When to use SMB WriteThrough in Windows Server 2019

Source: Veeam

Today, we are going to discuss the Server Message Block (SMB) protocol which is incorporated into all Windows versions, both client and server. It is enabled by default and used to share files and printers. There are rather few versions of this protocol, but it was SMB 2.0, released with Windows Vista in 2006, that considerably improved its performance. Today, the latest version is SMB 3.1.1, that was released with Windows 10 and Windows Server 2016.

The focus of this version was on security by adding support for more encryption algorithms, leaving the performance practically unchanged. And although we don’t get the new protocol version with Windows Server 2019, there is one novelty added to the SMB protocol that affects the client side.

SMB cache

With the release of Windows Server 2019 (also available in Windows 10 version 1809), SMB connections on the client side now can be used without the SMB cache. In certain scenarios, this will accelerate the transfer of files sent using this protocol.

Here’s how you find this new parameter:

  • For the Command Prompt, it’s the WRITETHROUGH parameter for the command Net Use
  • For PowerShell, it’s the UseWriteThrough parameter for New-SmbMapping cmdlet.

 

Let’s see how it works and when it’s a good idea to use it.

SMB operation without the WriteThrough/UseWriteThrough parameters

By default, when Windows SMB client makes a connection to an SMB server, the client uses the SMB cache. We have to understand that this SMB client can be a Windows Server.

SMB client is a computer that makes the connection to a shared resource and SMB server is a computer that has that shared resource. The SMB cache is very useful in most cases. For example, imagine a user accessing their files on a file server. When he opens a file for the first time the SMB client downloads it completely but saves it in cache. When the user makes a modification to the file and saves the file, the file is not downloaded again, the load is faster since the file is in the cache. That is the default behaviour of the SMB cache for the SMB client and works in every Windows SMB version.

What is the WriteThrough parameter for?

This parameter allows to map a network unit with forced access (“direct write”) and thus omit all the operating system caches, forcing the read/write to disk.

Previously, “direct writing” was only possible in the shared resources of the cluster with the option marked “Continuous Availability.” In addition, version 3 of the SMB protocol and at least Windows Server 2012 were required. But with Windows Server 2019 and Windows 10 v.1809 you can now force the “direct write” from the client side.

Tip: To quickly check the version of your Windows Server (or Windows 10), run the winver command in either cmd or PowerShell.

When to use it?

This option can be used when we know for sure that the file that we’re going to write doesn’t exist at the destination yet and is of a considerable size. For example, it’ll be much faster for a backup software to write a backup file via SMB connection with “WriteThrough” parameter, avoiding the operating system’s cache.

How to enable the SMB WriteThrough connection

As previously noted, SMB connections are made from the SMB client, so to enable this, we would need to do the following.

WriteThrough with CMD

Execute the Net Use command to see the new WRITETHROUGH parameter:

Net Use Servershare /WriteThrough

If you want to assign a drive letter, execute:

Net Use (Drive letter): Servershare /WriteThrough

Connection example:

– Destination SMB Server: SYSADMIT-PC1

– Destination SMB Shared folder: SYSADMIT-Share

– Network unit: None

Example command would look like:

Net Use SYSADMIT-PC1SYSADMIT-Share /WRITETHROUGH

WriteThrough with PowerShell

The equivalent to the Net Use command in PowerShell is the New-SmbMapping cmdlet. It also allows us to make SMB connections without caching using the UseWriteThrough parameter.

Example:

– Destination SMB Server: SYSADMIT-PC1

– Destination SMB Shared folder: SYSADMIT-Share

– Network unit: S:

Example command would look like:

New-SmbMapping -LocalPath ‘S:’ -RemotePath ‘SYSADMIT-PC1SYSADMIT-Share’ -UseWriteThrough $True

Conclusion

As you see, it’s pretty easy to utilize the WriteThrough ability with a few short commands. What’s important is to understand when it’s a good idea to use it since in most cases using the cache is fine. But in certain scenarios like creating new large files at the destination, we would benefit going around the SMB’s cache.

The post When to use SMB WriteThrough in Windows Server 2019 appeared first on Veeam Software Official Blog.


When to use SMB WriteThrough in Windows Server 2019

How to enable MFA for Office 365

Source: Veeam

Starting from the recently released version 3, Veeam Backup for Microsoft Office 365 allows for retrieving your cloud data in a more secure way by leveraging modern authentication. For backup and restores, you can now use service accounts enabled for multi-factor authentication (MFA). In this article, you will learn how it works and how to set up things quickly.

How does it work?

For modern authentication in Office 365, Veeam Backup for Microsoft Office 365 leverages two different accounts: an Azure Active Directory custom application and a service account enabled for MFA. An application, which you must register in your Azure Active Directory portal in advance, will allow Veeam Backup for Microsoft Office 365 to access Microsoft Graph API and retrieve your Microsoft Office 365 organizations’ data. A service account will be used to connect to EWS and PowerShell services.

Correspondingly, when adding an organization to the Veeam Backup for Microsoft Office 365 scope, you will need to provide two sets of credentials: your Azure Active Directory application ID with either an application secret or application certificate and your services account name with its app password:

Can I disable all basic authentication protocols in my Office 365 organization?

While Veeam Backup for Microsoft Office 365 v3 fully supports modern authentication, it has to fill in the existing gaps in Office 365 API support by utilizing a few basic authentication protocols.

First, for Exchange Online PowerShell, the AllowBasicAuthPowershell protocol must be enabled for your Veeam service account in order to get the correct information on licensed users, users’ mailboxes, and so on. Note that it can be applied on a per-user basis and you don’t need to enable it for your entire organization but for Veeam accounts only, thus minimizing the footprint for a possible security breach.

Another Exchange Online PowerShell authentication protocol you need to pay attention to is the AllowBasicAuthWebServices. You can disable it within your Office 365 organization for all users — Veeam Backup for Microsoft Office 365 can make do without it. Note though, that in this case, you will need to use application certificate instead of application secret when adding your organization to Veeam Backup for Microsoft Office 365.

And last but not the least, to be able to protect text, images, files, video, dynamic content and more added to your SharePoint Online modern site pages, Veeam Backup for Microsoft Office 365 requires LegacyAuthProtocolsEnabled to be set to $True. This basic authentication protocol takes effect for all your SharePoint Online organization, but it is required to work with certain specific services, such as ASMX.

How can I get my application ID, application secret and application certificate?

Application credentials, such as an application ID, application secret and application certificate, become available on the Office 365 Azure Active Directory portal upon registering a new application in the Azure Active Directory.

To register a new application, sign into the Microsoft 365 Admin Center with your Global Administrator, Application Administrator or Cloud Application Administrator account and go to the Azure Active Directory admin center. Select New application registration under the App registrations section:

 

Add the app name, select Web app/API application type, add a sign-on URL (this can be any custom URL) and click Create:

 

Your application ID is now available in the app settings, but there’re a few more steps to take to complete your app configuration. Next, you need to grant your new application the required permissions. Select Settings on the application’s main registration page, go to the Required permissions and click Add:

 

In the Select an API section, select Microsoft Graph:

 

Then click Select permissions and select Read all groups and Read directory data:

Note that if you want to use application certificate instead of application secret, you must additionally select the following API and corresponding permissions when registering a new application:

  • Microsoft Exchange Online API access with Use Exchange Web Services with full access to all mailboxes’ permissions
  • Microsoft SharePoint Online API access with Have full control of all site collections permissions

To complete granting permissions, you need to grant administrator consent. Select your new app from the list in the App registrations (Preview) section, go to API Permissions and click Grant admin consent for <tenant name>. Click Yes to confirm granting permissions:

 

Now your app is all set and you can generate an application secret and/or application certificate. Both are managed on the same page. Select your app from the list in the App registrations (Preview) section, click Certificates & secrets and select New client secret to create a new application secret or select Upload certificate to add a new application certificate:

 

For application secret, you will need to add secret description and its expiration period. Once it’s created, copy its value, for example, to Notepad, as it won’t be displayed again:

How can I get my app password?

If you already have a user account enabled for MFA for Office 365 and granted with all the roles and permissions required by Veeam Backup for Microsoft Office 365, you can create a new app password the following way:

  • Sign into the Office 365 with this account and pass additional security verification. Go to user’s settings and click Your app settings:
  • You will be redirected to https://portal.office.com/account, where you need to navigate to Security & privacy and select Create and manage app passwords:
  • Create a new app password and copy it, for example, to Notepad. Note that the same app password can be used for multiple apps or a new unique app password can be created for each app.

What’s next?

Now you have all the credentials to start protecting your Office 365 data. When adding an Office 365 organization to the Veeam Backup for Microsoft Office 365 scope, make sure you select the correct deployment type (which is ‘Microsoft Office 365’) and the correct authentication method (which in our case is Modern authentication). Keep in mind that with v3, you can choose to use the same or different credentials for Exchange Online and SharePoint Online (together with OneDrive for Business). If you want to use separate custom applications for Exchange Online and SharePoint Online, don’t forget to register both in advance in a similar way as described in this article.

The post How to enable MFA for Office 365 appeared first on Veeam Software Official Blog.


How to enable MFA for Office 365

Veeam is presenting at Cloud Field Day 5

Source: Veeam

Today is Cloud Field Day 5, and Veeam will be presenting at 8.30am PST.

Cloud Field Day bring together innovative IT product vendors and independent thought leaders to share information and opinions in a presentation and discussion format. Independent bloggers, speakers, freelance writers, and podcasters have a public presence that has immense influence on the ways that products and companies are perceived by IT practitioners.

During this two hour session Anthony Spiteri, David Hill and Michael Cade will be discussing Veeam’s innovative integration with Public Cloud and Service Providers, and will be showcasing Veeam’s flagship features around Cloud Mobility, instant restore and other great features and capabilities.

Tune in and watch the live stream here

Cloud Field Day has brought together a number of key delegates from the virtualization and cloud community.  It is truly an interactive and informative session.  For more information on the Cloud Field Day delegates click here.

To interact and chat with the presenters during the presentation, follow the links below for twitter information.

Presenters

 

The post Veeam is presenting at Cloud Field Day 5 appeared first on Veeam Software Official Blog.


Veeam is presenting at Cloud Field Day 5

How to limit egress costs within AWS and Azure

Source: Veeam

With Update 4’s exciting new cloud features, there are settings within AWS and Azure that you should familiarize yourself with to help negate some of the egress traffic costs, as well as help with security.

Right now, let’s talk about the scenarios where:

  • You are backing up Azure/AWS instances, utilizing Veeam Backup & Replication with a Veeam Agent, while utilizing Capacity Tier all inside of AWS/Azure
  • You have a SOBR instance in AWS/Azure and utilize Capacity Tier
  • When N2WS backup and recovery/Veeam Availability for AWS performs a copy to Amazon S3
  • If Veeam is deployed within AWS/Azure and you perform a DR2EC2 without a proxy or DR2MA

In AWS, by default, all traffic written into S3 from a resource within a VPC, like an EC2 instance, face egress costs for all these scenarios listed above. By default, when we archive data into S3 or do a disaster recovery to EC2, where Veeam uploads the virtual disk into S3, so AWS can convert to Elastic Block Store (EBS) volumes (AWS VMimport), we face an egress charge per GB. There is the option to utilize a NAT gateway/instance, but again there is a price associated with that as well.

Thankfully, there is an option that you could enable, which is basically the “don’t charge me egress!” button. That feature is called VPC Endpoints for AWS and VNet Service Endpoints for Azure.

Limit AWS egress costs

As stated by AWS:

“A VPC Endpoint enables you to privately connect your VPC to supported AWS services and VPC Endpoint services powered by PrivateLink without requiring an internet gateway, NAT device, VPN connection, or AWS Direct Connect connection. Instances in your VPC do not require public IP addresses to communicate with resources in the service. Traffic between your VPC and the other service does not leave the Amazon network”.

You simply enable VPC Endpoints for your S3 service within that VPC and you will no longer face egress cost when an EC2 instance is traversing data into S3. This is because the EC2 instance doesn’t need a public IP, internet gateway or NAT device to send data to S3.

 

Now that you enabled the VPC Endpoint, I highly recommend that you create a bucket policy to specify which VPCs or external IP addresses can access the S3 bucket.

Limit Azure egress costs

Azure handles the egress costs from their instances into Blob in the same manner AWS does, but with Azure the nomenclature is different, they use VNets instead of VPCs and they too have a feature that can be enabled at the VNet level: VNet Service Endpoints.

As stated by Microsoft Azure:

“Virtual Network (VNet) service endpoints extend your virtual network private address space and the identity of your VNet to the Azure services, over a direct connection. Endpoints allow you to secure your critical Azure service resources to only your virtual networks. Traffic from your VNet to the Azure service always remains on the Microsoft Azure backbone network.”

 

With Azure, you can then setup a firewall within the storage account to limit internet access to that resource.

Again, this is for instances hosted within a VNet or VPC talking to their respected object storage within the same region, not on-premises to an S3/Azure storage account.

 

References:

The post How to limit egress costs within AWS and Azure appeared first on Veeam Software Official Blog.


How to limit egress costs within AWS and Azure

Disaster recovery plan documentation with Veeam Availability Orchestrator

Source: Veeam

Without a doubt, the automated reporting engine in Veeam Availability Orchestrator and the disaster recovery plan documentation it produces are among its most powerful capabilities. They’re something we’ve had a lot of overwhelmingly positive feedback from customers that benefit from them, and I feel that sharing some more insights into what these documents are capable of will help you understand how you can benefit from them, too.

Imagine coming in to work on a Monday morning to an email containing an attachment that tells you that your entire disaster recovery plan was tested over the weekend without you so much as lifting a finger. Not only does that attachment confirm that your disaster recovery plan has been tested, but it tells you what was tested, how it was tested, how long the test took, and what the outcome of the test was. If it was a success, great! You’re ready to take on disaster if it decides to strike today. If it failed, you’ll know what failed, why it failed, and where to start fixing things. The document that details this for you is what we call a “test execution report,” but that is just one of four fully-automated documentation types that Veeam Availability Orchestrator can put in your possession.

Definition report

As soon as your first failover plan is created within Veeam Availability Orchestrator, you’ll be able to produce the plan definition report. This report provides an in-depth view into your entire disaster recovery plan’s configuration, as well as its components. This includes the groups of VMs included in that plan, the steps that will be taken to recover those VMs, and the applications they support in the event of a disaster, as well as any other necessary parameters. This information makes this report great for auditors and management, and can be used to obtain sign-off from application owners who need to verify the plan’s configuration.

Readiness check report

Veeam Availability Orchestrator contains many testing options, one of which we call a readiness check, a great sanity check that is so lightweight that it can be performed at any time. This test completes incredibly quickly and has zero impact on your environment’s performance, either in production or at the disaster recovery site. The resulting report documents the outcome of this test’s steps, including if the replica VMs are detected and prepared for failover, the desired RPO is currently met, the VMware vCenter server and Veeam Backup & Replication server are online and available, the required credentials are provided, and that the required failover plan steps and parameters have been configured.

Test execution report

Test execution reports are generated upon the completion of a test of the disaster recovery plan, powered by enhanced Veeam DataLabs that have been orchestrated and automated by Veeam Availability Orchestrator. This testing runs through every step identified in the plan as if it were a real-world scenario and documents in detail everything you could possibly want to know. This makes it ideal for evaluating the disaster recovery plan, proactively troubleshooting errors, and identifying areas that can be improved upon.

Execution report

This report is exactly the same as the test execution report but is only produced after the execution of a real-world failover.

Now that we understand the different types of reports and documentation available in Veeam Availability Orchestrator, I wanted to highlight some of the key features for you that will make them such an invaluable tool for your disaster recovery strategy.

Automation

All four reports are automatically created, updated and published based on your preferences and needs. They can be scheduled to complete at any frequency you see fit – daily, weekly, monthly, etc., but are also available on-demand with a single-click. This means that if management or an auditor ever wants the latest, you can hand them real-time, up-to-date documentation without the laborious, time-consuming and error-prone edits. You can even automate this step if you like by subscribing specific stakeholders or mailboxes to the reports relevant to them.

Customization

All four reports available with Veeam Availability Orchestrator ship in a default template format. This template may be used as-is, however, it is recommended to clone it (as the default template is not editable) and customize to your organization’s specific needs. Customization is key, as no two organizations are alike, and neither are their disaster recovery plans. You can include anything you like in your documentation, from logos, application owners, disaster recovery stakeholders and their contact information. Even all the 24-hour food delivery services in the area for when things might go wrong, and the team needs to get through the night. You name it, you can customize and include it.

Built-in change tracking

One of the most difficult things to stay on top of with disaster recovery planning is how quickly and dramatically environments can change. In fact, uncaptured changes are one of the most common causes behind disaster recovery failure. Plan definition reports conveniently contain a section titled “plan change log” that detail any edits to the plan’s configuration, whether by automation or manual changes. This affords you the ability to track things like who changed plan settings, when it was changed, and what was changed so that you can preemptively understand if a change was made correctly or in error, and account for it before a disaster happens.

Proactive error detection

The actionable information available in both readiness check and test execution reports enable you to eradicate risk to your disaster recovery plan’s viability and reliability. By knowing what will and what will not work ahead of time (e.g. a recovery that takes too long or a VM replica that has not been powered down post-test), you’re able to identify and proactively remediate any plans errors that occur before disaster. This in turn delivers confidence to you and your organization that you will be successful in a real-world event. Luckily in the screenshot below, everything succeeded in my test.

Assuring compliance

Understanding compliance requirements laid out by your organization or an external regulatory body is one thing. Assuring that those compliance requirements have been met today and in the past when undergoing a disaster recovery audit is another, and failure to do so can be a costly repercussion. Veeam Availability Orchestrator’s reports enables you to prove that your plan can meet measures like maximum acceptable outage (MAO) or recovery point objectives (RPO), whether they’re defined by governing bodies like SOX, HIPAA, SEC, or an internal SLA regulation.

If you’d like to learn more about how Veeam Availability Orchestrator can help you meet your disaster recovery documentation needs and more, schedule a demo with your Veeam representative, or download the 30-day FREE trial today. It contains everything you need to get started, even if you’re not currently a Veeam Backup & Replication user.

The post Disaster recovery plan documentation with Veeam Availability Orchestrator appeared first on Veeam Software Official Blog.


Disaster recovery plan documentation with Veeam Availability Orchestrator

Join us at AWS Summits!

Source: Veeam

Veeam is excited to be a Global Diamond Sponsor at all 39 AWS Summits around the world, participating jointly with N2WS, our top-rated AWS backup and DR solution. These events are a great opportunity for organizations not only to learn about the latest innovations in areas like cloud mobility, data retention, and disaster recovery, but also to engage with the AWS community and exchange the latest best practices around the cloud. Check here for the latest schedule of AWS Summits — they’re free events so there’s no excuse not to attend!

What you’ll see from Veeam and N2WS at AWS Summits

Veeam will showcase our latest cloud solutions at all AWS Summits through live demos, sponsored sessions, theater sessions, and meetings with our experts. This will include deep dives on:

  • Veeam Availability Suite 9.5 Update 4: Introduced earlier this year, this product unveils several major cloud capabilities with one of the biggest additions being Veeam Cloud Tier. Cloud Tier provides unlimited capacity for long-term data retention by using native, cost-effective object storage integrations with Amazon S3 and other public clouds. Another great feature of Update 4 is Veeam Cloud Mobility, providing easy portability and recovery of any on-premises or cloud-based workloads to AWS and other public clouds.
  • Veeam Availability for AWS: This new solution combines the market-leading N2WS cloud-native backup and recovery of AWS workloads with the ability to consolidate the backup data in a central Veeam repository. This enables customers to reliably move data to and holistically manage across multi-cloud environments. It also mitigates the risk of losing access to cloud applications and ensures protection of AWS data against accidental deletion, loss of AWS account access, data-level security threats and outages.
  • N2WS Backup & Recovery: A cloud-native backup tool built specifically for AWS, this point solution gives customers the ability to automatically back up AWS data as often as needed and recover it far more quickly than with traditional on-premises backup solutions, simplifying workloads and saving time and resources.

While the cloud delivers significant business benefits, based on the AWS shared responsibility model, businesses must still take direct action to guard data and enable business continuity in the event of an outage or disaster. Veeam’s solutions and its expanding partnership with AWS enable businesses to achieve this goal and take ownership of their cloud data.

Are you attending an AWS Summit? Join us at the Veeam N2WS booth and let’s talk cloud data protection!

If you cannot make it to AWS Summits this year, check out our multi-cloud demos online.

The post Join us at AWS Summits! appeared first on Veeam Software Official Blog.


Join us at AWS Summits!

What’s new in v3 of Veeam’s Office 365 backup

Source: Veeam

It is no secret anymore, you need a backup for Microsoft Office 365! While Microsoft is responsible for the infrastructure and its availability, you are responsible for the data as it is your data. And to fully protect it, you need a backup. It is the individual company’s responsibility to be in control of their data and meet the needs of compliance and legal requirements. In addition to having an extra copy of your data in case of accidental deletion, here are five more reasons WHY you need a backup.

With that quick overview out of the way, let’s dive straight into the new features.

Increased backup speeds from minutes to seconds

With the release of Veeam Backup for Microsoft Office 365 v2, Veeam added support for protecting SharePoint and OneDrive for Business data. Now with v3, we are improving the backup speed of SharePoint Online and OneDrive for Business incremental backups by integrating with the native Change API for Microsoft Office 365. By doing so, this speeds up backup times up to 30 times which is a huge game changer! The feedback we have seen so far is amazing and we are convinced you will see the difference as well.

Improved security with multi-factor authentication support

Multi-factor authentication is an extra layer of security with multiple verification methods for an Office 365 user account. As multi-factor authentication is the baseline security policy for Azure Active Directory and Office 365, Veeam Backup for Microsoft Office 365 v3 adds support for it.

This capability allows Veeam Backup for Microsoft Office 365 v3 to connect to Office 365 securely by leveraging a custom application in Azure Active Directory along with MFA-enabled service account with its app password to create secure backups.

From a restore point of view, this will also allow you to perform secure restores to Office 365.

Veeam Backup for Microsoft Office 365 v3 will still support basic authentication, however, using multi-factor authentication is advised.

Enhanced visibility

By adding Office 365 data protection reports, Veeam Backup for Microsoft Office 365 will allow you to identify unprotected Office 365 user mailboxes as well as manage license and storage usage. Three reports are available via the GUI (as well as PowerShell and RESTful API).

License Overview report gives insight in your license usage. It shows detailed information on licenses used for each protected user within the organization. As a Service Provider, you will be able to identify the top five tenants by license usage and bring the license consumption under control.

Storage Consumption report shows how much storage is consumed by the repositories of the selected organization. It will give insight on the top-consuming repositories and assist you with daily change rate and growth of your Office 365 backup data per repository.

 

Mailbox Protection report shows information on all protected and unprotected mailboxes helping you maintain visibility of all your business-critical Office 365 mailboxes. As a Service Provider, you will especially benefit from the flexibility of generating this report either for all tenant organizations in the scope or a selected tenant organization only.

Simplified management for larger environments

Microsoft’s Extensible Storage Engine has a file size limit of 64 TB per year. The workaround for this, for larger environments, was to create multiple repositories. Starting with v3, this limitation and the manual workaround is eliminated! Veeam’s storage repositories are intelligent enough to know when you are about to hit a file size limit, and automatically scale out the repository, eliminating this file size limit issue. The extra databases will be easy to identify by their numerical order, should you need it:

Flexible retention options

Another top question is about the used retention type. The default retention type can best be seen as an “item-level” backup method when Veeam Backup for Microsoft Office 365 backs up and stores the data modified between now and the defined retention period. To give a simple example, if the retention period is set to 5 years, everything between today and 5 years ago will be protected. In tomorrow’s backup, it will add data modified or added within this day and remove the oldest data which modification date falls out of the specified retention period.

The described retention behavior perfectly meets the needs of companies who don’t want to store more data than their internal policy requires. But those who have already been using Veeam’s flagship solutions for years found this confusing, as they are used to the full and forever incremental backup approach.

We listened to your feedback! Starting with Veeam Backup for Microsoft Office 365 v3, you can leverage the similar “snapshot-based” retention type. Within the configuration of the repository, there are two options now to choose from: Item-level retention and Snapshot-based retention.

Based upon the choice, backup jobs pointing to this repository will apply the retention type. This is a global setting per repository. Also note that once you set your retention option, you will not be able to change it.

Other enhancements

As Microsoft released new major versions for both Exchange and SharePoint, we have added support for Exchange and SharePoint 2019.

We have made a change to the interface and now support internet proxies. This was already possible in previous versions by leveraging a change to the XML configuration, however, starting from Veeam Backup for Microsoft Office 365 v3, it is now an option within the GUI. As an extra, you can even configure an internet proxy per any of your Veeam Backup for Microsoft Office 365 remote proxies.  All of these new options are also available via PowerShell and the RESTful API for all the automation lovers out there.

On the point of license capabilities, we have added two new options as well:

  • Revoking an unneeded license is now available via PowerShell
  • Service Providers can gather license and repository information per tenant via PowerShell and the RESTful API and create custom reports

To keep a clean view on the Veeam Backup for Microsoft Office 365 console, Service Providers can now give organizations a custom name.

Based upon feature requests, starting with Veeam Backup for Microsoft Office 365 v3, it is possible to exclude or include specific OneDrive for Business folders per job. This feature is available via PowerShell or RESTful API.

Go to the What’s New page for a full list of all the new capabilities in Veeam Backup for Microsoft Office 365.

Time to start testing?

There’s no better time than the present for you to get your hands-on Office 365 backup. Download Veeam Backup for Microsoft Office 365 v3, or try Community Edition FREE forever for up to 10 users and 1 TB of SharePoint data.

The post What’s new in v3 of Veeam’s Office 365 backup appeared first on Veeam Software Official Blog.


What’s new in v3 of Veeam’s Office 365 backup

Centralized managed backup with Veeam Availability Console v3

Source: Veeam

Existing challenges of delivering managed backup solutions

Having worked in the cloud and managed services space before joining Veeam, and now working directly with our own VCSP partners, I understand the challenges that come with providing a managed backup service to customers.  Having one platform that encompasses the ability to provide visibility, management and automation as well as self-service is something that most service providers, whether they offer a full managed offering or provide IaaS desire.

When it comes to customers using Veeam Backup & Replication for business-critical backup and data availability services whether it be a single site or across multiple sites, having a centralized system to log into and get an overview of the current state of their backups while being able to action jobs and report on is something also desired.  For cloud and managed service providers that operate a channel or reseller program, allocating access and allowing granular control to their own partners who in turn can manage their own customers is something that is invaluable and also something that has been requested for a long time.

Evolving the managed backup portal

When Veeam first released the Managed Backup Portal as a hosted offering on Azure for our partners back in 2016, the problem that was being solved was around the management and visibility of on-premises customer Veeam Backup & Replication installations. As mentioned above, one of the biggest issues any managed service provider has is the ability to have a single console to gather information and manage client services. The Managed Backup Portal was Veeam’s way to dip our toes in the water and begin to understand what our VCSP partners really wanted from a central management and monitoring platform.

When Veeam Availability Console v2 was released as the successor to the Managed Backup Portal Veeam added core functionality around Veeam Agent for Microsoft Windows deployment and management as well as enhancing the monitoring of remote customer Backup & Replication servers. When Update 1 for v2 was released last year the platform had evolved further with added features and enhancements around visibility for Linux Agents and new granular user roles… however there were still key features that our VCSP partners were after.

Introducing Veeam Availability Console v3

With the release of Veeam Availability Console v3, we have taken huge strides in delivering to VCSP partners a console that acts as the central place to manage all aspects of their backup offerings. Not only does it build on the previous releases, but also looks to place VAC as a critical component of any Veeam-powered service provider offering.

Key new features and enhancements:

  • Reseller Role for more granular access and control
  • Enhanced licensing management and rental usage reporting
  • Support for Veeam Instance Licensing
  • Multiple Cloud Connect server support
  • Enhanced RESTful APIs

This release also delivers full support for all recently shipping Veeam products including Veeam Backup & Replication 9.5 Update 4 (Including Cloud Connect enhancements and vCloud Director support and integration) as well as Veeam Agent for Microsoft Windows 3.0 and the new ability to create multiple jobs. There are also enhancements to support, Windows Event Logging and notifications while also increasing security.

Reseller role

The new reseller role allows providers that have partners or that are running channel programs to offer their partners access to an out-of-the-box console. This console, that can be rebranded for each reseller, has pre-built functionality that allows the reseller to manage customers as well as taking advantage of the new features shipped with v3.

Resellers maintain full visibility of their customers while still being able to control backup and replication jobs, deploy agents and perform aggregated license management and reporting. Granular roles and permissions allow for greater flexibility of customer management with the ability to now map resellers to Site Scopes, which is a new feature in v3 that sets the level of access and ties it to one or more Cloud Connect server installations.

License management and rental usage reporting

The new Usage Reports section provides enhanced reporting for on-premises Veeam Backup & Replication servers, Veeam Agents and for Veeam Cloud Connect services. Important for VCSP partners is the new Cloud Connect usage reporting which provides a detailed report of all Cloud Connect licenses and breaks it down on a per tenant level as well allowing for easier end of month billing and license reporting.

License usage can be managed from the console (or via the RESTful API) which now offers the ability to install, delete or update the license key of the remote Backup & Replication servers, Cloud Connect servers, as well as force Auto Update of the license key for the selected server. Another significant enhancement is that VCSPs no longer require customers to enable the “Allow Remote Management” checkbox while configuring a service provider at the remote site to enable license reporting. Something which is significant for those cloud service providers who may not offer managed services.

Scalability and automation enhancements

Previously, Veeam Availability Console had the ability to connect to only one Cloud Connect Server instance. This meant that VCSPs were required to pair one VAC instance to a Cloud Connect instance. Larger providers that have multiple zones had to deploy the Veeam Availability Console plus Cloud Connect paring in each zone. Based on internal lab testing, VAC v3 has the ability to add up to 50 Cloud Connect servers (number can vary depending on the infrastructure setup) under the one VAC server.

This adds the ability to see the entire Cloud Connect infrastructure from a single console while supporting the ability to scale-out a single instance of VAC to cover all tenants and services under management. Not only does it add the ability to expand locally, but now VCSP partners can have GEO locations as sites all managed under the same portal login.

Automation through the RESTful API continues to be enhanced with a number of added API calls, expanding the existing set with greater ability around configuration, billing and backup management, while adding requests for customer and reseller management, license management, alarms and more. As with previous released of Veeam Availability Console , this is all easily consumable via the Swagger UI.

Conclusion

Combining all this in a managed services platform ticks all the boxes for service providers offering managed backup services of all types and allows complete control, manageability, reporting as well as offering scalability of service. With the release of Veeam Availability Console v3, all Veeam Cloud & Service Providers should have this installed into their environments to act as the central mechanism for visibility, management and control as well as the source of truth for license management and reporting.

The post Centralized managed backup with Veeam Availability Console v3 appeared first on Veeam Software Official Blog.


Centralized managed backup with Veeam Availability Console v3

New features of the redesigned Veeam ONE: Business View

Source: Veeam

Veeam ONE Business View has been redesigned to improve usability, making it easier to create categories and groups. This allows you to gain business insight across your entire IT environment. One of the many benefits of using Business View is that it allows your environment to become simple to manage and digest from a non-technical perspective. With its recent update, Business View is now accessible within the Veeam ONE Monitor. This enhances Veeam ONE Monitor to be the single tool for performance monitoring, alarms and categorization.

New categorization methods

In previous versions, creating Business View categories and groups could be confusing and complicated. This has all changed with the newest update, allowing you to engage your infrastructure fully to gather insight into how business investments are being leveraged. If you were using Business View before, the categorization that was defined previously will remain after the update and so will all main Business View features. The main difference is really *how* categorization and grouping is achieved and where it is done. You will notice there is no longer a separate component that needs to be opened to start using Business View, you can now do it right through the Veeam ONE Monitor. This is where you find a dedicated tab for Business View that allows you to start creating groups and categories. In previous versions, this tab was available but lacked the functionality Business View 2.0 brings to the table.


Figure 1: Business View categorization

 

With just a right click on Business View you can add categories to your environment. You can choose the category type, whether by VM, Host, Cluster, Storage or Computer. If you are new to Veeam ONE Business View, think of a category as a logical unit consisting of one or more groups. Business View categories can be seen as an overarching business unit that contains multiple, separate departments using different IT resources.

Once you have chosen a type, you will be able to select a Categorization Method. The methods available are:

  • Single parameter
  • Multiple conditions
  • Grouping expression


Figure 2: Choosing the Categorization Method

 

Single parameter allows you to choose a single property on which to base the group. This method is the easiest and fastest way to categorize objects to groups. When creating a Single parameter category, depending on the property you choose, Business View will create different groups based on the defined parameter. For example, if you choose to categorize by network, Business View will automatically sort your VMs by the network they reside on, creating multiple groups based on their network and all under the same category you just created.

In the example, we defined the business view groups only by the network the machines reside on, but what if we want the groups in the category to be defined by multiple conditions? The Multiple conditions method allows you to create multiple groups based on several conditions under the same category. This method allows you to not only base your groups on network, but we can add multiple conditions to the group to define it even further to fit our needs.


Figure 3: Multiple Conditions Method

 

In this example, the category we want to create needs to include groups that are defined by the network the machine resides on and by name of the machine. In the figure above, you can see in one of the groups we want it to include only machines running in the production environment. The other group we want to define to only include lab or test VMs.


Figure 4: Grouping Conditions

 

Business View gives you many different properties on which to base your groups. Figure 4 shows some of the properties available in Business View. In this example, we have decided to base the grouping criteria on network and name of machine. Once you have defined one group, you can add the next group and define it by different conditions. Business View also now supports multiple cardinality. This means one machine can be a part of multiple Business View groups within one category.

The third and last categorization method you can use is Grouping expression. Grouping expressions find objects that share common properties. When using this method, Veeam ONE will create a set of groups and include objects that are defined in the expression. This was available in previous versions of Business View, so if you feel comfortable with this and have used it before, it remains an option in this update.

Before you exit the wizard, you can decide if you want to set the Group Owner to receive email alerts based on the specific business group that was created. This allows you to assign an owner to each group of categorized objects. Group owners receive customized notifications based on their assigned Business View groups. To finish setting up this feature, you will also need to configure alarm notifications so Veeam ONE knows where to deliver messages. This is set under the “Notifications” tab of the alarm settings. For instance, you can set the alarms to notify the Business View group owner that a VM was not protected for the last 12 hours, and if the alarm is not resolved, notify the global admin that the VM still wasn’t protected for the last 24 hours.


Figure 5: Setting Group Admin

 

Business View 2.0 allows you to categorize computers protected by the Veeam Agents as well. Within the Business View tab, there is a new section, Computers. Just follow the same prompts that were discussed previously in this post, and under Category, select Computers. When you get to the point where you need to define grouping criteria, it will automatically filter in agent-based properties as criteria, such as, for example, Protection groups, Backup server, Cluster, and more. If you want to learn more about the new agent monitoring and reporting features, be sure to read this blog post.

A great tool for service providers!

If you are a service provider and using Veeam ONE, Business View 2.0 allows you to improve your client management and allow for better visibility through Business View groups. Service providers can categorize their environment to align to tiered capacity plans and chargeback. Service providers can utilize Business View to synchronize Business View groups with vSphere and Hyper-V tags. This can also synchronize the creation of tags based on Veeam ONE categorization. This allows service providers to improve client management and visibility. To extend this functionality, Veeam ONE can also assign the group owner role to the groups you create to allow for notifications to be sent to designated admins, which are based on the groups you created.


Figure 6: Setting up the Notifications

A simplified, easier Business View

Business View has always been one of the three main components of Veeam ONE, but often under-utilized due to its perceived complexities. With Update 4, Business View is embedded within Veeam ONE Monitor, so you no longer need to open a different user interface to start categorizing and grouping your environment. The restructured Business View has made categorizing as simple as a few clicks of a wizard, whether by single or multiple parameters. It also has the power to assign Microsoft Hyper-V and VMware vSphere tags based on categories users create to enhance the manageability of virtual environments. Take advantage of Business View categorization today with the improved performance and visibility of Veeam ONE Business View 2.0.

The post New features of the redesigned Veeam ONE: Business View appeared first on Veeam Software Official Blog.


New features of the redesigned Veeam ONE: Business View

Veeam Backup & Replication Community Edition: Our latest gift to the community

Source: Veeam

TL;DR

The NEW Veeam Backup & Replication Community Edition is the must-have, FREE solution that provides host-based backup and replication for VMware, Hyper-V and AHV; as well as an agent-based backup solution for Windows and Linux workstations and servers – whether they are physical computers or running in the public cloud. It offers a tremendous set of capabilities and is significantly more powerful than its predecessor (Veeam Backup Free Edition) or any other free backup product on the market. In fact, it is even more powerful than several paid backup solutions offered by other vendors. This is our gift to you and there are no strings attached — you are free to utilize the Community Edition any way you want — be it for your home lab, or for your critical line of business applications in case of IT budget constraints. Download your FREE copy and get started today!

What’s all the fuss about?

If you’re familiar with the history of Veeam, you know that we have always been committed to providing high-quality, functional technology to the tech community for free. It all started with Veeam FastSCP back in 2006 and continues today with many of our products offered for free to tech community members, IT professionals, and home lab users.

One product, that has been downloaded more times than any other, is the free version of Veeam’s flagship product, Veeam Backup Free Edition. To challenge the status quo, Veeam has decided to enhance this free edition with a SERIOUS upgrade. Welcome our latest free offering and gift to IT Pros — NEW Veeam Backup & Replication Community Edition. What is Veeam Backup & Replication Community Edition? Simply put, it provides users access to Veeam Backup & Replication Standard edition functionality for FREE for up to 10 VMs or a combination of VMs, physical servers or workstations. How cool is that?!

What is NEW in Veeam Backup & Replication Community Edition?

Simply put, Community Edition is the next generation of Veeam Backup Free Edition (which has now been discontinued).

Veeam Backup Free Edition was quite limited and only included 13 features. While basic functionality was available, users still lacked the ability to schedule backup jobs, utilize replication, and were only able to perform ad-hoc full backups of their VMs. Veeam Backup Free Edition also lacked support for physical computer backup.

The good news is, these days are over! Community Edition now provides ALL the features offered in our paid Standard edition (see feature list here) at no cost, with the most significant added capability being able to perform incremental backups and scheduling backup jobs without needing to use PowerShell, which historically has been seen as the biggest drawback for our Free Edition users. Next, as the difference in the name implies, Veeam Backup & Replication Community Edition provides VM replication functionality for those few, most important VMs that require the fastest restore in case of a disaster. Finally, the biggest game changer is protection for physical servers and workstations, enabling you to protect all your workloads from a single console. And best of all — it’s completely free, including for production use!

Let’s discuss some of the features that are now available for free in more detail.

Significant features for free!

The ability to schedule backups without using a PowerShell script is a great feature addition that was not available in the previous free offering. Users can now easily use the wizard to schedule their jobs to run automatically based on a defined schedule.

To achieve low recovery time objectives (RTOs) for your most critical VMs, Community Edition users gain the ability to utilize VM replication. Replication allows you to have an exact copy of the VM in a ready-to-start state. In fact, you don’t even need the backup server to be available to get those replicas going, which can be important in a site-wide disaster! Just power them on using hypervisor’s native management console.

For workloads with less strict RTO requirements, the new ability to utilize backup copy jobs is useful in helping achieve the 3-2-1 rule. The 3-2-1 rule states you should have 3 copies of backups, on 2 different media, one of which should be offsite. By being able to copy your backups locally, or to a remote site, you can be sure you’re prepared for the worst.

Application awareness is yet another key Veeam functionality included in Community Edition, offering an important technology for proper backup of enterprise applications. An application-aware backup ensures that your data is consistent and performs application-specific steps at the time of backup to ensure that the entire computer restore is performed according to the application vendor’s guidelines. In addition, Veeam Explorers for Microsoft applications (Active Directory, Exchange, SQL Server and SharePoint) offer users the ability to quickly find and recover individual application items, thus helping you avoid having to roll back the entire computer image to the latest restore point.

Community Edition also provides users the additional ability to centrally deploy and manage Veeam Agents for Microsoft Windows and Linux on any computer running in your environment, whether they are physical or cloud machines. This eliminates the need to install, set up, update and manage individual Veeam Agents on every machine. You can simply deploy the agents from the Community Edition backup console to the physical machines in your environment that you want to protect (with limits for protecting up to 10 instances – where workstations consume 1 instance and servers 3 instances each).

Free forever – unlimited VMs

So, once you exceed 10 instances, what can you do to protect the remaining VMs? While you gain Standard edition functionality with Community Edition for up to 10 VMs, you will still be able to utilize VeeamZIP for those extra VMs that don’t quite make the 10 instances ceiling. Yes, just like before, we still allow you to protect an unlimited number of VMs with VeeamZIP for free. You’re probably wondering how does this work? Once 10 instances have been consumed, you will no longer be able to utilize the extended functionality included in Standard edition and when you try to run additional backup jobs, they will fail stating that the license has been exceeded. So, be mindful and selective of the VMs you are protecting with fully featured backup jobs — make sure you use the first 10 instances for your most important VMs, which actually do require strict RPO.

And for the rest of less important VMs, you can still use VeeamZIP! If you are not familiar with VeeamZIP, it’s a simple way to take an ad-hoc backup of a VM. VeeamZIP will retrieve the VM image, compress it and store it as a full backup file (.VBK), acting as a single restore point. Note that when using this option, you don’t have an option to perform incremental backups. Also, keep in mind that at this time, VeeamZIP is supported for VMs only.

But my environment is too small for that…

We recognize that it is hard to justify installing a Community Edition backup server when you only have one or two computers to protect. Because of that, we also provide Veeam Agent for Microsoft Windows and Veeam Agent for Linux as standalone offerings – and of course, we offer completely FREE versions of these as well.

You can install these products directly on the machines you need to protect and start performing backups to any storage you have in less than 5 minutes! The only thing you lose in this case is centralized management, but if you only need to protect a couple of machines, centralized management may not be all that necessary.

Wait, there’s more FREE software!

NEW Veeam Backup & Replication Community Edition isn’t the only free product being upgraded for our community of loyal followers. Veeam ONE, our monitoring and reporting solution, also has a new Community Edition that you can download and use for free in your environment.

NEW Veeam ONE Community Edition is the next generation of the former Veeam ONE Free Edition with some major additions to its feature list. The biggest enhancement is the ability to monitor and report on your Veeam Backup & Replication infrastructure and Veeam Agents (with similar quantity limitations as New Veeam Backup & Replication Community Edition). Here’s some of the capabilities provided:

Veeam Backup & Replication monitoring & reporting

If you want to know which VMs are protected, and which are not, then our Protected VMs report from the Veeam Backup & Replication report pack is here to help. Not only does this report list all VMs that have backups within a defined recovery point objective (RPO), but it also shows which VMs lack backups. You can even review the reason why some VMs are unprotected. For example, if you provisioned a new VM and forgot to add it to the backup job, Veeam ONE will spot this and will immediately inform you about this via the Protected VMs report.


Virtual infrastructure monitoring

NEW Veeam ONE Community Edition does not have any limitations on the number of VMs you can monitor in the virtual infrastructure. This has been true with Veeam ONE Free Edition and remains the same for Community Edition, but now we give you even more features! In addition to the ability to identify performance bottlenecks in your virtual infrastructure, you can now make decisions right in the Veeam ONE UI to resolve these issues via our NEW Remediation Actions that are available to ALL Veeam ONE users. These actions can do things like automatically remove an orphaned VM snapshot or add an unprotected VM to a backup job with a single click!

As you can see, NEW Veeam ONE Community Edition together with NEW Veeam Backup & Replication Community Edition are like peanut butter and jelly!

Before you go… even more free software!

Another FREE product we recently released for production use is Veeam Backup for Microsoft Office 365 Community Edition.

If you are utilizing Office 365 and looking for a solution to protect your data, this is a must have. This FREE offering allows you to back up Exchange Online and OneDrive for Business data for 10 users, as well as 1 TB of SharePoint Online data. This is enough to protect the data for yourself and your entire executive management team — which will levitate you to hero status when they experience data loss (which is not a question of IF it will happen, but WHEN). It’s a great opportunity to protect your most important data in Office 365 from accidental deletion, security threats and retention policy gaps. Learn more here.

 

The post Veeam Backup & Replication <em>Community Edition</em>: Our latest gift to the community appeared first on Veeam Software Official Blog.


Veeam Backup & Replication Community Edition: Our latest gift to the community