Blog

Get your data ready for vSphere 5.5 End of Support

Source: Veeam

There have been lots of articles and walkthroughs on how to make that upgrade work for you, and how to get to a supported level of vSphere. This VMware article is very thorough walking through each step of the process.

But we wanted to touch on making sure your data is protected prior, during and after the upgrade events.

If we look at the best practice upgrade path for vSphere, we’ll see how we make sure we’re protected at each step along the way:

Upgrade Path

The first thing that needs to be considered is what path you’ll be taking to get away from the end of general support of vSphere 5.5. You have two options:

  • vSphere 6.5 which is now going to be supported till November 2021 (so another 5 years’ time)
  • vSphere 6.7 which is the latest released version from VMware.

Another consideration to make here is support for surrounding and ecosystem partners, including Veeam. Today, Veeam fully supports vSphere 6.5 and 6.7, however, vSphere 6.5 U2 is NOT officially supported with Veeam Backup & Replication Update 3a due to the vSphere API regression.

The issue is isolated to over-provisioned environments with heavily loaded hosts (so more or less individual cases).

It’s also worth noting that there is no direct upgrade path from 5.5 to 6.7. If you’re currently running vSphere 5.5, you must first upgrade to either vSphere 6.0 or vSphere 6.5 before upgrading to vSphere 6.7.

Management – VMware Virtual Center

The first step of the vSphere upgrade path after you’ve decided and found the appropriate version, is to make sure you have a backup of your vCenter server. The vSphere 5.5 virtual center could be a Windows machine or it could be using the VCSA.

Both variants can be protected with Veeam, however, the VCSA runs on a Postgres-embedded database. Be sure to take an image-level backup with Veeam and then there is a database backup option within the appliance. Details of the second step can be found in this knowledge base article.

If you’re an existing Veeam customer, you’ll already be protecting the virtual center as part of one of your existing backup jobs.

You must also enable VMware tools quiescence to create transactionally-consistent backups and replicas for VMs that do not support Microsoft VSS (for example, Linux VMs). In this case, Veeam Backup & Replication will use the VMware Tools to freeze the file system and application data on the VM before backup or replication. VMware Tools quiescence is enabled at the job level for all VMs added to the job. By default, this option is disabled.

You must also ensure Application-Aware Image Processing (AAIP) is either disabled or excluded for the VCSA VM.

Virtual Machine Workloads

If you are already a Veeam customer, then you’ll already have your backup jobs created and working with success before the upgrade process begins. However, as part of the upgrade process, you’ll want to make sure that all backup job processes that initiate through the virtual center are paused during the upgrade process.

If the upgrade path consists of new hardware but with no vMotion licensing, then the following section will help.

Quick Migration

Veeam Quick Migration enables you to promptly migrate one or more VMs between ESXi hosts and datastores. Quick Migration allows for the migration of VMs in any state with minimum disruption.

More information on Quick Migration can be found in our user guide.

During the upgrade process

As already mentioned in the virtual machine workloads section, it is recommended to stop all vCenter-based actions prior to update. This includes Veeam, but also any other application or service that communicates with your vCenter environment. It is also worth noting that whilst the vCenter is unavailable, vSphere Distributed Resource Scheduler (DRS) and vSphere HA will not work.

Veeam vSphere Web Client

If you’re moving to vSphere 6.7 and you have the Veeam vSphere Web Client installed as a vSphere plug-in, you’ll need to install the new vSphere Veeam web client plug-in from a post-upgraded Veeam Enterprise Manager.

More detail can be found in Anthony Spiteri’s blog post on new HTML5 plug-in functionality.

You’ll also need to ensure that any VMware-based products or other integrated products vCenter supports are the latest versions as you upgrade to a newer version of vSphere.

Final Considerations

From a Veeam Availability perspective, the above steps are the areas that we can help and make sure that you are constantly protected against failure during the process. Each environment is going to be different and other considerations will need to be made.

Another useful link that should be used as part of your planning: Update sequence for vSphere 5.5 and its compatible VMware products (2057795)

One last thing is a shout out to one of my colleagues who has done an in-depth look at the vSphere upgrade process.

The post Get your data ready for vSphere 5.5 End of Support appeared first on Veeam Software Official Blog.


Get your data ready for vSphere 5.5 End of Support

The Office 365 Shared Responsibility Model

Source: Veeam

The No. 1 question we get all the time: “Why do I need to back up my Office 365 Exchange Online, SharePoint Online and OneDrive for Business data?”

And it’s normally instantaneously followed up with a statement similar to this: “Microsoft takes care of it.”

Do they? Are you sure?

To add some clarity to this discussion, we’ve created an Office 365 Shared Responsibility Model. It’s designed to help you — and anyone close to this technology — understand exactly what Microsoft is responsible for and what responsibility falls on the business itself. After all — it is YOUR data!

Over the course of this post, you’ll see we’re going to populate out this Shared Responsibility Model. On the top half of the model, you will see Microsoft’s responsibility. This information was compiled based on information from the Microsoft Office 365 Trust Center, in case you would like to look for yourself.

On the bottom half, we will populate out the responsibility that falls on the business, or more specifically, the IT organization.

Now, let’s kick this off by talking specifically about each group’s primary responsibility. Microsoft’s primary responsibility is focused on THEIR global infrastructure and their commitment to millions of customers to keep this infrastructure up and running, consistently delivering uptime reliability of their cloud service and enabling the productivity of users across the globe.

An IT organization’s responsibility is to have complete access and control of their data — regardless of where it resides. This responsibility doesn’t magically disappear simply because the organization made a business decision to utilize a SaaS application.

Here you can see the supporting technology designed to help each group meet that primary responsibility. Office 365 includes built-in data replication, which provides data center to data center georedundancy. This functionality is a necessity. If something goes wrong at one of Microsoft’s global data centers, they can failover to their replication target, and, in most cases, the users are completely oblivious to any change.

But replication isn’t a backup. And furthermore, this replica isn’t even YOUR replica; it’s Microsoft’s. To further explain this point, take a minute and think about this hypothetical question:

What has you fully protected, a backup or a replica?

Some of you might be thinking a replica — because data that is continuously or near-continuously replicated to a second site can eliminate application downtime. But some of you also know there are issues with a replication-only data protection strategy. For example, deleted data or corrupt data is also replicated along with good data, which means your replicated data is now also deleted or corrupt.

To be fully protected, you need both a backup and a replica! This fundamental principle has been the bedrock of Veeam’s data protection strategy for over 10 years. Look no further than our flagship product, aptly named Veeam Backup & Replication.

Some of you are probably already thinking: “But what about the Office 365 recycle bin?” Yes, Microsoft has a few different recycle bin options, and they can help you with limited, short-term data loss recovery. But if you are truly in complete control of your data, then “limited” can’t check the box. To truly have complete access and control of your business-critical data, you need full data retention. This is short-term retention, long-term retention and the ability to fill any / all retention policy gaps. In addition, you need both granular recovery, bulk restore and point-in-time recovery options at your fingertips.

The next part of the Office 365 Shared Responsibility Model is security. You’ll see that this is strategically designed as a blended box, not separate boxes — because both Microsoft AND the IT organization are each responsible for security.

Microsoft protects Office 365 at the infrastructure level. This includes the physical security of their data centers and the authentication and identification within their cloud services, as well as the user and admin controls built into the Office 365 UI.

The IT organization is responsible for security at a data-level.  There’s a long list of internal and external data security risks, including accidental deletion, rogue admins abusing access and ransomware to name a few. Watch this five-minute video on how ransomware can take over Office 365. This alone will give you nightmares.

The final components are legal and compliance requirements. Microsoft makes it very clear in the Office 365 Trust Center that their role is of the data processor. This drives their focus on data privacy, and you can see on their site that they have a great list of industry certifications. Even though your data resides within Office 365, an IT organization’s role is still that of the data owner. And this responsibility comes with all types of external pressures from your industry, as well as compliance demands from your legal, compliance or HR peers.

In summary, now you should have a better understanding of exactly what Microsoft protects within Office 365 and WHY they protect what they do. Without a backup of Office 365, you have limited access and control of your own data. You can fall victim to retention policy gaps and data loss dangers. You also open yourself up to some serious internal and external security risks, as well as regulatory exposure.

All of this can be easily solved with a backup of your own data, stored in a place of your choosing, so that you can easily access and recover exactly what you want, when you want.

Looking to find a simple, easy-to-use Office 365 backup solution?

Look no further than Veeam Backup for Microsoft Office 365. This solution has already been downloaded by over 35,000 organizations worldwide, representing 4.1 million Office 365 users across the globe. Veeam was also named to Forbes World’s Best 100 Cloud Companies and is a Gold Microsoft Partner. Give Veeam a try and see for yourself.

Additional resources:

The post The Office 365 Shared Responsibility Model appeared first on Veeam Software Official Blog.


The Office 365 Shared Responsibility Model

Veeam and Nutanix AHV in a multi-hypervisor environment

Source: Veeam

Many environments have the requirement to be flexible to what platform they are running. Flexibility allows for the ability to move, migrate and leverage data between each of their virtual environment assets. This also applies to extending into other cloud environments, whether that be for backup retention purposes, using a Veeam Cloud & Service Provider partner for managed service providers or expanding the production environment into the public cloud to offer further flexibility to the on-premises infrastructure.

Brief architecture overview

The agentless architecture for Veeam Availability for Nutanix AHV consists of a Veeam Backup Proxy Appliance that will reside within the AHV cluster. The requirement here is one proxy per cluster, and as a v1 product with extensive beta testing, we have not seen a requirement to scale this function out. The Veeam Backup Proxy Appliance is a lightweight installation, offering an intuitive Prism-like web UI that is used to manage the appliance itself, configure, schedule and run backups, and perform both full-VM recoveries and disk-based recoveries.

The Veeam Backup Proxy Appliance is required to have communication with a Veeam Backup & Replication server for authentication purposes, but this also extends recovery capabilities with the ability to perform file-level recoveries and application item-level recoveries using the established Veeam Explorers. Also, as an extension to the backup policy, you can leverage backup copy jobs or send AHV backups to tape. Finally, there’s the ability to do more with AHV data, like converting those backup files into VMDK, VHD and VHDX for use in different virtual environments, as well as sending and converting them to machines in Microsoft Azure, which is ideal for a testing environment with infinite and scalable resources.

The final thing to mention on the architecture is where the backup files are stored — a Veeam Backup & Replication repository, the primary reason for the communication and authentication from Veeam Backup Proxy Appliance to the Veeam Backup & Replication server.

Zero socket license

Because of the requirement for a Veeam Backup & Replication server and repository, a common question is “if we are moving completely to Nutanix AHV as our only hypervisor in the environment, how do we gain access to the required Veeam Backup & Replication components if we do not have a license for it?” This is essentially the same question in Veeam Agent-only customer environments with no virtualization in place, so the same answer applies.

All Veeam Availability for Nutanix AHV licenses (and Veeam Agent licenses) are delivered with a zero-socket license for Veeam Backup & Replication at no additional cost. The zero-socket license unlocks Veeam Backup & Replication functionality for AHV backups in environments where an existing Veeam Backup & Replication for VMware vSphere of Microsoft Hyper-V instance does not exist.

Mixed environments

As mentioned above, many environments will have the requirement to run a multi-hypervisor infrastructure for numerous reasons. The possibilities from a management, backup and recovery perspective for AHV environments that have been brought with the release of Veeam Availability for Nutanix AHV have already been discussed, but if we were to also have a VMware vSphere or a Microsoft Hyper-V footprint alongside AHV, does this mean I have to have additional Veeam management components?

No, that same Veeam Backup & Replication management server and repository can be used for Nutanix AHV, VMware and Microsoft Hyper-V backups, as well as Veeam Agent backups. However, in some circumstances, there may be a requirement to have separate management for these environments, and that can be achievable using the zero socket license applicable in both AHV- or Veeam Agent-only environments. Remember, Veeam does not license the components that are licensed on the production workload, meaning you are able to have as many Veeam components as you see fit.

The post Veeam and Nutanix AHV in a multi-hypervisor environment appeared first on Veeam Software Official Blog.


Veeam and Nutanix AHV in a multi-hypervisor environment

Never Try to Fix the Problem When Hacked

Source: SANS security tip
Eventually, we all get hacked. The bad guys are very persistent and we can all make a mistake. If you suspect you have been hacked never try to fix the situation, instead report it right away. If you try to fix the situation, such as paying an online ransom or deleting the infected files, not only could you stil be hacked but you are most likely causing far more harm than good.
Never Try to Fix the Problem When Hacked

Clues You Have Been Hacked

Source: SANS security tip
Some of the most common indicators that you may have been include the following. Your friends tell you that they have received odd emails or messages from you, messages you know you did not send. Your password no longer works for one of your accounts, even though you know you never changed the password. Your anti-virus informs you that one of your files or computer is infected. You receive a pop-up message informing you that the files on your computer have been encrypted and you must pay a ransom to recover them.
Clues You Have Been Hacked

Instant visibility & restore for Microsoft SharePoint

Source: Veeam

Microsoft SharePoint is an invaluable tool used by organizations worldwide for data sharing and collaboration among teams. SharePoint provides businesses with a way to increase teamwork and productivity to streamline their processes and improve their business outcomes. There are several deployment options available for SharePoint, such as on-premises, online through Office 365 or a hybrid deployment. Each option has its own benefits, however, this blog post focuses on Veeam Explorer for SharePoint being used in an on premises deployment model of Microsoft SharePoint. If you’re using SharePoint online, Veeam Explorer is available to you as well through Veeam Backup for Microsoft Office 365.

An on-premises SharePoint farm could consist of multiple servers with each server needing to remain operating to meet your end user’s expectation. To meet a user’s demands, it’s important to have an Availability strategy in place. Veeam meets these expectations by giving you the technology to browse the database, restore individual items, and gain instant visibility while still being easy to use.

Veeam Explorer for Microsoft SharePoint

Veeam has developed many powerful built-in Explorers in its software, and Veeam Explorer for Microsoft SharePoint is no different. From the Veeam backup of your SharePoint server, you gain the ability to browse the content database, recover necessary items without having to fully restore, and start the virtual machine hosting the content database. Like the other Veeam Explorers, this tool is available with all editions of Veeam Backup & Replication, even the Free Edition!

When you perform a backup of your SharePoint Server, remember to enable Application Aware Image Processing. This technology creates a transactional-consistent backup to guarantee the proper recovery of your applications running on VMs. Once you successfully created the backup or replica of your SharePoint Server, you can start using the Explorer. There are a couple options available to you when using the Explorer, these include: browsing the SharePoint database, restoring individual SharePoint items and permissions, exporting items (sending as an email attachment or saving them to another location), and the ability to restore SharePoint sites.

Instant Visibility

Once you’re ready to perform a recovery, the application item restore wizard will auto-discover the SharePoint farms that were backed up and initiate the mount operation. During this operation, Veeam Backup & Replication retrieves information about SharePoint sites, the corresponding database server VMs, and restore points.


Figure 1: Veeam SharePoint Item restore wizard

When first initiating the restore, the wizard shows you the list of available sites included in the backup, allowing you to choose which site you want to explore to find the items you need. The Application Aware Image Processing technology is how Veeam Backup & Replication auto-discovers the information about your SharePoint Servers. It is important to remember to select this option when first performing the backup.


Figure 2: Veeam Explorer for Microsoft SharePoint

Within the Explorer itself is where you can view the content databases, sites, subsites, libraries and lists. Depending on what you select, you can browse and view its contents to find what is needed to restore. If your restoring a document, you can even open and preview the document to ensure it’s the correct item needed to recover. Available in all the editions of Veeam Backup & Replication, Veeam Explorer for Microsoft SharePoint delivers granular browsing and search capabilities to find any item or multiple items stored in any number of Microsoft SharePoint databases. To support this capability, the guest file system of the VM is mounted directly from the backup to a staging Microsoft SQL Server. By default, Veeam will use the SQL Server Express instance that was installed when you deployed Veeam Backup & Replication. One thing to note, the staging system must be compatible or the same version as the Microsoft SQL server that hosts the Microsoft SharePoint Content databases. If it is not, you will need to identify a staging SQL Server that is compatible to be able to use the Explorer. This is available within the Veeam Explorer options, under the SQL Server Settings tab. For detailed instructions on this functionality, please refer to the user guide.

With the amount of visibility Veeam Explorer for Microsoft SharePoint provides, you may want to be able to keep track of who is accessing the Explorer, what they are looking at, and why they are performing restores. For this, Veeam offers another layer of visibility, especially when it comes to restore operations. This visibility comes in the form of Veeam ONE, specifically the Restore Operators Report allowing you to safeguard your data with the ability to see who is accessing your data, where it is being restored to, and what items are being restored.

Veeam ONE Restore Operators Report

Veeam offers powerful, useful tools to ensure Availability for your business. Sometimes, we need to take an extra step to ensure we are still meeting the security requirements for the business as well. Veeam ONE’s Restore Operator’s Report gives you a detailed description of who is accessing your backup data and what restores they are performing or not performing. This allows you to gain an extra layer of visibility by being able to view all types of restore actions performed across the Veeam Backup Servers.


Figure 3. Restore Operators Activity Report

The above report shows who is accessing the backup data and what restores they are performing. This is an easy way to ensure that the correct people who have permission to be accessing certain data, are only accessing that data when and how they’re supposed to. The above image shows the different users performing restores and what type of restore it is, if its application, full VM, files, or even a restore from tape.


Figure 4. Restore Operators Report Continued

Going deeper into the report, you can see which VMs the users are accessing and what restores they are performing, or if they’re even performing a restore. This report is very useful to double check to ensure your users are only accessing what they should be accessing.

Conclusion

Microsoft SharePoint is a valuable tool used in organizations today to increase collaboration among teams to improve teamwork and organizational knowledge to be able to make better decisions. Veeam Explorer for Microsoft SharePoint allows you to keep your business’ most important applications available to meet your end users demands. An added benefit is this Veeam Explorer for Microsoft SharePoint is even included in Veeam Backup Free Edition — allowing you to start using this powerful technology today!

The post Instant visibility & restore for Microsoft SharePoint appeared first on Veeam Software Official Blog.


Instant visibility & restore for Microsoft SharePoint

How to Build a Failover Plan in Veeam Availability Orchestrator

Source: Veeam

One of the most important components of Veeam Availability Orchestrator is the Failover Plan. The Failover Plan is an essential part of an organization’s disaster recovery plan. It contains the virtual machines to be protected, what steps to take during recovery, and other important information.

Now, we are going to take a look at the step-by-step process to creating your disaster recovery plan with Veeam Availability Orchestrator.

When you start the New Failover Plan Wizard, you will first be prompted to select a site. If you have multiple sites in your VAO environment, you would pick the production site of the application you are protecting.

Next, we want to give our Failover Plan a name. I like to use something that is clear and concise, such as the application name. You can also enter a description of your Failover Plan, as well as the contact information for the application you are protecting.

Next, we select the VM Group (or multiple VM Groups) containing the virtual machines of our application. As we mentioned in a previous post, VM Groups can be powered by VMware vSphere Tags. In this list, you can see the VMware vSphere Tags I have setup in my environment. In this case, I am going to select the applications with the HeliumRUN Windows Tag, since it has the virtual machines I am protecting with this Failover Plan.

Next are our VM Recovery Options. In this screen, we can decide how to handle a VM recovery failure in the unlikely event it happens. We can use VAO to run scheduled recovery tests on a regular basis, so this sort of failure would be a rare occurrence. We can also specify if we want to recover our VMs in a particular order, or at the same time, or finally how many VMs to recover simultaneously.

In the next screen, we are going to select the steps we are going to take for each VM during recovery. After we finish creating the Failover Plan, we will be able to add additional steps for individual VMs, including custom steps we upload to VAO. This is useful when we want to configure particular steps to verify the operation of an application such as Exchange, SharePoint, ISS, or SQL. For a complete list of Failover Plan steps included with VAO, be sure to take a look at the Veeam Availability Orchestrator official user guide here. Some steps, such as Verify SQL Database require credentials. If you select a step that requires credentials, you will be prompted to enter them for use.

One of the most important things to remember is that after we execute a disaster recovery plan, our disaster recovery site is now our production site. Because of this, it is very important that our applications receive the same level of protection they would on any other day. Luckily, Veeam Availability Orchestrator makes this easy by leveraging a pre-configured template job in Veeam Backup & Replication. At this screen, you can simply select the backup job you wish to use to protect your data at the disaster recovery site.

After ensuring your data is protected after your disaster recovery plan has executed, the next step is to configure Veeam Availability Orchestrator’s reporting capabilities. VAO has a completely customizable report template. These disaster recovery plan templates allow for the inclusion of all information needed during a disaster recovery plan execution, and can be scheduled to be sent to key stakeholders on a regular basis to ensure the environment is always ready for failover. For more about the reports included in VAO, be sure to check out this guide to VAO terminology.

By default, the Plan Definition Report and Readiness Check are scheduled to run daily, which is a great way to check the health of our disaster recovery plan. The Plan Definition Report includes all the information about the Failover Plan we just created, as well as a log of changes that have been made. The Readiness Check is a light-weight test that checks to ensure we are ready for a failover at a moment’s notice. If for some reason our Readiness Check has an error, we can then act to remediate it before a disaster strikes.

Finally, we are presented with a summary screen that shows us how our Failover Plan has been configured.  Once we click Finish, we have completed setting up our Failover Plan.

If we want to make any changes to our Failover Plan, it’s as simple as right-clicking on our Failover Plan and selecting “Edit,” or highlighting our Failover Plan and clicking “Manage” and then “Edit” on the navigation bar. The edit state is where we can add specific steps to each virtual machine, or to the failover plan in general. For example, I have uploaded a script to be run in the event of a disaster to make some DNS changes for my environment DNS changes.

This screen can be used to add either Pre or Post failover steps, or steps to each VM individually. The steps can also be put into a particular order if desired. The best part of this functionally is the ability to create a custom flow of steps as needed for each VM. For example, I may want to use the included steps of Verify Web Server Port and Verify Web Site (IIS) for a web server in the Failover Plan, and different steps on the SQL server. All of these steps will then be captured in a Plan Definition Report the next time it is run.

Congratulations, you are now protecting your application with Veeam Availability Orchestrator! If you want to take a look at creating your own Failover Plan, you can download a 30-day FREE trial of Veeam Availability Orchestrator.

The post How to Build a Failover Plan in Veeam Availability Orchestrator appeared first on Veeam Software Official Blog.


How to Build a Failover Plan in Veeam Availability Orchestrator