab environment. This environment is safely isolated away from production, however the VM has not had its IP address changed and will still have this when it boots. The IP is masqueraded through the virtual lab appliance so you can gain access through the Veeam Backup & Replication server.

Inject script from the Veeam Backup & Replication server

Now that we have our recovered VM that’s running in an isolated environment, the next step is to inject the script that we defined in the wizard. This entire process is automated, so there is no need for intervention. It is likely that by adding the script, the data will be modified in some form. All of these changes will be captured inside a production datastore that was defined during the restore wizard phase and not in the backup file, as we want to keep the backup file as a functional restore point.

Quick Migration to the environment

Finally, when the script has finished successfully, the process will continue the recovery steps. To do this we use a Veeam technology called quick migration. Veeam Quick Migration enables the ability to migrate the VM between datastores.

When the process is complete you will have your recovered VM within the environment, including the injected process. We hope this feature will help you be more reactive and efficient in staying compliant to a multitude of situations and requirements. Give Staged Restore a whirl and let us know your experiences in the comments!

 

The post Compliant data recovery with Veeam DataLabs Staged Restore appeared first on Veeam Software Official Blog.


Compliant data recovery with Veeam DataLabs Staged Restore

How to improve security with Veeam DataLabs Secure Restore

Source: Veeam

Today, ransomware and malware attacks are top of mind for every business. In fact, no business, large or small is immune. What’s even more concerning is that ransomware attacks are increasing worldwide at an alarming rate, and because of this, many of you have expressed concern. In a recent study administered by ESG, 70% of Veeam customers indicated malicious malware and virus contamination are major concerns for their businesses (source: ESG Data Protection Landscape Survey).

There are obviously multiple ways your environment can be infected by malware; however, do you currently have an easy way to scan backups for threats before introducing them to production? If not, Veeam DataLabs Secure Restore is the perfect solution for secure data recovery!

The premise behind Veeam DataLabs Secure Restore is to provide users an optional, fully-integrated anti-virus scan step as part of any chosen recovery process. This feature, included in the latest Veeam Backup & Replication Update 4 addresses the problems associated with managing malicious malware by providing the ability to assure any of your copy data that you want or need to recover into production is in a good state and malware free. To be clear, this is NOT a prevention of an attack, but instead it’s a new, patent-pending unique way of remediating an attack arising from malware hidden in your backup data, and also to provide you additional confidence that a threat has been properly neutralized and no longer exists within your environment.

Sounds valuable? If so, keep reading.

Recovery mode options

Veeam offers a number of unique recovery processes for different scenarios and Veeam DataLabs Secure Restore is simply an optional enhancement included in many of these recovery processes to make for a truly secure data recovery. It’s important to note though that Secure Restore is not a required, added step as part of a restore. Instead, it’s an optional anti-virus scan that is available to put into action quickly if and when a user suspects a specific backup is infected by malware, or wants to proceed with caution to ensure their production environment remains virus-free following a restore.

Workflow

The workflow for Secure Restore is the same regardless of the specific recovery scenario used.

  1. Select the restore mode
  2. Choose the workload you need to recover
  3. Specify the desired restore point
  4. Enable Secure Restore within the wizard

Once Secure Restore is enabled you are presented with a few options on how to proceed when an infection has been detected. For example, with an Entire VM recovery, you can choose to continue the recovery process but disable the network adapters on the virtual machine or choose to abort the VM recovery process. In the event an actual infection is identified, you also have a third option to continue scanning the whole file system to protect against other threats to notify the third-party antivirus to continue scanning, to get visibility to any other threats residing in your backups.

 

As you work inside the wizard and the recovery process starts, the first part of the recovery process is to select the backup file and mount its disks to the mount server which contains the antivirus software and the latest virus definitions (not owned by Veeam). Veeam will then trigger an antivirus scan against the restored disks. For those of you familiar with Veeam, this is the same process leveraged with Veeam file level recovery. Currently, Veeam DataLabs Secure Restore has built-in, direct integrations with Microsoft Windows Defender, ESET NOD32 Smart Security, and Symantec Protection Engine to provide virus scanning, however, any antivirus software with CMD support can also interface with Secure Restore.

 

As a virus scan walks the mounted volumes to check for infections, this is the first part of the Secure Restore process. If an infection is found, then Secure Restore will default to the choice you selected in the recovery wizard and either abort the recovery or continue with the recovery but disable the network interfaces on the machine. In addition, you will have access to a portion of the antivirus scan log from the recovery session to get a clear understanding of what infection has been found and where to locate it on the machine’s file system.

This particular walkthrough is highlighting the virtual machine recovery aspect. Next, by logging into the Virtual Center, you can navigate to the machine and notice that the network interfaces have been disconnected, providing you the ability to login through the console and troubleshoot the files as necessary.

 

To quickly summarise the steps that we have walked through for the use case mentioned at the beginning, here they are in a diagram:

SureBackup

Probably my favourite part of this new feature is how Secure Restore fits within SureBackup, yet another powerful feature of Veeam DataLabs. For those of you unfamiliar with SureBackup, you can check out what you can achieve with this feature here.

SureBackup is a Veeam technology that allows you to automatically test VM backups and validate recoverability. This task automatically boots VMs in an isolated Virtual Lab environment, executes health checks for the VM backups and provides a status report to your mailbox. With the addition of Secure Restore as an option, we can now offer an automated and scheduled approach to scan your backups for infections with the antivirus software of your choice to ensure the most secure data recovery process.

PowerShell

Finally, it’s important to note that the options for Veeam DataLabs Secure Restore are also fully configurable through PowerShell, which means that if you automate recovery processes via a third-party integration or portal, then you are also able to take advantage of this.

Veeam DataLabs – VeeamHUB – PowerShell Scripts

The post How to improve security with Veeam DataLabs Secure Restore appeared first on Veeam Software Official Blog.


How to improve security with Veeam DataLabs Secure Restore

Life after vSphere 5.5 End of General Support

Source: Veeam

The end of general support for vSphere 5.5 was on September 19, 2018. There may be a number of questions for those customers that are still sitting on vSphere 5.5, like what version do I upgrade to? And what considerations do I need to make as part of the support upgrade path?

You have four options you first need to consider:

The first option is to stay on vSphere 5.5 in an unsupported fashion. This wouldn’t be the greatest of decisions, but I do understand that if this is the first time you are hearing of the end of general support, then you may not have the time and resources to make the change and upgrade. Another option may be to explore extended support options with VMware.

The third option could be getting everything to vSphere 6.0, which will be supported until March 12, 2020, so it will give you a few more years before this comes around again. This is the easiest step in terms of time and resources. For more information about this path read this VMware KB article. Don’t miss this important information before upgrading to vSphere 6.0 Update 1.

Now we get to the more interesting, and final, option because of the features and functionality that will become available with these next two releases.

vSphere 6.5 and vSphere 6.7 will see you in general support until Nov. 15, 2021. I will touch on some of the functionality you will gain by moving to this platform over the others later on.

vSphere 6.5

  1. vCenter Server Appliance — If you are running a Windows-based VMware Virtual Center today, it might be time to consider this upgrade path since in 6.5, we saw a fully-featured version of the vCenter appliance. The appliance, as you will read later, is the future. It brings concise management, but also scale, ease of migration and the infamous Update Manager that is also embedded into the appliance.
  2. VM encryption — Always a bone of contention because with encryption of any data you lose out on something. In vSphere 6.5, you have the ability to encrypt virtual machines at rest, within the hypervisor and at the point the IO comes out of the virtual disk controller. This adds its own benefits alone, but there are more details here.
  3. vSAN — This won’t be applicable to all, especially if you are running your shared storage system to provide your VMware datastores where your virtual machines are stored, but a consideration to be made is to look at the capabilities that come with vSAN in the 6.5 release: erasure coding, stretch clustering, QoS, encryption and the list keeps on going.
  4. vCenter Management — Introducing the HTML5-based vSphere client. Now this should in no way be the deciding factor on jumping to this version as the HTML5 interface is not complete, and you will find yourself jumping between the interfaces to get things done, but it’s a good step. And as we get to vSphere 6.7, this is the only way to manage your vSphere environment.

vSphere 6.7

The upgrade to 6.7 will depend on many things, including is your hardware compatible with the latest GA version from VMware? A lot has changed on that front, so be sure to check that. vSphere 6.7 was released last year at VMworld 2017 and it had a ton of new and exciting features and functionality that came with it. Amongst the wider offering from VMware, it wasn’t just vSphere; it was the surrounding products also.

Manageability

I mentioned the HTML5 client. Well, in this release, we see things take a much broader step to be the management interface, including not having to jump between multiple windows to perform certain tasks. Another thing to add here is that vSphere 6.7 will be the last version that will support the vCenter Server being on Windows — VCSA all the way.

Storage

A couple of things to note for vSphere 6.7 and the storage scene: When it comes to deciding, the ability to use PMEM (Persistent Memory), which has similar characteristics of memory but retains the data during power cycles, really assists in some of those enterprise applications that just require everything to be faster. There is a whole white paper on this.

The most notable and significant vSAN release came with vSAN 6.7. Firstly, management can be done through the HTML5 interface rather than having to go through CLI and APIs. The vSAN iSCSI supports Windows Server Failover Clusters (WSFC). In 6.5, vSAN already supported modern Windows application layer clustering technologies, such as Microsoft SQL Always-on Availability Groups (AAG), Microsoft Exchange Database Availability Groups (DAG) and Oracle Real Application Clusters (RAC).

There is also the Adaptive Resync feature to ensure a fair share of resources is available for VM I/Os and Resync I/Os during dynamic changes in load on the system.

“vSAN continues to see rapid adoption with more than 10,000 customers and growing. A 600 million dollar run rate was announced for Q4FY2018, and IDC named it the #1 and fastest growing HCI Software Solution.”

Loads more on this can be found here in the What’s New with VMware vSAN 6.7.

There are heaps of other things to consider, but these are just a few things. Also, take a look at the security enhancements and TPM that also landed in vSphere 6.7.

More details on some useful smaller enhancements that could help a decision tree can be found in this VMware article.

How can Veeam help?

Veeam takes vSphere platform support very seriously and has done so since our company’s beginnings. One of the most effective ways that organizations can migrate to a newer vSphere platform is from Veeam replication.

This is a very powerful technique as organizations can migrate workloads to a new cluster with very little downtime and have the ability to fail back if needed. Additionally, this introduces the option of a new cluster. How many times are there things about the old cluster that you would like to change and not move forward to be stuck with forever? Migrating to a new cluster via Veeam replication can allow you to put in new design elements that can be the right choice today. You can find more about Veeam replication in the Veeam Help Center.

The post Life after vSphere 5.5 End of General Support appeared first on Veeam Software Official Blog.


Life after vSphere 5.5 End of General Support

Get your data ready for vSphere 5.5 End of Support

Source: Veeam

There have been lots of articles and walkthroughs on how to make that upgrade work for you, and how to get to a supported level of vSphere. This VMware article is very thorough walking through each step of the process.

But we wanted to touch on making sure your data is protected prior, during and after the upgrade events.

If we look at the best practice upgrade path for vSphere, we’ll see how we make sure we’re protected at each step along the way:

Upgrade Path

The first thing that needs to be considered is what path you’ll be taking to get away from the end of general support of vSphere 5.5. You have two options:

  • vSphere 6.5 which is now going to be supported till November 2021 (so another 5 years’ time)
  • vSphere 6.7 which is the latest released version from VMware.

Another consideration to make here is support for surrounding and ecosystem partners, including Veeam. Today, Veeam fully supports vSphere 6.5 and 6.7, however, vSphere 6.5 U2 is NOT officially supported with Veeam Backup & Replication Update 3a due to the vSphere API regression.

The issue is isolated to over-provisioned environments with heavily loaded hosts (so more or less individual cases).

It’s also worth noting that there is no direct upgrade path from 5.5 to 6.7. If you’re currently running vSphere 5.5, you must first upgrade to either vSphere 6.0 or vSphere 6.5 before upgrading to vSphere 6.7.

Management – VMware Virtual Center

The first step of the vSphere upgrade path after you’ve decided and found the appropriate version, is to make sure you have a backup of your vCenter server. The vSphere 5.5 virtual center could be a Windows machine or it could be using the VCSA.

Both variants can be protected with Veeam, however, the VCSA runs on a Postgres-embedded database. Be sure to take an image-level backup with Veeam and then there is a database backup option within the appliance. Details of the second step can be found in this knowledge base article.

If you’re an existing Veeam customer, you’ll already be protecting the virtual center as part of one of your existing backup jobs.

You must also enable VMware tools quiescence to create transactionally-consistent backups and replicas for VMs that do not support Microsoft VSS (for example, Linux VMs). In this case, Veeam Backup & Replication will use the VMware Tools to freeze the file system and application data on the VM before backup or replication. VMware Tools quiescence is enabled at the job level for all VMs added to the job. By default, this option is disabled.

You must also ensure Application-Aware Image Processing (AAIP) is either disabled or excluded for the VCSA VM.

Virtual Machine Workloads

If you are already a Veeam customer, then you’ll already have your backup jobs created and working with success before the upgrade process begins. However, as part of the upgrade process, you’ll want to make sure that all backup job processes that initiate through the virtual center are paused during the upgrade process.

If the upgrade path consists of new hardware but with no vMotion licensing, then the following section will help.

Quick Migration

Veeam Quick Migration enables you to promptly migrate one or more VMs between ESXi hosts and datastores. Quick Migration allows for the migration of VMs in any state with minimum disruption.

More information on Quick Migration can be found in our user guide.

During the upgrade process

As already mentioned in the virtual machine workloads section, it is recommended to stop all vCenter-based actions prior to update. This includes Veeam, but also any other application or service that communicates with your vCenter environment. It is also worth noting that whilst the vCenter is unavailable, vSphere Distributed Resource Scheduler (DRS) and vSphere HA will not work.

Veeam vSphere Web Client

If you’re moving to vSphere 6.7 and you have the Veeam vSphere Web Client installed as a vSphere plug-in, you’ll need to install the new vSphere Veeam web client plug-in from a post-upgraded Veeam Enterprise Manager.

More detail can be found in Anthony Spiteri’s blog post on new HTML5 plug-in functionality.

You’ll also need to ensure that any VMware-based products or other integrated products vCenter supports are the latest versions as you upgrade to a newer version of vSphere.

Final Considerations

From a Veeam Availability perspective, the above steps are the areas that we can help and make sure that you are constantly protected against failure during the process. Each environment is going to be different and other considerations will need to be made.

Another useful link that should be used as part of your planning: Update sequence for vSphere 5.5 and its compatible VMware products (2057795)

One last thing is a shout out to one of my colleagues who has done an in-depth look at the vSphere upgrade process.

The post Get your data ready for vSphere 5.5 End of Support appeared first on Veeam Software Official Blog.


Get your data ready for vSphere 5.5 End of Support

Veeam and Nutanix AHV in a multi-hypervisor environment

Source: Veeam

Many environments have the requirement to be flexible to what platform they are running. Flexibility allows for the ability to move, migrate and leverage data between each of their virtual environment assets. This also applies to extending into other cloud environments, whether that be for backup retention purposes, using a Veeam Cloud & Service Provider partner for managed service providers or expanding the production environment into the public cloud to offer further flexibility to the on-premises infrastructure.

Brief architecture overview

The agentless architecture for Veeam Availability for Nutanix AHV consists of a Veeam Backup Proxy Appliance that will reside within the AHV cluster. The requirement here is one proxy per cluster, and as a v1 product with extensive beta testing, we have not seen a requirement to scale this function out. The Veeam Backup Proxy Appliance is a lightweight installation, offering an intuitive Prism-like web UI that is used to manage the appliance itself, configure, schedule and run backups, and perform both full-VM recoveries and disk-based recoveries.

The Veeam Backup Proxy Appliance is required to have communication with a Veeam Backup & Replication server for authentication purposes, but this also extends recovery capabilities with the ability to perform file-level recoveries and application item-level recoveries using the established Veeam Explorers. Also, as an extension to the backup policy, you can leverage backup copy jobs or send AHV backups to tape. Finally, there’s the ability to do more with AHV data, like converting those backup files into VMDK, VHD and VHDX for use in different virtual environments, as well as sending and converting them to machines in Microsoft Azure, which is ideal for a testing environment with infinite and scalable resources.

The final thing to mention on the architecture is where the backup files are stored — a Veeam Backup & Replication repository, the primary reason for the communication and authentication from Veeam Backup Proxy Appliance to the Veeam Backup & Replication server.

Zero socket license

Because of the requirement for a Veeam Backup & Replication server and repository, a common question is “if we are moving completely to Nutanix AHV as our only hypervisor in the environment, how do we gain access to the required Veeam Backup & Replication components if we do not have a license for it?” This is essentially the same question in Veeam Agent-only customer environments with no virtualization in place, so the same answer applies.

All Veeam Availability for Nutanix AHV licenses (and Veeam Agent licenses) are delivered with a zero-socket license for Veeam Backup & Replication at no additional cost. The zero-socket license unlocks Veeam Backup & Replication functionality for AHV backups in environments where an existing Veeam Backup & Replication for VMware vSphere of Microsoft Hyper-V instance does not exist.

Mixed environments

As mentioned above, many environments will have the requirement to run a multi-hypervisor infrastructure for numerous reasons. The possibilities from a management, backup and recovery perspective for AHV environments that have been brought with the release of Veeam Availability for Nutanix AHV have already been discussed, but if we were to also have a VMware vSphere or a Microsoft Hyper-V footprint alongside AHV, does this mean I have to have additional Veeam management components?

No, that same Veeam Backup & Replication management server and repository can be used for Nutanix AHV, VMware and Microsoft Hyper-V backups, as well as Veeam Agent backups. However, in some circumstances, there may be a requirement to have separate management for these environments, and that can be achievable using the zero socket license applicable in both AHV- or Veeam Agent-only environments. Remember, Veeam does not license the components that are licensed on the production workload, meaning you are able to have as many Veeam components as you see fit.

The post Veeam and Nutanix AHV in a multi-hypervisor environment appeared first on Veeam Software Official Blog.


Veeam and Nutanix AHV in a multi-hypervisor environment

#1 Hyper-Availability for Nutanix Enterprise Cloud

Source: Veeam

In June 2017 we announced that we would be working on support for the Nutanix Acropolis Hypervisor (AHV) and shortly after in October we were able to show an alpha build of the code and demo what functionality would be arriving. Today we are excited and pleased to announce that our Hyper-Availability story is generally available for the entire Nutanix Enterprise Cloud platform, allowing us to protect all virtualized workloads – VMware vSphere, Microsoft Hyper-V and Nutanix AHV – in an application consistent state.

Support for Nutanix AHV comes with a new product –– Veeam Availability for Nutanix AHV –– which includes many of the same easy-to-use features and functionality from Veeam Backup & Replication in a familiar portable backup file format. This also includes the ability to align your strategy with the 3-2-1 backup methodology through one of our many Veeam Cloud Service Providers (VCSP) partners, tape or backup copy to disk for offsite backups and long-term retention.

Overview

Veeam Availability for Nutanix AHV will consist of three components:

  1. Veeam Backup & Replication 9.5 update 3a minimum
  2. Veeam Backup Proxy Appliance for AHV
  3. Veeam Backup repository (deduplication devices not supported in v1)

Veeam Backup & Replication 9.5 Update 3a

The Veeam backup server is there to allow for authentication from the Veeam backup proxy appliance to give the ability to send backup files to the Veeam backup repository. The Veeam Backup Server also offers the ability for longer term retention to either tape, disk or Veeam Cloud Connect.

Veeam Backup Proxy Appliance for AHV

The proxy appliance will be deployed within the Nutanix Acropolis hyper-converged infrastructure cluster. Management of the appliance as well as the configuration, scheduling and execution of backups and full-VM restores will be handled by a new web UI, specifically designed to look and operate like Prism for familiarity, to Nutanix administrators and users.

Veeam Backup repository

The Veeam backup repository is a folder on a storage device that acts as a backup target that is managed by the Veeam backup server.

Features

Application consistency

The ability to take application consistent backups of your mission critical workloads is a must. This is achieved by requesting a Distributed Storage Fabric (DSF) snapshot within the Nutanix AHV cluster. Nutanix guest tools (NGT) can then be used to trigger the preparation of the guest operating system for an online backup. For VMs where application consistency is required but NGT is not installed, Veeam recommends using the server edition of Veeam Agent for Microsoft Windows or for Linux.

Changed Block Tracking

When Veeam Backup & Replication performs incremental backup, it needs to know what data blocks have changed since the previous job session. To get the list of changed data blocks, Veeam Backup & Replication uses the changed block tracking mechanism, or CBT. CBT Increases the speed and efficiency of incremental backups. The backup process will leverage the AHV CBT for full and incremental backups.

Protection domains

The ability to leverage Nutanix Protection Domains not only means the ability to keep a short-term amount of fast Recovery Point Objective (RPO) snapshots in place but it also means that this same Protection Domain which is a defined group of virtual machines can be leveraged to simplify backup management also.

Workflow

The backup proxy communicates with Nutanix AHV to trigger a virtual machine snapshot, retrieves virtual machine data block by block from datastores hosting virtual machines, compresses and deduplicates it and writes to the backup repository in Veeam’s proprietary format.

Veeam Backup & Replication creates per-VM backup chains: One backup chain contains data for one VM only.

Recovery

Now let’s get to the interesting part, the backup is the insurance policy that none of us hope we ever have to use, the recovery though is where we could be saving jobs and lives.

Veeam Backup Proxy Appliance for AHV

Recovery options from the proxy appliance will be full-VM recovery to the original location, performed from within the web UI. The ability to restore individual virtual machine disks is also possible from the web UI.

Veeam Backup & Replication 9.5 Update 3a

When it comes to the granular restore options, it is required to be in the Veeam backup server to perform these tasks. Granular restore options include:

  • Windows file level restore
  • Application items restore (Microsoft Active Directory, Microsoft Exchange, Microsoft SharePoint, Microsoft SQL Server and Oracle)
  • VM disk export (VMDK, VHD or VHDX)
  • Direct Restore to Microsoft Azure

I am super excited to see the technical innovation happening within Veeam, the elevation of the Hyper Converged market leader as a Veeam elite alliance partner and the addition of the third hypervisor within the Hyper-Availability Platform. I am now even more excited to see where this product goes in the future. I strongly encourage anyone that has AHV deployed or under evaluation to download the fully-functional FREE 30-day trial today.

See more

The post #1 Hyper-Availability for Nutanix Enterprise Cloud appeared first on Veeam Software Official Blog.


#1 Hyper-Availability for Nutanix Enterprise Cloud

Unleash your storage with DataLabs

Source: Veeam

The ability to back up your data and recover is one thing, but let’s also consider the opportunity to leverage that backup data or even the ability to leverage the investment you made further with your production storage. Enabling other parts of your business to benefit from that data is even more important as we are in a world that is critically reliant on data.

Some of the areas that could really prosper from near-live copies of the production data on performant and efficient storage are security testing, IT administration tasks, DevOps and Analytics. Why take complete copies for these purposes? Why potentially affect the production workloads whilst running analytics or other processes against production workloads?

Veeam DataLabs allows for this, the ability to use backup files or even replicas, and run a copy of the instance in an isolated network to perform any task outside of the production environment. Also included, is the ability to leverage application-consistent storage snapshots from the many storage integrations vendors support today.


The diagram shows isolation between production and data labs

For example, you can provide self-service for developers to spin up copies of the data as they design new features.  You might provide sandbox environments for IT Operations to test new patches and updates before they are rolled out across the company.  The Security and Forensics teams may use copies of the data to test for security vulnerabilities without disrupting the production systems, or for performing forensics on an event that was picked up through their security incident and event management platform.  Or maybe the compliance and analysis groups need to provide statistics and analysis on data growth or data types.

On-Demand Sandbox

In order for this to work, we need to create three things in Veeam Backup & Replication. This can be achieved in the user interface or via PowerShell.

This process requires the following:

  • Virtual Lab
  • Application Group
  • SureBackup job

Once these three components have been configured, you can begin taking advantage of Veeam DataLabs. It’s a one-time setup.

Virtual Lab

The Virtual Lab is a small Linux appliance that runs within your environment and provides a gateway to your “lab” environment, allowing nothing to pass back through to the production environment. This appliance will run within the target environment within the virtual infrastructure.

Application Group

The concept of an Application Group is that many workloads do not work alone, they require multiple instances to truly be able to test functionality of the overall application. The Application Group will group together all of those components and dependencies. This Application Group can be selected from storage snapshots, backups or replicas, and they can be mixed to allow for different tiered instances to be included in the isolated environment.

SureBackup job

The SureBackup job is the policy-based schedule and group of when and where we want the sandbox environment to run. This job brings together the Application Group and the Virtual Lab. For example, you may have multiple Virtual Labs configured for different sites and locations. You may also have multiple Application Groups for different test and development cycles.

Storage snapshot integration

The particular process that I would like to cover is when using the storage snapshot integration.

  1. Veeam will detect the latest storage snapshot for the VM(s)
  2. Veeam will then trigger a copy of the storage snapshot, this will ensure that the snapshot will remain the same during this process.
  3. The snapshot copy is then presented as a new datastore to the environment where the virtual lab has been configured.
  4. Veeam will then reconfigure the configuration files. Start the VM(s) at this point. The sandbox environment is ready to perform the required tasks.
  5. Once the process is complete, and the copy and environment is no longer needed, Veeam will automate the following procedures: Power off, clean up, unmount datastore and the final power off of the virtual lab. The final task is to remove the storage system snapshot copy.

I think you would agree this process is above the everyday backup and recovery that is essential in all businesses today. The ability to reach additional touch points within the business and offer the value of data without affecting the day-to-day running of a production system is a real value to many.

The post Unleash your storage with DataLabs appeared first on Veeam Software Official Blog.

Unleash your storage with DataLabs

Optimize your restores to Microsoft Azure with PowerShell – Part 2

Source: Veeam

We’ve covered how using a PowerShell script might come in handy for certain use cases. Now, let’s take the PowerShell script and show how it can be backed into your day-to-day Veeam Backup & Replication jobs.

In this post, we will cover how these scripts can be run before and after the backup job. This would allow us to take the most recent backup and convert it straight into an Azure Virtual Machine after the backup job is done. This means we can schedule the backup job to start within a certain window and get this machine (or a group of machines) converted before your test/development team is even in the building.

The use case

This specific use case I keep mentioning is around test and development. There are no hard rules on this, anything that could take advantage of cloud computing within Azure is a valid use case. For example, taking advantage of an isolated environment to perform modern analytics against the most current backup data or for training and development to certain areas of the business. The possibilities are endless.

You saw in the last post the creation of the raw PowerShell script, by taking that script and adding that to a backup job as pre- and post-job scripts which give us the ability to schedule a conversion task. The time it takes to convert to that Azure VM or that group of Azure VMs depends on the backup file placement.

Adding the script to the job

We want to firstly run through creating a new backup job or using an existing backup job. On the “Storage” step of the settings you have an “Advanced” button, by selecting it and going to the “Scripts” tab, you can specify your pre- and post-job scripts. Another interesting concept here is an ability to pick either a number of times you want to run these scripts or certain days to run them on.

Pre-job script

The concept of the pre-script is the clean-up script mentioned in the first post. The idea here is that we may not want to duplicate multiple instances within our Azure environment. If we do then maybe we just remove this script completely. What this script is going to do is power down and remove any of our provisioned resources from the last run of the job. If this is the first run and there are no provisioned resources, then you will receive an exit code 1 meaning there is nothing to be removed.

Post-job script

This script is going to take place after the backup operation has completed. In our case, the job will take the most recent restore point and send it for conversion in our test and development environment in Azure. Once the backup job is complete, you will see a new job for conversion start within the Veeam Backup & Replication tasks.

The post Optimize your restores to Microsoft Azure with PowerShell – Part 2 appeared first on Veeam Software Official Blog.

Optimize your restores to Microsoft Azure with PowerShell – Part 2

Optimize your restores to Microsoft Azure with PowerShell

Source: Veeam

I firstly wanted to highlight a series that is being written by Jorge on Microsoft Azure and Veeam. He touches on connectivity, deployment, configuration and then restore options. This is where I want to jump in with the topic of my at least two-part series. I will be touching on a feature within Veeam Backup & Replication called Veeam Restore to Microsoft Azure. Though before it was baked into Veeam Backup & Replication, it was a standalone free product available in the Microsoft Azure marketplace. Veeam Backup & Replication 9.5, with this included feature, was launched at the back end of 2016, but the standalone has been around since around April 2016.

There are lots of resources out there running through the process and lots of demo videos on YouTube, but I wanted to show some more options that we can use this feature for.

A PowerShell script use case

The reason I wanted to put this concept out there was to highlight some of the additional functionality you could bring to your environment using this feature. The real use case that stands out today is the ability to migrate your workloads to Azure away from the on-premises configuration. This is achievable, but this is a one-way conversion. Very much like the physical to virtual (P2V) process we all know and went through a few years back. Another use case would be around leveraging Azure for an isolated test and development environment. Again, completely doable, but the issue within the interface is that you must be reactive to when you want to set this lab up and the wait time to transfer the image to Azure is the biggest piece to contend with.

What this PowerShell script concept will allow you to do is create a scheduled task to run proactively and give you the test bed without having to manually configure and wait for this to be set up. By using PowerShell script we can completely automate this process and have this run before you arrive in the office.

Pre-requisites and Azure requirements

There are a few things you need to have in place for us to start using this script that I will cover later on.

  • Microsoft Azure Account — preferably the Azure Resource Manager and not Classic Mode
  • A Veeam Backup & Replication server with the Veeam PowerShell SnapIn (This instance can be running anywhere including Azure)
  • A Veeam backup chain, as with the Veeam Backup & Replication server this can be stored anywhere. If it was stored in Azure, it would save that conversion time
  • Ability to add your Azure account to Veeam Backup & Replication via either interface or PowerShell. For the purposes of this blog post I will not cover this step

The other posts have already covered the process that Veeam Restore to Microsoft Azure takes, but the process involves the conversion of the VM’s backup file to a VM running in Microsoft Azure. By having the backup chain already in Microsoft Azure, you can expect that transfer time or the conversion time to be much faster than sending them from an on-premises location.

The Variables

“A variable is a value that can change, depending on conditions or on information passed to the program. Typically, a program consists of instructions that tell the computer what to do and data that the program uses when it is running.”

I will place the actual script to discover the variables that we require. There is one variable here that will determine the Veeam Backup restore point. In the script example you are able to determine the latest restore point of a VM in the backup. All this additional information will become clear with the second part of the series:

  • Backup job name, virtual machine name(s)
  • Azure Subscription
  • Azure Storage Account
  • Azure VM configuration
  • Azure Virtual Network
  • Azure Resource Group

More resources can be found within the Veeam user guide.

Variable Script

$restorepoint = Get-VBRBackup -Name "TPM04-SQL-02" | Get-VBRRestorePoint -Name "TPM04-SQL-02" | Sort-Object $_.creationtime -Descending | Select -First 1
$account = Get-VBRAzureAccount -Type ResourceManager -Name "username@domain.com"
$subscription = Get-VBRAzureSubscription -Account $account -name "SubscriptionName"
$storageaccount = Get-VBRAzureStorageAccount -Subscription $subscription -Name "vdr2ma"
$location = Get-VBRAzureLocation -Subscription $subscription -Name "eastus"
$vmsize = Get-VBRAzureVMSize -Subscription $subscription -Location $location -Name Standard_A1
$network = Get-VBRAzureVirtualNetwork -Subscription $subscription -Name "vdr2ma"
$subnet = Get-VBRAzureVirtualNetworkSubnet -Network $network -Name "default"
$resourcegroup = Get-VBRAzureResourceGroup -Subscription $subscription -Name "vdr2ma"

Running the script

Now for the fun part, lets run the job to start sending our latest restore point up into our pre-defined Azure environment.
 
Start-VBRVMRestoreToAzure -RestorePoint $restorepoint -Subscription $subscription -StorageAccount $storageaccount -VmSize $vmsize -VirtualNetwork $network -VirtualSubnet $subnet -ResourceGroup $resourcegroup -VmName TPM04SQL02restored2Azure -Reason "Test and Development"

Clean-up script

We also want to be able to stop this job or to clean up the Azure VMs we have provisioned. For this purpose, which is for a test and development use case, we want to completely remove the machine from our Azure environment.
 
Login-AzureRmAccount
Select-AzureSubscription -SubscriptionName $subscription -Current
Get-AzureRmVM -Name "TPM04SQL02restored2Azure" -ResourceGroupName $resourcegroup>
Stop-AzureRmVM -Name "TPM04SQL02restored2Azure" -ResourceGroupName $resourcegroup -force
Remove-AzureRmVM -ResourceGroupName $resourcegroup -Name "TPM04SQL02restored2Azure" -force

 
In the next post we will be covering how we can extend the use case even further and do more with this feature.

The post Optimize your restores to Microsoft Azure with PowerShell appeared first on Veeam Software Official Blog.

Optimize your restores to Microsoft Azure with PowerShell

New Snapshot Integration for Pure Storage now available for Veeam Software

Source: Veeam

At the back end of 2017, Veeam released the Universal Storage API with Veeam Availability Suite 9.5 update 3. This framework offers built-in integrations with storage systems to help decrease impact on the production environment and significantly improve RPOs.

Today Veeam announces Pure Storage as the next storage vendor to arrive onto this integration framework. With more and more businesses moving toward and adopting all-flash storage solutions that help those businesses to deliver more predictable performance across an ever more demanding business workload, it goes without saying that there is no requirement change for Always-On Availability. In fact, this increases the requirements around RTO and RPO SLAs.

Reduce impact of performance on production workloads

 
The features this framework unlocks are the ability to reduce the impact of performance on the primary VMware estate when it comes to creating VMware snapshots, offloading this process to the storage array to then taking the backup from the storage.

Enable granular recovery for storage snapshots

 
Secondly the ability to use the Veeam Explorer for Storage Snapshots to gain visibility into historic snapshots and still give the ability to perform granular recovery tasks against snapshots not even created by Veeam on the storage array.

Application consistent storage snapshot orchestration

Thirdly and very important to tightening that recovery point objective is the ability to drive application consistent snapshots on the storage array to provide an option for really fast recovery of data, down to the application item level.

 

Automated restore verification and on-demand labs: “Put your data to work”

 

Lastly but probably most importantly is the ability to do more with those snapshots that have been created in an application consistent manner, with this integration you will have the ability to leverage this data for many different use cases.

One use case of where this functionality could really benefit these businesses is DevOps, the ability to create copies of your production environment in minutes so that your developers can test new features against that production-like data without affecting performance and uptime of the production workloads. All of this whilst using your performant Pure Storage FlashArray features that include thin provisioning, deduplication and compression.

Another use case is around modern analytics, the ability to take the production workload and leverage that data so that as end users you can gain insight into your workloads and achieve more with those findings and deliver value for your business without having to worry about the underlying infrastructure and performance.

FlashStack — Agile IT

This integration also follows the Pure Storage FlashArray into the converged infrastructure, offering the ability to combine compute, networking, storage and virtualisation. This provides more efficiency, ease of deployment and predictable performance. Reducing management and the need to fine tune these tasks frees up resource to focus on more important tasks within the business.
 

 
This converged approach can be extended with the use of the “Virtual Data Center in a box” allowing for your remote offices to also benefit from the storage and Availability benefits from Cisco, VMware, Pure Storage and Veeam.

Conclusion

The Pure Storage FlashArray integration with Veeam Availability Suite provides backup, recovery, replication and failover capabilities to enhance recovery point objectives and recovery time objectives.

More resources

 

The post New Snapshot Integration for Pure Storage now available for Veeam Software appeared first on Veeam Software Official Blog.

New Snapshot Integration for Pure Storage now available for Veeam Software