VMCE11 - Student Guide
VMCE11 - Student Guide
VMCE11 - Student Guide
Student Guide
© 2021 Veeam Software. Confidential information. All rights reserved.
All trademarks are the property of their respective owners. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or
translated into any language in any form by any means, without written permission from Veeam Software Inc (Veeam). The information contained in this document
represents the current view of Veeam on the issue discussed as of the date of publication and is subject to change without notice. Veeam shall not be liable for
technical or editorial errors or omissions contained herein. Veeam makes no warranties, express or implied, in this document. Veeam may have patents, patent
applications, trademark, copyright, or other intellectual property rights covering the subject matter of this document. All other trademarks mentioned herein are the
property of their respective owners. Except as expressly provided in any written license agreement from Veeam, the furnishing of this document does not give you
any license to these patents, trademarks, copyrights, or other intellectual property.
Please read the End User Software License Agreement before using the accompanying software program(s). Using any part of the software indicates that you
accept the terms of the End User Software License Agreement.
1
Course Overview
© 2020 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
In order to print a page for hidden slides, be sure to select print hidden slides at the bottom of the Print dialog box.
Course materials
PPT with slides and built-in Facilitator Guide
Student Notebook: A copy of the slides with a space for students to take notes.
Student Guide: A copy of the slides with Veeam notes below.
2
Version Control
© 2020 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
Last update
V20210531: Release
V20210909: Content updates and corrections, minor animation updates
V20211111: Cover update
V20211124: Content updates and corrections, minor animation updates
3
1: Introduction
4
Introduction FIRST LOOK
Environmental configuration AND SETUP
Building backup capabilities
Object recovery
RESTORE
Recovery from replica STRATEGIES
Testing backup and replication
5
Overview of what can be protected 1.2
6
RPO and RTO 1.3
RTO/RPO
Describe the graphic shown on screen in, highlighting RPO and RTO
Naturally we would like both of these figures to be as close to zero as possible. What stops us having an RPO and RTO of
zero?
7
3-2-1 Rule 1.4
Three different Two different media One offsite copy Of which is: No errors after
copies of data offline air-gapped automated backup
or immutable testing and
recoverability
verification
3-2-1 rule
How many in this class today can say that they are operating in an environment that meets the 3-2-1 rule?
Use this opportunity to find out more about the different environments people are working within.
8
Backup options 1.5
SOBR
Backup
proxy 1
Backup
proxy 2
Copy
Cloud
Backup server Primary backup repository
Backup repository (VCC)
proxy 3
Copy
Backup options
The diagram shows many of the concepts we will be covering in class. As class proceeds, you can go back and reference
this slide to show and reinforce the lesson.
9
Introduction
Environmental configuration
Configuration backup
© 2021 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
In this section:
Veeam components
Deployment types
10
2.1 Veeam components
Backup server
Proxy server
Backup repository
11
Backup server 2.1.1
Backup server
The backup server is a Windows-based physical or virtual machine on which Veeam Backup & Replication is installed. It is
the core component in the backup infrastructure that fills the role of the “configuration and control center.” The backup
server performs all types of administrative activities, including:
In addition to its primary functions, a newly deployed backup server also performs the roles of the default backup proxy
and the backup repository (it manages data handling and data storing tasks).
12
Backup proxy server 2.1.2
Proxy server
A backup proxy is an architecture component that sits between the backup server and other components of the backup
infrastructure. While the backup server administers tasks, the proxy processes jobs and delivers backup traffic.
13
Gateway server 2.1.3
Gateway server
A gateway server is an auxiliary backup infrastructure component that “bridges” the backup server and backup
repository.
The gateway server is required if you deploy the following types of backup repositories in the backup infrastructure:
Shared folder backup repositories
Dell EMC Data Domain deduplicating storage appliance
HPE StoreOnce deduplicating storage appliance
14
Backup repository 2.1.4
Object storage*
A backup repository is a storage location where Veeam keeps backup files, VM copies and metadata for replicated
VMs. To configure a backup repository, you can use the following storage types:
Direct attached storage. You can add virtual and physical servers as backup repositories both Microsoft Windows servers
and Linux servers
Network attached storage. You can add CIFS (SMB) shares as backup repositories.
Deduplicating storage appliances.
Object storage. You can use cloud storage services as backup repositories.
* Let learners know that backups cannot be made directly to Object Storage
15
2.2 Deployment types
Simple deployment
Advanced deployment
Backup options (reference for knowledge check)
Data location tagging
Defining data location
16
Simple deployment 2.2.1
Veeam Backup
& Replication™
Simple deployment
So what does a simple “next next finish” deployment of Veeam Backup and Replication look like?
This diagram gives an outline to our starting point – as we progress through the course we will expand on this diagram.
17
Advanced deployment 2.2.2
Backup proxy
server
Veeam Backup
& Replication Backup server
console
Backup
repository
Advanced deployment
In large-scale virtual environments with a large number of jobs, the load on the backup server is heavy. In this case, it is
recommended that you use the advanced deployment scenario that moves the backup workload to dedicated backup
infrastructure components. The backup server here functions as a "manager" for deploying and maintaining backup
infrastructure components.
18
2.3 Global settings and job
filter view
19
Global Settings 2.3.1
The global network traffic can be used for three key settings:
• Enforcing in-flight encryption of networking traffic (enabled by default for non-private IP ranges)
• Throttling network traffic (can be scheduled)
• Preferred networks (used to control which network two Veeam Data Mover services will use to communicate if they
both have that network in common)
20
Job filter-based views 2.3.2
A job filter allows you to filter jobs by different parameters. For example, you can create a filter that will show only VM
backup copy jobs.
To show jobs that include any of the specified keywords, separate these keywords by a semicolon without a space. For
example, if you enter "Backup Job;Daily", Veeam Backup & Replication will show all jobs that include "Backup
Job" or "Daily" keywords in their names.
NOTE:
Only the user who creates filters can access them — that is, other users cannot use these filters.
https://helpcenter.veeam.com/docs/backup/vsphere/job_filter.html?ver=110
21
2.4 Data location tagging
22
Data location tagging 2.4.1
Geographical region
Country
To control data migration in the virtual infrastructure, Veeam Backup & Replication introduces a notion of location. A
location defines a geographical region, or country, in which an infrastructure object resides. You can create a list of
locations and assign to backup infrastructure objects information about locations to which they belong.
Veeam Backup & Replication allows you to assign information about locations to the following infrastructure objects:
23
Defining data location tagging 2.4.2
objects
Useful for GDPR compliance
Location tags are used to prevent accidental errors when configuring backup and replication jobs or performing out-of-
place restores, by issuing a warning when an action may result in a data sovereignty violation and producing audit trails
whenever such action is confirmed.
Information about infrastructure object’s location is stored in the Veeam Backup & Replication configuration database.
When VM data in the virtual infrastructure migrate from one location to another, Veeam Backup & Replication displays a
warning and stores a record about data migration to job or task session details. In addition to
it, Veeam Backup & Replication logs this information to Microsoft Windows event logs. For example, if you back up VMs
from a host that resides in Germany to a backup repository that resides in Australia, Veeam Backup & Replication will
display a warning that VM data changes its location in the backup job wizard, display information about data migration in
the backup job session details and log it to Microsoft Windows event logs.
24
Introduction
Environmental configuration
MODULE 3: Building backup capabilities
Configuration backup
© 2021 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
25
3.1 VM backup
26
Virtual machine backups 3.1.1
How?
Image-level backups using hypervisor-level snapshots are processed by the Veeam Data Movers.
Consistency?
Crash-consistent backups or application consistent backups are possible.
Limitations?
Certain hypervisor features can prevent snapshots, which will prevent image-level backups.
Latency sensitive servers. Such virtual machines can be protected using a Veeam Agent instead.
Examples of vSphere features that can prevent snapshots: Physical raw device mappings, SCSI bus sharing (shared VMDK),
independent mode virtual disk.
If a snapshot cannot be made by Veeam, try creating it manually. It may be required to involve for example VMware
support if manual snapshots cannot be created.
To create a VM snapshot, the VM is “stunned” in order to (i) serialize device state to disk, and (ii) close the current
running disk and create a snapshot point. The process is the same for both Windows and Linux. However with VSS
integration for Windows guests, this may cause an increase in file system operations, and so it may take longer to
complete a “stun” operation in these guests.
27
Backup architecture - Data movers 3.1.2
Backup
server
Veeam
Data Mover
Service
Veeam
Data Mover
Service
Source host
Repository server
Backup proxy
In it’s simplest form Veeam Backup & Replication uses the following components for the backup process:
All backup infrastructure components engaged in the job make up a data pipe. The source host and backup repository
produce two terminal points for the dataflow. Veeam Backup & Replication processes VM data in multiple cycles, moving
VM data over the data pipe block by block.
Veeam Backup & Replication collects VM data, transforms and transports it to target with the help of Veeam Data
Movers. Veeam Backup & Replication uses two-service architecture — one Veeam Data Mover controls interaction with
the source host, and the other one controls interaction with the backup repository. The Veeam data movers
communicate with each other and maintain a stable connection.
To back up to a Microsoft Windows or Linux backup repository in the local site, you need to deploy a backup proxy on a
machine that has access to the source datastore, and point the backup job to this backup proxy. In this scenario, the
source-side Veeam Data Mover is started on the backup proxy, and the target-side Veeam data mover is started on the
Microsoft Windows or Linux repository. VM data is sent from the backup proxy to the backup repository over the LAN.
To back up to a shared folder in the local site, you need to deploy a gateway server that has access to the shared folder
backup repository. You can use the same Microsoft Windows machine as the backup proxy and gateway server for SMB.
In this scenario, Veeam Backup & Replication starts the source-side and target-side Veeam data movers on the same
machine, and sends VM data from the backup proxy to the shared folder backup repository over the LAN.
28
Guest processing/interaction 3.1.3
Why?
Certain capabilities such as application consistency or indexing will require execution inside the virtual machine.
Capabilities?
Application/transactionally consistency through VSS or custom pre-freeze and post-thaw scripts
Transaction log backup (Microsoft SQL Server and Oracle)
File system indexing
How?
Credentials must be provided in order to inject a runtime (and custom scripts if used) into the virtual machine. The
runtime is pushed out from what is known as a Guest Interaction Proxy or can optionally be installed on each virtual
machine (persistent agent)
Guest processing
If you back up or replicate running VMs, you can enable guest processing options. Guest processing options are advanced
tasks that require Veeam Backup & Replication to communicate with the VM guest OS. Veeam Backup & Replication
offers the following guest processing options:
Application-aware processing. You can create transactionally consistent backups and replicas of VMs that run Microsoft
Active Directory, Microsoft Exchange, Microsoft SharePoint, Microsoft SQL Server or Oracle. The transactionally
consistent backup guarantees proper recovery of these applications without data loss.
Pre-freeze and post-thaw scripts. You can use pre-freeze and post-thaw scripts to quiesce VMs running applications that
do not support Microsoft VSS.
Transaction log truncation. You can set the backup or replication job to truncate transaction logs on the VM guest OS
after the VM is successfully processed.
Transaction logs backup for Microsoft SQL Server and Oracle. You can set up the backup job to back up transaction logs
from Microsoft SQL Server and Oracle VMs.
VM guest file system indexing. You can set up the backup job to create a catalogue of files and folders on the VM guest
OS. The catalogue lets you search for VM guest OS files and 1-click restore in Veeam Backup Enterprise Manager.
VM guest file system indexing is optional. If you do not enable this option in the backup job settings, you will still be able
to perform 1-click restore from the backup created with such backup job.
VM guest OS files exclusion. You can exclude/include individual files and folders from/to backup or replica.
29
Guest interaction proxy 3.1.4
Application-aware processing
The guest interaction proxy is a backup infrastructure component that sits between the backup server and processed
VM. This component is needed if the backup or replication jobs perform the following processing of VMs:
30
Snapshot removal concerns (vSphere) 3.1.5
Solution?
When snapshot removal times out, the Veeam Snapshot Hunter will be launched in the background and automatically
find and consolidate Veeam-related snapshots.
Veeam Backup & Replication checks the datastore to discover orphaned snapshot files. To consolidate these files with the
VM disks, Veeam Backup & Replication calls a consolidation algorithm. The algorithm consists of three steps, each
representing a VMware method.
NOTE
Hard consolidation without quiesce and hard consolidation with quiesce are performed only if the VM does not have any
user snapshots. In case there are one or more user snapshots, these steps will not be performed.
31
3.2 Backup job modes
32
Backup job modes overview 3.2.1
The reverse incremental backup method produces a backup chain that consists of the last full backup file (VBK) and a set
of reverse incremental backup files (VRB) preceding it.
The forever forward incremental backup method produces a backup chain that consists of the first full backup file (VBK)
and a set of forward incremental backup files (VIB) following it.
Forward incremental
The forward incremental backup method produces a backup chain that consists of the first full backup file (VBK) and a set
of forward incremental backup files (VIB) following it. Additionally, the forward incremental backup chain contains
synthetic full and/or active full backup files that “split” the backup chain into shorter series.
33
Selecting a backup job mode 3.2.2
Reverse incremental
Forward incremental
Forever forward incremental
Advanced settings are where the backup mode is set up. The following section will investigate the different backup
modes and retention policies.
34
Reverse incremental 3.2.3
A1 A2 A3
B1 B2 B3 B4
C1 C2
D1 D2 D3
When you define retention policy, you specify how ‘far’ you want to be able to roll back and thus, how many restore
points will be kept. Once the specified number is exceeded, the earliest restore point will be removed automatically.
In reverse incremental backup, Veeam Backup & Replication immediately deletes the earliest reverse increment as soon
as it meets the retention policy.
35
Forever forward incremental 3.2.4
A1
B1
C1
D1 B2 A2 A3 C2 B3 D2 B4 D3
Retention for forever forward incremental backup example: three restore points
If the number of restore points in forever forward incremental backup chains exceeds the retention policy settings,
Veeam Backup & Replication transforms the backup chain to make room for the most recent restore point.
As a result, you will have the exact number of restore points indicated in the job settings in the repository folder.
36
Forward incremental – synthetic full 3.2.5
Retention settings: keep four days; run once/day; synthetic full Saturday
A1
B1 B3
C1
D1 B2 A2 A3 C2 D2 B4 D3
37
Forward incremental – active full 3.2.6
Retention settings: keep four days; run once/day; active full Saturday
A1
B1
C1
D1 B2 A2 A3 C2 D2 B4 D3
(Only difference between this slide and previous is the full backup creation on Saturday 6, the first five clicks can go
through quick.)
38
Active full and synthetic full 3.2.7
Active
Full backup full backup
Backup chain
Synthetic
full
Full backup backup
Both active full and synthetic full backups are essentially an entire VM image stored inside the backup file.
The way active full and synthetic full backups are constructed differs.
In the following slides the synthetic full backup process will be explained in more detail, showing that a portion of
Sunday’s backup will come from production storage.
39
Incremental backup jobs 3.2.8
Reverse incremental
Forever forward
incremental
Forward incremental
Active full on Saturdays
Mon Tue Wed Thu Fri Sat Sun Mon Tue Wed Thu Fri Sat Sun Mon Tue Wed Thu Fri Sat
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
40
Grandfather-Father-Son (GFS) 3.2.9
retention
Requires scheduled periodical full backups to be enabled
The guest interaction proxy is a backup infrastructure component that sits between the backup server and processed VM.
This component is needed if the backup or replication jobs perform the following processing of VMs:
41
GFS retention options 3.2.10
Where is it located?
Options can be found
within the configure…
section of the storage
screen of the wizard.
When you configure the GFS schedule in the backup copy job settings, you specify for how long archive backups must be
stored and on which day certain GFS backup must be created.
https://helpcenter.veeam.com/docs/backup/vsphere/backup_copy_gfs_periods.html?ver=110
42
GFS retention example 3.2.11
Backup Job
Forward Inc. + GFS
Retention: 7
Mon Tue Wed Thu Fri Sat Sun Mon Tue Wed Thu Fri Sat Sun Mon Tue Wed Thu Fri Sat
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
Shown are periodical synthetic full backups scheduled to run every Saturday
GFS weekly: The weekly GFS flag is assigned to use full backup from Fridays, as you can see, there is no full backup on
Friday, so the flag remains until a periodical full backup is produced (Saturday)
GFS monthly: Use the GFS weekly backup from the first week of the month. When monthly and weekly GFS flags are
used together, VBR ensures that the monthly flag is associated with the weekly flag to ensure that two full backups aren’t
retained saving on storage.
43
3.3 Backup optimizations
44
Detecting bottlenecks TIPS
If no warnings or errors occurs during backup/restore, but performance is lower than expected, check if Veeam
bottlenecks are a cause.
45
Changed Block Tracking 3.3.1
Incremental backup
vSphere
Changes leverages VMware
only
vSphere native CBT
VM image Backup repository
To perform incremental backups, Veeam Backup & Replication needs to know which data blocks have changed since the
previous job run. Depending on the hypervisor, various methods are used.
Whenever Veeam Backup & Replication cannot leverage changed block tracking — for instance, if your VMs run an earlier
version of VMware virtual hardware, CBT is disabled at the ESX host level or you are running a Hyper-V mixed cluster
2012R2/2016 — it fails over to Veeam’s proprietary filtering mechanism.
Veeam Backup & Replication uses CBT for the following operations:
Backup
Replication
Entire VM restore
VM disk restore
For VMs with virtual disks in thin format, Veeam Backup & Replication also uses CBT during active full backup sessions to
detect unallocated regions of virtual disks and skip them
Notes: Hyper-V 2016: VM version must be equal to less than 9 and cluster level must be equal to less that eight–
otherwise RCT/CBT is unavailable.
Hyper-V RCT is only available on Windows Server 2016 and newer, RCT is unavailable in mixed Hyper-V clusters (fx
2012R2 and 2016 mixed)
46
Inline deduplication 3.3.2
Why? How?
Reduce backup storage consumption Avoid storing space that has been pre-
allocated but not used.
Reduce the amount of data sent over the network
Avoid storing data blocks that are identical
to data blocks already in the resulting
backup file
Deduplication
Examples of vSphere features that can prevent snapshots: Physical raw device mappings, SCSI bus sharing (shared VMDK),
independent mode virtual disk.
If a snapshot cannot be made by Veeam, try creating it manually. It may be required to involve for example VMware
support if manual snapshots cannot be created.
To create a VM snapshot, the VM is “stunned” in order to (i) serialize device state to disk, and (ii) close the current
running disk and create a snapshot point. The process is the same for both Windows and Linux. However with VSS
integration for Windows guests, this may cause an increase in file system operations, and so it may take longer to
complete a “stun” operation in these guests.
47
Compression levels comparison 3.3.3
300 100
90
250
80
70
200
Time (seconds)
60
Time, seconds
150 50
40 Size, GB
100
30
20
50
22 GB 10
12 GB 9.70 GB 9 GB
0 0
Dedupe-friendly (rle) Optimal (lz4) High (zlib) Extreme (zlib high)
Compression levels
Data compression decreases the size of created backups but affects duration of the backup procedure. Veeam Backup
& Replication allows you to select one of the following compression levels:
No compression is recommended if you plan to store backup files and VM replica files on storage devices that support
hardware compression and deduplication.
Dedupe-friendly is an optimized compression level for very low CPU usage. You can select this compression level if you
want to decrease the load on the backup proxy.
Optimal is the recommended compression level. It provides the best ratio between size of the backup file and time of the
backup procedure.
High compression level provides additional 10% compression ratio over the optimal level at the cost of about 10 times
higher CPU usage.
Extreme compression provides the smallest size of the backup file but reduces the backup performance. We recommend
that you run backup proxies on computers with modern multi-core CPUs (six cores recommended) if you intend to use
the extreme compression level.
48
Zeroing out dirty blocks (BitLooker™) 3.3.4
This feature is required to avoid the situation when VM file system treats the data blocks with data which has been
deleted as valid content which needs to be backed up. Only supported for NTFS file system.
With this option enabled, Veeam Backup & Replication performs the following operations during the job session:
Veeam Backup & Replication accesses the MFT file on the VM guest OS to identify deleted file blocks, and zeros out these
blocks.
Veeam Backup & Replication processes and transports data blocks of the VM image in the following manner:
If a data block of the VM image contains only the deleted file blocks, Veeam Backup & Replication does not read this data
block from the source datastore.
If a data block of the VM image contains zeroed out blocks and other data, Veeam Backup & Replication copies this block
to the target. Due to data compression, data blocks that are marked as deleted are compressed, and the size of the
resulting backup or replica file reduces.
49
Data size optimization configuration 3.3.5
Where is it located?
Options can be found
within the advanced
section of the storage
screen of the wizard.
Where is it located?
50
Lab 1:
VM backup capabilities
(estimated 45 minutes)
1. Create an encrypted Hyper-V backup job
2. Create a vSphere backup job
3. Clone a backup job
4. Delete a backup job
5. Modify a backup job
51
3.4 Agent backup capabilities
52
Agent backups 3.4.1
Why?
Protect physical workloads such as servers, workstations, latency sensitive virtual machines, and workloads in the cloud.
Can also be used for virtual machines when image-level backups are not possible.
Deployment?
Agents can be manually installed (standalone mode) or automatically deployed using protection groups.
Management?
Use the same console as you use for your virtual machine backups for a single pane of glass experience.
Examples of vSphere features that can prevent snapshots: Physical raw device mappings, SCSI bus sharing (shared VMDK),
independent mode virtual disk.
If a snapshot cannot be made by Veeam, try creating it manually. It may be required to involve for example VMware
support if manual snapshots cannot be created.
To create a VM snapshot, the VM is “stunned” in order to (i) serialize device state to disk, and (ii) close the current
running disk and create a snapshot point. The process is the same for both Windows and Linux. However with VSS
integration for Windows guests, this may cause an increase in file system operations, and so it may take longer to
complete a “stun” operation in these guests.
53
Creating an Agent backup TIPS
Considerations
To create a Veeam Agent backup job, you must create a Veeam Agent backup job in Veeam Backup & Replication with
the Managed by backup server option selected in the job settings.
If you want to protect a Mac computer, you must create a Veeam Agent backup policy.
54
Managed agent architecture example 3.4.2
Backup server
Veeam Agent for Mac
Veeam Agent for Microsoft Windows
Agent deployment
You can use Veeam Backup & Replication to manage Veeam Agent for Microsoft Windows on computers in your
infrastructure. As part of the Veeam Agent management scenario, you can remotely deploy Veeam Agent for Microsoft
Windows and Linux to your computers, as well as configure and manage Veeam Agent backup jobs in Veeam Backup &
Replication.
Direct integration of agent management into the Veeam Backup & Replication console
55
Agent deployment
56
Protection groups 3.4.3
Individual computers
You can organize individual computers into a protection group by specifying the necessary computers in the protection
group settings. This option is recommended for smaller environments that do not have Microsoft Active Directory
deployed.
57
Computers with pre-installed agents
You can create protection groups with a flexible scope. Protection groups with a flexible scope are empty just after they are
created. You must deploy Veeam Agents on computers and configure Veeam Agents to connect to the Veeam backup
server. After deployment and configuration, computers become members of the protection group.
This option is recommended if you do not have the full list of computers that you want to protect when you create the
protection group. This option also provides a convenient way to install agents using third-party software distribution
solutions, when deploying them from the Veeam backup server is not possible due to security and network connectivity
restrictions.
57
Computers with pre-installed agents TIPS
Why?
Security teams don’t like admin$ and SSH
credentials requirement
Why?
Security teams don’t like admin$ and SSH credentials requirement
58
Protection groups exclusions for AD 3.4.4
Note: Virtual machines are excluded by default. Including them is especially useful for testing!
59
Distribution server 3.4.5
Distribution server
The distribution server is an architecture component in the Veeam Agent management infrastructure used for
deployment of Veeam Agent setup files to protected computers. When you instruct Veeam Backup & Replication to
install Veeam Agent on a protected computer, the Veeam Backup Server communicates to the distribution server,
and Veeam Backup & Replication uploads Veeam Agent setup file from the distribution server to the target computer.
By default, the role of the distribution server is assigned to the backup server itself. However, you can deploy a dedicated
distribution server to reduce workload on the backup server. To deploy a distribution server, you need to add a Windows-
based server to Veeam Backup & Replication and select this server in the properties of a protection group.
60
Protection groups (options) 3.4.6
Options include:
Rescan intervals
Distribution server
Auto-update
Rescan interval
Distribution server
Auto-update
Changed block tracking driver (Requires Windows server 2008 R2 SP1 or newer)
Note: Use a distribution server to achieve load balancing and to save transfer via WAN for ROBO
61
Delete Agent from protection group TIPS
In the inventory pane, expand the Physical Infrastructure node and select the necessary protection group.
In the working area, select the necessary computer and click Uninstall Everything on the ribbon or right-click the
computer and select Agent > Uninstall all components.
62
Agent backup job types comparison 3.4.7
Workstation
Retention based on days when computer is used
Single backup job to a non-Cloud Connect repository
To back up data of your protected computers, you must configure a Veeam Agent backup job. The Veeam Agent backup
job defines what data to back up, how, where and when to back up data. In Veeam Backup & Replication, you can create
Veeam Agent backup jobs of the following types:
Backup job
The backup job that runs on the backup server in the similar way as a regular job for VM data backup. The backup job is
intended for protected computers that have permanent connection to the backup server.
The backup job that processes Veeam Agent computers runs on the backup server in the similar way as a regular job for
VM data backup. The backup job is intended for protected computers that have permanent connection to the backup
server, such as standalone servers and failover clusters. You can use the backup job to create Veeam Agent backups in a
backup repository or cloud repository.
In Veeam Backup & Replication, the backup job of this type is also referred to as the Veeam Agent backup job managed
by the backup server.
In situations where the protected computer has limited access to the backup server, jobs can also be managed by the
agent themselves.
Backup policy
63
The backup policy that describes configuration of individual Veeam Agent backup jobs that run on protected computers.
Veeam Backup & Replication uses the backup policy as a saved template and applies settings from the backup policy to
Veeam Agents that run on computers added to the backup policy. The backup policy is intended for protected computers
that may have limited connection to the backup server.
The backup policy describes configuration of individual Veeam Agent backup jobs that run on protected computers. Veeam
Backup & Replication uses the backup policy as a saved template and applies settings from the backup policy to Veeam
Agents that run on computers specified in the backup policy. The backup policy is intended for protected computers that
may have limited connection to the backup server, such as workstations, laptops and so on. You can choose to create
Veeam Agent backups in a backup repository, cloud repository, network shared folder or on a local storage of a protected
computer.
In Veeam Backup & Replication, the backup policy is also referred to as the Veeam Agent backup job managed by Veeam
Agent.
63
Agent backup job modes 3.4.8
Managed by agent
A Policy will be pushed to these agents, defining
when and what to backup to which location.
The backups will be triggered and run from the
agent system itself.
Workstations can only be managed by the agent
To back up data of your protected computers, you must configure a Veeam Agent backup job. The Veeam Agent backup
job defines what data to back up, how, where and when to back up data. In Veeam Backup & Replication, you can create
Veeam Agent backup jobs of the following types:
Backup job
The backup job that runs on the backup server in the similar way as a regular job for VM data backup. The backup job is
intended for protected computers that have permanent connection to the backup server.
The backup job that processes Veeam Agent computers runs on the backup server in the similar way as a regular job for
VM data backup. The backup job is intended for protected computers that have permanent connection to the backup
server, such as standalone servers and failover clusters. You can use the backup job to create Veeam Agent backups in a
backup repository or cloud repository.
In Veeam Backup & Replication, the backup job of this type is also referred to as the Veeam Agent backup job managed
by the backup server.
In situations where the protected computer has limited access to the backup server, jobs can also be managed by the
agent themselves.
Backup policy
64
The backup policy that describes configuration of individual Veeam Agent backup jobs that run on protected computers.
Veeam Backup & Replication uses the backup policy as a saved template and applies settings from the backup policy to
Veeam Agents that run on computers added to the backup policy. The backup policy is intended for protected computers
that may have limited connection to the backup server.
The backup policy describes configuration of individual Veeam Agent backup jobs that run on protected computers. Veeam
Backup & Replication uses the backup policy as a saved template and applies settings from the backup policy to Veeam
Agents that run on computers specified in the backup policy. The backup policy is intended for protected computers that
may have limited connection to the backup server, such as workstations, laptops and so on. You can choose to create
Veeam Agent backups in a backup repository, cloud repository, network shared folder or on a local storage of a protected
computer.
In Veeam Backup & Replication, the backup policy is also referred to as the Veeam Agent backup job managed by Veeam
Agent.
64
Veeam Agent for Linux
65
Veeam Agent for Linux overview 3.4.9
Application-aware
Backup Modes Destinations
processing
Local storage
Entire Machine Shared Folder Oracle
Volume level backup Veeam Backup Repository PostgreSQL
File level backup (Including deduplicating storage) MySQL
Veeam Cloud Connect Repository
Built-in snapshot
Custom recovery and changed block
File indexing Data encryption
media tracking (CBT)
drivers
66
Veeam Agent for MAC
67
Veeam Agent for Mac overview 3.4.10
Local storage
Shared Folder
User data
Veeam Backup Repository
Custom scope
(Including deduplicating storage)
Veeam Cloud Connect Repository
TIP
If you want to back up the root directory and specify / in the Path to a directory field, Veeam Agent does not
automatically include mount points in the backup scope. To include mount points, you need to specify paths to these
mount points manually.
For example, you have a file system mounted to the /Library/Media directory. If you add / as an object to the backup
scope, Veeam Agent will not back up the mounted file system. To back up the root directory and the mounted file
system, add the following objects to the backup scope:
/
/Library/Media
68
Veeam Agent for Microsoft
Windows
69
Veeam Agent for Windows overview 3.4.11
Local storage
Shared Folder Active Directory
Entire Machine Veeam Backup Repository Exchange
Volume level backup (Including deduplicating storage) MS SQL
File level backup Veeam Cloud Connect Repository Oracle
Microsoft OneDrive SharePoint
Data Custom
Backup cache
Veeam change encryption Recovery Transaction
block tracking Media log processing
(CBT) drivers Parallel disk Resume SQL & Oracle
processing File indexing backups
70
Support for failover clusters 3.4.12
Failover cluster — select this option if you want to back up data pertaining to a failover cluster.
With this option selected, the backup job will be managed by the Veeam backup server — you do not need to select the
job mode.
This is only availablem
71
Advanced protection group settings 3.4.13
Ability to remote instruct agents to restrict or manage parts of how it operates —this is because there is no other
component to do it.
72
Backup from Storage Snapshots (BfSS) 3.4.14
Why
Offload processing from source
machine
Isolate network traffic
What
Same systems supported like for
VMware integration*
Failover cluster — select this option if you want to back up data pertaining to a failover cluster.
With this option selected, the backup job will be managed by the Veeam backup server — you do not need to select the
job mode.
This is only availablem
73
BfSS: How it works TIPS
Disk attached
to the machine
Data disk
OS disk
74
BfSS: Considerations TIPS
RDM won’t be supported. There is no way to understand that volume sits in the storage system due to RDM architecture
(it adds another 'layer' to device manager in Windows so we can’t do matching with volume on storage)
75
Lab 2:
Agent backup capabilities
(estimated 50 minutes)
76
3.5 NAS backup capabilities
77
Adding a file share 3.5.1
Windows or Linux-
managed server
Enterprise NAS system
NFS v3, v4.1
SMB v1, v2, v3
In the infrastructure view there is now an option to view file shares and add a file share to the infrastructure. The adding
a file share dialog window shows that Veeam v10 supports Windows and Linux servers as well as NFS and SMB NAS
shares.
Enterprise NAS systems are for example NetApp Data ONTAP, Lenovo ThinkSystem DM series and Dell EMC Isilon.
78
File-share backup architecture 3.5.2
Backup Cache
server repository
Veeam Backup & Replication allows you to back up and restore content of NAS file shares.
To enable and configure the NAS backup feature in Veeam Backup & Replication, add the following components to the
backup infrastructure:
File share
Cache repository
File proxy
Backup repository
79
Backup proxy 3.5.3
Processes jobs
Backup proxy
A file proxy is an architecture component that sits between the file share and other components of the backup
infrastructure. The file proxy operates as a data mover that transfers data from the source file share to the backup
repository. The file proxy processes jobs and delivers backup and restore traffic.
80
Cache repository 3.5.4
Cache repository
A cache repository is a storage location where Veeam Backup & Replication keeps temporary metadata. Veeam Backup &
Replication uses the cached metadata to reduce the load on the file share during the backup procedure. This allows
performing incremental backups from the file share very quickly and very efficiently.
You can assign the role of a cache repository to a simple backup repository added to
the Veeam Backup & Replication infrastructure.
81
Cache repository TIPS
A cache repository is a storage location where Veeam Backup & Replication keeps temporary cached metadata for the
data backed up by the file share backup jobs.
82
Full backup 3.5.5
Cache
repository
2 3
1 5
4
Backup proxy Backup repository
File share (short retention)
Veeam Backup & Replication performs file share backup to the backup storage in the following way:
1. The backup proxy enumerates files and folders on the file share and creates a cyclic redundancy check (CRC) tree.
2. The backup proxy transfers the CRC tree to the cache repository.
3. The cache repository saves the CRC tree. When the cache repository receives a new CRC tree structure from the
proxy, it compares it with the CRC tree created during the previous run of the backup session. If any files or folders
of the file share have changed since the previous backup session run, the cache repository instructs the backup
proxy to start reading changed data from the source file share.
4. The backup proxy reads new data from the file share.
5. The backup proxy creates data packages and transfers them to the target backup repository. Data packages comprise
backup data files (each 64 Mb in size) and metadata files that contain names and versions of backup files and
allocation of data in backup files.
83
Incremental backup 3.5.6
Check whether a folder has changed by comparing checksums and repeat for sub-folders
84
Changed file tracking 3.5.7
File C File D
Veeam Backup & Replication performs file share backup in the following way:
When a new backup job session starts, Veeam Backup & Replication assigns a file proxy to enumerate files and folders on
the file share and to create a file tree with cyclic redundancy check (CRC) values.
The file proxy enumerates files and folders on the file share and creates the file tree with CRC values.
The file proxy transfers the file tree to the cache repository.
When the cache repository receives a new tree structure from the proxy, it compares it with the file tree created during
the previous run of the backup session. If any files or folders of the file share have changed since the previous backup
session run, the cache repository instructs the file proxy to start reading changed data from the source file share.
The file proxy reads new data from the file share.
The file proxy creates data packages. Data packages contain backup data saved as data files (each 64 megabytes in size)
and metadata files that contain names and versions of backup files and allocation of data in backup files.
The file proxy sends new data to the target backup repository.
85
Changed file tracking 3.5.8
Cache .vcache
NAS repository
Folder Folder
1 2
Folder
File A File B Backup proxy 1
3 Short term
retention
File C File D
Veeam Backup & Replication performs file share backup in the following way:
When a new backup job session starts, Veeam Backup & Replication assigns a file proxy to enumerate files and folders on
the file share and to create a file tree with cyclic redundancy check (CRC) values.
The file proxy enumerates files and folders on the file share and creates the file tree with CRC values.
The file proxy transfers the file tree to the cache repository.
86
Creating file share backup TIPS
Considerations
Linux file shares do not use backup proxies. Linux machines act as
a proxy on its own
Considerations
Warning: it can weaken the security of the file proxy and repository
87
NAS ACL handling, locked files
and retention
88
Advanced settings - ACL Handling 3.5.9
Folder-level only (recommended) to back up permissions and attributes from folders only. The restored files will inherit
permissions from the target folder.
Files and folders (slower) to back up permissions and attributes from both folders and individual files. This option can
significantly reduce the backup performance.
89
Advanced settings - Locked files 3.5.10
Supported sources:
CIFS path
VSS snapshot
NFS path
Path of storage snapshot folder
You can instruct Veeam Backup & Replication to back up data from Microsoft VSS snapshots or native storage snapshots.
During backup jobs, Veeam Backup & Replication will read data of shared files and folders from snapshots, which speeds
up backup operations and improves RPOs.
To define if Veeam Backup & Replication will use snapshots for backups:
To ignore the snapshot functionality, select backup directly from the file share. Veeam Backup & Replication will ignore
locked files and folders. When creating a backup job, you can configure notifications to list files and folders that are
skipped during the backup procedure.
To backup files from Microsoft VSS snapshots, select backup from Microsoft VSS snapshot. If you select this option, make
sure that the file share and the file proxy used for the file backup job support SMB protocol version three or later.
To backup files from the native storage snapshots, select backup from a native storage snapshot at the following path and
specify the path to the folder on the SMB file share where snapshots are stored in the \\server\folder format. If you
select this option, you can additionally use scripts, for example, to create a snapshot before the backup and remove it
after the backup. You can define these scripts, when creating a new file share backup job.
90
Versions examples 3.5.11
No Change: No Change:
file remains file remains
the same the same
There can be a number of backup retention scenarios depending on the configuration of backup and archive repositories.
Below you can find example cases that illustrate NAS backup retention with different settings.
https://helpcenter.veeam.com/docs/backup/hyperv/nas_retention_scenarios.html?ver=110
91
Versions examples 3.5.12
There can be a number of backup retention scenarios depending on the configuration of backup and archive repositories.
Below you can find example cases that illustrate NAS backup retention with different settings.
https://helpcenter.veeam.com/docs/backup/hyperv/nas_retention_scenarios.html?ver=110
92
Retention options for file versions TIPS
Long term
retention
There can be a number of backup retention scenarios depending on the configuration of backup and archive repositories.
Below you can find example cases that illustrate NAS backup retention with different settings.
https://helpcenter.veeam.com/docs/backup/hyperv/nas_retention_scenarios.html?ver=110
93
Retention options (short-term retention) 3.5.13
Source
SMB
Cache
repository
NFS
94
Retention options (long-term retention) 3.5.14
Source
SMB
Cache
repository
NFS
95
Retention options (backup copy job) 3.5.15
Source
SMB
Cache
repository
NFS
96
Lab 3:
NAS backup capabilities
(estimated 30 minutes)
97
3.6 Transport modes
98
Proxy transport modes (vSphere) 3.6.1
Transport mode is a method that is used by the Veeam data mover service at the proxy to retrieve VM data from the
source host and write VM data to the target destination.
Job efficiency and time required for job completion greatly depends on the transport mode.
The transport mode is a method used by the Veeam Data Mover Service to retrieve VM data from the source and write
VM data to the target.
For data retrieval, Veeam Backup & Replication offers the following modes (beginning with the most efficient):
Direct storage access
Virtual appliance
Network
99
Direct storage access (vSphere) 3.6.2
1
5
Source
host
2 4
6 7
Benefits
Quickest processing mode
Least impact on production
Backup processing fully offloaded
LAN-free backup traffic
No impact on consolidation ratio
Considerations
Supports block storage only
iSCSI: physical and virtual backup proxy servers both supported
Physical backup proxy server requirement for Fibre channel SAN
Consider repurposing older servers
Might be hard for beginners to setup
Advanced data fetcher (double I/O performance) available
only when backup from storage snapshots are utilized
100
Direct storage access (vSphere) 3.6.3
1
5
NFS
Source client
host
2 4
6 7
1. The backup proxy sends a request to the ESXi host to locate a VM on the NFS datastore.
2. The ESXi host locates the VM.
3. Veeam Backup & Replication triggers VMware vSphere to create a VM snapshot.
4. The ESXi host retrieves metadata about the layout of VM disks on the storage (physical addresses of data blocks).
5. The ESXi host sends metadata to the backup proxy.
6. The backup proxy uses metadata to copy VM data blocks directly from the NFS datastore over LAN.
7. The backup proxy processes copied data blocks and sends them to the target over LAN.
Benefits
Advanced data fetcher (double I/O performance)
Recommended transport mode for VMs whose disks are located on NFS datastores
Veeam Backup & Replication bypasses the ESXi host and reads/writes data directly from/to NFS datastores
VM data still travels over the LAN but there is no load on the ESXi host
Considerations
Unavailable for VMs that have at least one snapshot
Unavailable for Windows VM’s if VMware tools quiescence option is enabled
If a VM has some disks that cannot be processed in the direct NFS access mode, Veeam Backup & Replication processes
these VM disks in the network transport mode
101
Virtual appliance mode (vSphere) 3.6.4
Veeam
Backup Server
VMware
backup proxy
Benefits
Advanced data fetcher (double I/O performance)
Easy to setup
Fast data transfers with any storage
Uses Windows VMs
Allows for 100% virtual deployment
Uses the SCSI/SATA hot-add capability of ESXi hosts
Considerations
Can affect your consolidation ratio
102
Network mode (vSphere) 3.6.5
Veeam
Backup
server
1
4
Source
host
2 4
1. The backup proxy sends a request to the ESXi host on which the processed VM is registered to locate the VM on the
datastore.
2. The ESXi host locates the processed VM on the datastore.
3. Veeam Backup & Replication instructs VMware vSphere to create a VMware vSphere VM snapshot.
4. ESXi host copies VM data blocks from the source storage and sends them to the backup proxy over LAN. Note that
the real data transfer speed may be significantly less than the available speed. This is because the backup proxy and
the ESXi host communicate over the ESXi management network.
5. The backup proxy sends the data to target.
Network mode can be used with any infrastructure configuration. In this mode, data is retrieved via the ESXi host over
the LAN using the Network Block Device protocol (NBD).
The process of data retrieval in network mode includes the following steps:
The backup proxy sends a request to the ESXi host to locate the necessary VM on the datastore.
The ESXi host locates the VM on the datastore.
VM data blocks are copied from the production storage and sent to the backup proxy over the LAN.
The backup proxy sends the data to target.
Benefits
Easy to setup
Any storage
Quick to start data transfer
Fast, with 10 Gigabyte Ethernet
103
Considerations
Painfully slow performance on 1GB ethernet
Leverages ESXi VMkernel (management) interface
Note: You can instruct Veeam Backup & Replication to switch to the Network transport mode and transfer VM data over
the LAN if the primary transport mode is inaccessible.
103
Backup from Storage Snapshots 3.6.6
Backup Store
Low RPO
Backup from Storage Snapshots lets you speed up backup and replication for VMware vSphere VMs whose disks are
hosted on storage systems. When you perform Backup from Storage Snapshots, Veeam Backup & Replication leverages
storage snapshots for VM data processing. Backup from Storage Snapshots lets you reduce impact of backup and
replication activities on the production environment and improve RPOs.
Some of the perks of leveraging storage snapshots for data protection-related activities are:
Direct storage access (no proxying through ESXi)
No mount, re-signature, VM registration or clean up
VMware Changed Block Tracking (CBT) can still be leveraged
Easy to setup — a single checkbox!
Instant VMware snapshot commit
Note: Hyper-V has its native integration with storage snapshots via hardware VSS.
104
Storage integration 3.6.7
Standard VM backup
VM snapshot lifetime
I/O
Backup
t
VM snapshot VM snapshot delete
Storage integration
To be able to use incremental forever image level backups with Change-Block-Tracking over the VMware Storage API, a
VM snapshot is required. However, VM snapshots come with drawbacks, as all changes during the backup were written
to the snapshot and they need to be committed to the main storage when the snapshot is deleted.
105
Storage integration 3.6.8
VM snapshot lifetime
I/O
Backup
t
VM snapshot VM snapshot
commit
Storage Delete storage snapshot
snapshot
Storage integration
Together with Veeam unique agentless application aware backup engine Veeam creates Storage Snapshots directly after
the VMware Snapshot to preserve the consistent state within the Storage Snapshot. After the Storage Snapshot was
created Veeam will release the VMware Snapshot.
As the Storage Snapshot can be deleted, after the backup has completed, without any overhead there will be no negative
effects to the VMs.
Storage Snapshot based backups can be used together with VMware Change Block Tracking.
106
Proxy transport mode overview 3.6.9
(vSphere)
Recommendations for installing the backup proxy, depending on the storage
type and desired transport mode:
Production
Direct storage access Virtual appliance Network mode
storage type
Physical proxy with direct FC
Fibre Channel (FC) SAN Virtual proxy running
access to the SAN
on an ESXi host
connected to the Physical or
iSCSI SAN Physical or virtual proxy storage device virtual proxy
connecting to
the ESXi host(s)
Only use for NFS v4.1 VMkernel interface
NFS storage Physical or virtual proxy (management
Virtual proxy network)
Virtual proxy on every
Local storage Not supported
ESXi host
The graphic shows recommendations for backup proxies dependent on storage and transport mode.
107
Introduction
Environmental configuration
Configuration backup
© 2021 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
In this section:
Replication
CDP Policy
108
4.1 Replication
109
Replication overview 4.1.1
Supported targets:
Standalone or managed hosts
Clusters
What is a replica?
While a replica can’t be encrypted, the connection between the hosts can be encrypted (in flight encryption)
Supported targets
Managed hosts is a host managed by either a VMware vCenter Server (vSphere) or Microsoft SCVMM (Hyper-V).
110
Building replication capabilities (vSphere) 4.1.2
Onsite replication
Veeam® Backup
Server
If the source host and target host are located in the same site, you can perform onsite replication.
In the onsite replication scenario, Veeam Backup & Replication does not perform data compression. Replication traffic is
transferred decompressed between the two Veeam data mover started on the same backup proxy.
111
Building replication capabilities (vSphere) 4.1.3
Offsite replication
Veeam® Backup
Server
WAN
If the source host is located in the primary site, and the target host is located in the DR site, you can perform offsite
replication.
The common requirement for offsite replication is that one Veeam data mover runs in the production site, closer to the
source host, and the other Veeam data mover runs in the remote DR site, closer to the target host. During backup, the
Veeam data movers maintain a stable connection, which allows for uninterrupted operation over WAN or slow links.
112
Building replication capabilities (Hyper-V) 4.1.3
Onsite replication
Veeam® Backup
Server
On-host replication
Off-host replication
Both scenarios are applicable for onsite replication and replication to a remote DR site. In both scenarios, you can
replicate VM data over a direct data path or over a pair of WAN accelerators.
113
Building replication capabilities (Hyper-V) 4.1.3
Offsite replication
Veeam® Backup
Server
WAN
On-host replication
Off-host replication
Both scenarios are applicable for onsite replication and replication to a remote DR site. In both scenarios, you can
replicate VM data over a direct data path or over a pair of WAN accelerators.
114
Leveraging snapshots 4.1.6
vSphere Hyper-V
Hyper-V snapshot
Based on vSphere snapshots
(check points)
Restore point
limitation number
28 47
Illustration
Leveraging snapshots
Snapshot replica in many respects is similar to forward incremental backup. During the first run of a replication job,
Veeam Backup & Replication copies the VM running on the source host and creates its full replica on the target host. The
replica is stored uncompressed, in a native hypervisor format.
All subsequent replication jobs are incremental. Veeam Backup & Replication copies only those data blocks that have
changed since the last replication cycle.
The reason for the limitation number on restore points is on VMware has a supported limit of 32 snapshots, minus the
working snapshots we require, and a bit of overhead and Hyper-V has a supported limit of 50 snapshots, minus the
working snapshots we require and a bit of overhead.
115
Replica seeding 4.1.7
Veeam® Backup
Server
Source Target
ESXi host Backup repository Backup repository ESXi host
in production site in DR site
Replica seeding
If you plan to replicate to a remote DR site over WAN or low-bandwidth network, you can use replica seeding. Replica
seeding helps reduce the amount of VM data transferred over the network.
Replica seeding can be used if you have a backup for the replicated VM on the backup repository located in the DR site. In
this case, you can point the replication copy job to this backup. During the first session of the replication job, Veeam
Backup & Replication will use this backup file as a "seed". Veeam Backup & Replication will restore the VM image from
the backup and register the VM replica on the target host. After that, Veeam Backup & Replication will synchronize the
VM replica with the source VM. All subsequent incremental replication runs will be performed in the regular manner.
116
Replica mapping 4.1.8
Veeam® Backup
Server
Source Target
ESXi host ESXi host
Replica mapping
The most common use case if splitting up, consolidating or re-creating replication jobs. If a replica for the VM that you
plan to replicate already exists on the target host in the DR site, you can use replica mapping. Replica mapping helps
reduce the amount of VM data transferred over the network.
To use replica mapping, you must point the replication job to a VM replica on the host in the DR site. During the first
session of the replication job, Veeam Backup & Replication will calculate the difference between the source VM and VM
replica and copy necessary data blocks to synchronize the VM replica to the latest state of the source VM. All subsequent
incremental replication sessions will be performed in the regular manner.”
117
Remote replica from backup 4.1.9
Veeam® Backup
Server
Reduces workload on
production environments
No extra snapshot
required
Backup Backup Target
repository 1 repository 2 ESXi host
Sun
Tue
Sun Tue Mon 2
3
Disaster recovery plans often require that you back up and replicate the same VM for DR and HA purposes. Normally, this
doubles the workload on the virtual infrastructure. You need to create two VM snapshots, independently from one
another, and transfer VM data from the production site twice.
You can reduce the workload on the production environment by using the replica from backup option. This option can be
used for onsite and offsite replication scenarios.
When you perform replication from backup, Veeam Backup & Replication does not address hosts and storage in the
production environment to read VM data. As a source of data, it uses a backup chain that already exists on the backup
repository. As a result, you do not need to create a VM snapshot for replication and transport the same data twice. You
retrieve VM data only during the backup job. The replication job reuses retrieved data to build VM replica restore points.
Although replica from backup might resemble replica seeding, there is difference between these options:
Replica seeding uses the backup file only during the first run of a replication job. To further build VM replica restore
points, the replication job addresses the production environment and reads VM data from the source storage.
Replica from backup uses a backup chain on the backup repository as the only source of data. When building a new VM
replica restore point, Veeam Backup & Replication always reads data from the latest restore point in the backup chain,
either full or incremental. The backup chain on the backup repository may be created with a backup job or a backup copy
job.
118
Network remapping 4.1.10
Updates VM replica
configuration file
on the DR site
No need to re-configure
VM replica network
settings manually
Network remapping
Network mapping can be helpful if you use different networks in the production site and DR site. In this situation, you can
configure a table that maps production networks to networks in the DR site. During every replication job
session, Veeam Backup & Replication will check the network mapping table and update the VM replica configuration file
to replace the production network with the specified network in the DR site. As a result, when you perform failover, the
VM replica will be connected to the necessary networks in the DR site, and you will not have to re-configure network
settings for the VM replica manually.
119
Re-IP (Windows only feature) 4.1.11
Changes IP address
configuration via Microsoft
Windows registry
Re-IP
For Microsoft VMs, Veeam Backup & Replication also automates reconfiguration of VM IP addresses. If the IP addressing
scheme in the production site differs from the DR site scheme, you can create a number of re-IP rules for the replication
job.
When you fail over to the replica, Veeam Backup & Replication checks if any of the specified re-IP rules apply to the
replica. If a rule applies, Veeam Backup & Replication mounts VM disks of the replica to the backup server and changes its
IP address configuration via the Microsoft Windows registry. The whole operation takes less than a second. If failover is
undone for any reason or if you fail back to the original location, replica IP address is changed back to the pre-failover
state.
120
Lab 4:
Replication capabilities
(estimated 30 minutes)
1. Deploy required Veeam components for
replicating virtual machines to the
production site
2. Deploy required Veeam components for
replicating virtual machines to the DR
site
3. Create a Microsoft Hyper-V replication
job
4. Create a VMware vSphere replication job
121
4.2 Utilize the CDP policy
122
Continuous Data Protection (CDP) 4.2.1
Continuous data protection (CDP) is a technology that helps you protect mission-critical VMware virtual machines when
data loss for seconds or minutes is unacceptable. CDP also provides minimum recovery time objective (RTO) in case a
disaster strikes because VM replicas are in a ready-to-start state.
123
CDP benefits 4.2.2
Policy-based protection
Flexible retention
VM snapshots — Veeam CDP captures all write I/O directly in the data path with the VMware-certified I/O filter driver,
eliminating the need to create VM snapshots as with classic replication jobs. And with I/O level tracking, only the data
actually changed is sent over to a DR site, as opposed to larger virtual disk blocks returned by changed block tracking.
• No workload or hardware dependency — Protect ANY OS and applications that can run within a vSphere VM. And unlike
storage-based replication, Veeam CDP works across non-matching storage arrays, hyperconverged storage solutions and
even local vSphere ESXi storage.
• Asynchronous replication — Unlike synchronous array-based replication, Veeam CDP can be used across any distance
while requiring significantly lower bandwidth, thanks to I/O consolidation when the same block is overwritten multiple
times and network traffic compression.
• Policy-based protection — Unlike with regular replication jobs, you don’t have to worry about scheduling at all. Just
define the required RPO (maximum data loss allowed in case of a disaster) and the CDP policy will take care of performing
the sync cycles as needed. Also, to reduce monitoring events spam, you can define acceptable RPO violation thresholds
so that sporadic connectivity issues do not result in alarms.
• Flexible retention — Separately define short-term retention, allowing crash-consistent restores to a point in time with
RPO period granularity and long-term retention policy with optional periodic application-consistent restore points,
providing an additional layer of protection.
124
Short-term retention TIPS
Veeam Backup & Replication retains short-term restore points for the number of hours specified in CDP policy settings.
When the retention period is exceeded, Veeam Backup & Replication transforms the replication chain in the following
way. The example shows how short-term retention works for a VM replica with one virtual disk.
1. Veeam Backup & Replication checks whether the replication chain contains outdated short-term restore points.
2. If an outdated restore point exists, Veeam Backup & Replication commits data for the restore point from the
transaction log file (.tlog) into the nearest delta or base disk file (<disk_name>-flat.vmdk or <disk_name>-<index>.vmdk).
3. If the transaction log file does not contain data for further restore points, Veeam Backup & Replication deletes the
transaction log file as redundant — its data has already been committed into the base or delta disk file.
125
Long-term retention TIPS
Veeam Backup & Replication retains long-term restore points for the number of days specified in CDP policy settings.
When the retention period is exceeded, Veeam Backup & Replication transforms the replication chain in the following
way. The example shows how long-term retention works for a VM replica with one virtual disk.
1. Veeam Backup & Replication checks whether the replication chain contains outdated long-term restore points.
2. If an outdated restore point exists, Veeam Backup & Replication rebuilds the file that contains data for the base disk
(<disk_name>-flat.vmdk) to include data of the file that contains data for the delta disk (<disk_name>-<index>.vmdk). To
do that, Veeam Backup & Replication commits into the base disk file data from the earliest delta disk file. This way, the
base disk file ‘moves’ forward in the replication chain.
126
Estimate required proxy resources TIPS
To test whether VMware CDP proxies available in the backup infrastructure can handle replication, click Test.
Veeam Backup & Replication will analyze available CPU on all source and all target VMware CDP proxies, the
maximum VM disk write speed during the last hour and will calculate approximate requirements for VMware CDP
proxies. In the CDP Infrastructure Assessment window, you will see the calculated values:
The CPU rows show CPU cores available on all proxies (source or target).
The Proxy RAM rows show RAM required for CDP and, in parenthesis, RAM available on all proxies (source or target). If
values in the parentheses and near them are the same, you need to upgrade proxies for which values coincide to provide
more resources. RAM on proxies must be doubled up because CDP uses 50% of RAM by default. You can change this
value with a registry key. For more information, contact Veeam Customer Support.
The Proxy Bandwidth rows show the maximum disk write speed during the last hour and, in parenthesis, available
bandwidth based on available cores of source or target proxies.
127
Failover TIPS
Unplanned (disaster)
Planned
Failover plans are supported
As a rule, the initial synchronization is performed when disk data is sent to the target host for the first time. During the
initial synchronization, Veeam Backup & Replication sends data for full copies of virtual disks and creates the very first
restore points.
During the incremental synchronization, Veeam Backup & Replication mainly sends data for incremental changes made to
virtual disks and creates short-term and long-term restore points. For more information on restore points and files
created for VM replicas, see Replication Chain.
128
RPO reporting TIPS
Error
Success
To instruct the CDP policy to display a warning or error if a newly created restore points are not transferred to the target
within the set RPO, click Reporting. Then specify when the policy must display error and warning.
If you have configured email notification settings, Veeam Backup & Replication will mark the policy with
the Warning or Error status and will also send email notifications.
129
Introduction
Environmental configuration
Configuration backup
© 2021 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
In this section:
130
5.1 Backup copy architecture
131
Direct path (Windows and Linux 5.1.1
repositories)
Veeam® Backup
Server
Veeam Backup & Replication transports data directly from the source backup repository to the target backup repository.
This type of data transport is recommended for copying backups to onsite backup repositories or offsite backup
repositories over fast connections.
Microsoft Windows and Linux repositories. Veeam Backup & Replication uses the source Veeam data mover on the
source backup repository and target Veeam data mover on the target backup repository.
132
Direct path (shared folder 5.1.2
Backup copy architecture – direct path - shared folder or deduplication appliance repository
Veeam Backup & Replication transports data directly from the source backup repository to the target backup repository.
This type of data transport is recommended for copying backups to onsite backup repositories or offsite backup
repositories over fast connections.
Shared folder backup repository. If you have instructed Veeam Backup & Replication to automatically select the gateway
server, Veeam Backup & Replication will use Veeam data movers deployed on mount servers associated with backup
repositories. In case mount servers cannot be used for some reason, Veeam Backup & Replication will fail over to the
backup server.
If you have explicitly defined the gateway server, Veeam Backup & Replication will use the source Veeam data mover on
the gateway server in the source site and target Veeam data mover on the gateway server on the target site.
133
WAN accelerator 5.1.3
WAN acceleration
For WAN acceleration, Veeam Backup & Replication uses dedicated components — WAN accelerators. WAN accelerators
are responsible for global data caching and data deduplication. Technically, WAN accelerators add a new layer in the
backup infrastructure — between the Veeam data movers on the source side and the Veeam data mover on the target
side.
134
WAN accelerator architecture 5.1.4
WAN optimized
TCP/IP
Write
Read
Deployment:
Infrastructure: no changes required (transport port is configurable)
One to many: a single WAN accelerator in HQ, multiple WAN accelerators at branches
Existing WAN accelerators: Configure bypass in the settings
Populate the global cache to reduce the amount of traffic transferred over the WAN for the first time
135
WAN accelerator (many to one) 5.1.5
WAN optimized
TCP/IP
Source Target
Backup copy job
WAN accelerators WAN accelerator
Global cache
Accelerator 1
Accelerator 2
Source
backup repositories Target
backup repository
The WAN global cache can be used by several source WAN accelerators simultaneously. For example, if you have several
remote/branch offices, you can configure several source WAN accelerators in remote sites and one target WAN
accelerator in the head office.
In this case, the global cache will hold cache data for separate source WAN accelerators. The cache data for every source
WAN accelerator will be stored in a dedicated subfolder in the global cache folder.
136
Backup copy (transport path over 5.1.6
WAN accelerator)
Backup
server
Veeam Veeam
Data Mover Data Mover
service service
Veeam Backup & Replication transports data through a pair of WAN accelerators: one deployed on the source side and
the other one deployed on the target side. WAN accelerators remove redundant blocks before transferring data and thus
significantly reduce the amount of traffic going over the network. This type of data transport is recommended for copying
backups offsite over slow connections or WAN.
When Veeam Backup & Replication transports data via WAN accelerators, it uses Veeam data movers on the following
backup infrastructure components:
Microsoft Windows and Linux repositories. Veeam Backup & Replication uses the source Veeam data mover on the
source backup repository and target Veeam data mover on the target backup repository.
Shared folder backup repository. If you have instructed Veeam Backup & Replication to automatically select the gateway
server, Veeam Backup & Replication will use the data mover services deployed on the source and/or target WAN
accelerator. If you have explicitly defined the gateway server, Veeam Backup & Replication will use the source Veeam
data mover on the gateway server in the source site and target Veeam data mover on the gateway server on the target
site.
137
5.2 Backup copies
138
Backup copy job considerations 5.2.1
Secondary backup
storage (onsite)
Backup
Production Primary
storage backup storage
Secondary backup
storage (offsite)
139
Backup copy modes (immediate copy 5.2.2
mode)
Source Target
backup repository backup repository
In the immediate copy mode, Veeam Backup & Replication copies restore points as soon as they appear on a source
backup repository. Veeam Backup & Replication copies only restore points created by source backup jobs (backup jobs
that you select when configuring a backup copy job). Veeam Backup & Replication can also copy transaction log backups if
you enable this capability in job settings.
The immediate copy mode is supported for the following backup types:
140
Immediate copy mode 5.2.3
Copies every restore point created by selected primary backup jobs as soon
as it is created in the primary backup repository.
Immediate copy mode is designed to help meet strict off-site backup RPOs, and even comes with the built-in RPO
monitor functionality that will notify you when the restore point was not copied within the specified period of time after
its creation.
141
Backup copy modes (periodic copy 5.2.4
mode)
Source Target
backup repository backup repository
In the periodic copy mode, Veeam Backup & Replication copies restore points once an interval specified in backup copy
job settings. This interval is also known as backup copy interval.
Veeam Backup & Replication can copy restore points created by backup jobs or restore points of individual machines. If
you select backup jobs when configuring copy job settings, Veeam Backup & Replication copies only restore points that
selected backup jobs create. If you select machines, Veeam Backup & Replication copies all restore points of the selected
machines — even restore points created by different backup jobs.
The periodic copy mode is supported for the following backup types:
142
Retention policy 5.2.5
Define how many restore points you Specify how many weekly,
Setting up want to retain on the target backup monthly or yearly backups
repository you want to retain
Retention policy
The backup copy job has its own retention policy settings, independent of retention policy settings specified for a backup
job. The retention policy of a backup copy job defines how long Veeam Backup & Replication must retain copied restore
points on the target backup repository.
143
5.3 Backup to tape
144
Backup to tape (architecture) 5.3.1
Backup
Veeam Backup Server
repository
Tape catalog
Backup catalog
Database
Tape
device
Tape
server
Veeam's native tape support operates by way of Veeam tape servers. The tape server works with tape devices to ensure
that they can be managed from within Veeam Backup Server.
145
Organization in tape infrastructure 5.3.2
Entity Description
Logical units that distribute free tapes for writing data
Media pools and store information about data that was archived to
them.
Separate sets of tapes with data continuously written to
Media sets
them.
Backup sets A set of files written to tape within one tape job session.
Data retention period is a period of time when data written to tapes is protected from overwriting.
The retention period is set by the user for the media pool and is applied to all tapes in this media pool. To set the
retention policy, you can choose between the following options:
Never overwrite data
Define a particular time period to protect data
Not to protect data at all.
146
Tape parallel processing 5.3.3
Media pool
When you process tape jobs in parallel, the media pool assigns a drive to each running tape job. The media pool can use
the predefined maximum number of drives and process the equal number of tape jobs simultaneously. For example, if
you set three drives as the maximum, you can process up to three tape jobs at the same time. If you have more jobs
running at the same time, they are queued. When one of the jobs finishes and releases its drive, the first queued job
takes the drive.
For example:
You set the maximum number of drives to three.
Tape job A has four primary jobs.
Tape job A starts, and occupies three drives to process three primary jobs. The fourth primary job is queued and waits.
Parallel processing is enabled in media pool settings. To use drives of multiple libraries, you must enable the parallel
processing mode for the libraries that are managed by the media pool. A separate media set is opened per each drive
used.
147
Tape copy options and what it does TIPS
You can use the tape copy feature to migrate backups or files stored on previous generation tapes to newer ones.
You can also use this feature to make copies of tapes.
The tapes to copy must not be occupied by any other operations, such as backup, restore and cataloging. During the tape
copy procedure, the tapes will be locked.
The tapes to copy must be cataloged. Tapes in the Unrecognized media pool are not available for copying. For more
information, see Cataloging Tapes.
All tapes to copy and machine backups on them must be decrypted. Encrypted tapes cannot be copied. Encrypted
backups are skipped from copying. For more information, see Add Optional Media Pool Settings.
To copy content of a tape to another one, use the Copy Tapes wizard.
Launch the Copy Tapes wizard.
Choose source tapes to copy.
Choose a target media pool where to copy the tapes.
Specify tape copy options.
Finish working with the wizard.
148
Lab 5:
Second site backup
(estimated 45 minutes)
1. Prepare Veeam infrastructure
2. Create a backup copy job
3. Modify a backup copy job
149
Introduction
Environmental configuration
Configuration backup
© 2021 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
150
6.1 Per-machine backup
chains
151
Per-job backup chain features 6.1.1
By default:
Backup jobs write VM data to repository in one write stream
Backup job
Backup chain
By default, backup jobs write VM data to the backup repository in one write stream, and store data of all VMs to the
same backup file. Such behavior can be non-optimal if the target storage device is able to write data in multiple streams
simultaneously. In this situation, the backup repository may become the bottleneck for the data transfer, even though its
resources will not be fully utilized.
152
Per-job backup chains considerations 6.1.2
Backup job
Backup chain
Note: per-job backup chains are not recommended for storage devices that support simultaneous multi-write data
streams
153
Per-machine backup chains 6.1.3
Write stream 1
VM2 VM2 VM2
Backup
chain 2
Write stream 2
VM3 VM3 VM3
Backup repository
Backup
chain 3
You can instruct Veeam Backup & Replication to create per-machine backup files on the backup repository. In this case,
the backup job will use a separate write stream for every VM in the job, and store data of every VM to a separate backup
file. Resources of the storage device will be used more efficiently, and the job performance may increase.
154
6.2 Scale-out Backup
Repository
155
Scale-out Backup Repository 6.2.1
Performance Capacity
tier tier
S3 compatible
DAS
Move oldest backups
and / or Amazon S3
immediate copy backup
The Scale-out Backup Repository is a logical entity — it groups several backup repositories called extents. When you
configure the Scale-out Backup Repository, you actually create a pool of storage devices and systems, summarizing their
capacity. You can expand the Scale-out Backup Repository at any moment. For example, if backup data grows and the
backup repository reaches the storage limit, you can add a new storage system to the Scale-out Backup Repository. The
free space on this storage system will be added to the capacity of the Scale-out Backup Repository. As a result, you will
not have to move backups to a backup repository of a larger size.
156
Performance tier 6.2.2
Data locality
Performance locality
Performance tier
157
Placement policy 6.2.3
Data locality
No limitations to backup chains
New backup chain with
dependencies stored in same or
different extent
Performance
When using Veeam® Scale-out
Backup Repositories™, full and
incremental backup files in the
same backup chain and stored on
different extents.
Placement policy
Data locality
If you set the data locality policy for a Scale-out Backup Repository, all backup files that belong to the same backup chain
are stored on the same extent of the Scale-out Backup Repository.
The data locality policy does not put any limitations to backup chains. A new backup chain may be stored on the same
extent or another extent. For example, if you create an active full backup, Veeam Backup & Replication may store the full
backup file to another extent, and all dependent incremental backup files will be stored together with this full backup
file.
However, if you use a deduplicating storage appliance as an extent to the Scale-out Backup
Repository, Veeam Backup & Replication will attempt to place a new full backup (active or synthetic) to the extent where
the full backup from the previous backup chain resides. Such behavior will help increase the data deduplication ratio.
158
Capacity tier 6.2.4
Capacity tier
Capacity tier augments your Scale-out Backup Repository abilities and allows you to store your backup data in
cloud-based object storage such as:
Amazon S3
Microsoft Azure blob storage
IBM Cloud object storage
S3 compatible
Such an approach helps you comply with possible data storage regulations your organization might be adhering to.
For example, you might be running out of space, as your extents are capable of keeping no more than 10 restore
points at a time, or your organization policies allow you to store only certain amount of data on your extents,
whereas the rest of the data should be stored elsewhere because of its outdated state.
To safely reclaim valuable storage space on your on-premises devices and make it easier to place the backup data to
cloud repositories, Veeam Backup & Replication implements proprietary mechanisms that help you efficiently
offload your data from the extents to cloud-based object storage every four hours.
All viable backups can be manually offloaded from the performance tier to the capacity tier
159
Capacity tier TIPS
Veeam Backup & Replication allows you to prohibit deletion of data from the extents of the scale-out backup repository
by making that data temporarily immutable. It is done for increased security: immutability protects your data from loss as
a result of attacks, malware activity or any other injurious actions.
You can enable the immutability feature for any tier of scale-out backup repository.
To learn how immutability works with capacity tier of the scale-out backup repository, see
https://helpcenter.veeam.com/docs/backup/vsphere/immutability_capacity_tier.html?ver=110
To learn how immutability works with archive tier of the scale-out backup repository, see
https://helpcenter.veeam.com/docs/backup/vsphere/immutability_archive_tier.html?ver=110
160
Scale-out Backup Repository:
copy mode
161
When does data get copied? 6.2.5
Once the backup (or backup copy) job is complete, Veeam Backup & Replication initiates a new copy session which simply
extracts data blocks and metadata from each new backup file (.vbk, .vib, .vrb) created on any of the extents of your Scale-
out Backup Repository and copies these blocks to object storage, thereby making an identical replica of your backup data.
162
Copy to capacity tier example 6.2.6
METADATA METADATA
DATA Chunk DATA Chunk
DAS
A A
DATA Chunk DATA Chunk
B F
METADATA METADATA
DATA Chunk DATA Chunk
C I NAS
DATA Chunk METADATA METADATA METADATA METADATA DATA Chunk METADATA METADATA
D DATA Chunk DATA Chunk DATA Chunk DATA Chunk G DATA Chunk DATA Chunk
METADATA E F G H METADATA J K
.vbk .vib .vib .vib .vib .vbk .vib .vib
Dedupe appliance
DATA Chunk DATA Chunk DATA Chunk DATA Chunk DATA Chunk DATA Chunk DATA Chunk DATA Chunk DATA Chunk DATA Chunk DATA Chunk
A B C D E F G H I J K
Capacity tier
Monday – first run with immediate copy, all blocks copied to object storage, note that metadata exists in both locations
Tuesday – first incremental, block E copied
Wednesday – block F copied
Thursday – block G copied
Friday – block H copied
Saturday – synthetic full in performance tier, block I copied to object storage, links to existing blocks A, F and G created
Still Saturday - we only transferred a single DATA chunk (Chunk I) because we already had many of the required blocks of
data in the capacity tier. Information about this is stored in the performance tier, in the archive index.
Sunday – block J copied
Monday – block K copied
163
Scale-out Backup Repository:
move mode
164
Move mode: Why? How? What? 6.2.7
Why?
Reduce amount of local storage required by dehydrating backup files.
How?
Move inactive backup data to the capacity tier.
Once the backup (or backup copy) job is complete, Veeam Backup & Replication initiates a new copy session which simply
extracts data blocks and metadata from each new backup file (.vbk, .vib, .vrb) created on any of the extents of your Scale-
out Backup Repository and copies these blocks to object storage, thereby making an identical replica of your backup data.
165
Dehydrating backup files 6.2.8
Backup file in
backup repository Object storage
Data
Metadata
Metadata is stripped from the backup chain and kept on the performance tier.
Only the blocks of actual backup data will be offloaded to the object storage.
During restore Veeam can access the metadata of a backup and therefore knows which blocks of data are available from
restore from the performance tier or only on the capacity tier. Only the required blocks of data will be transported back
from the object storage bucket.
166
Dehydrating backup files 6.2.9
Data
Metadata
Metadata is stripped from the backup chain and kept on the performance tier.
Only the blocks of actual backup data will be offloaded to the object storage.
During restore Veeam can access the metadata of a backup and therefore knows which blocks of data are available from
restore from the performance tier or only on the capacity tier. Only the required blocks of data will be transported back
from the object storage bucket.
167
What can be moved? (forward) 6.2.10
Active
Inactive backup chain backup
chain
When a backup job is being executed for the first time, Veeam Backup & Replication creates an initial full backup file that
contains complete information about the VMs that are being backed up. Each subsequent backup job sessions initiate
creation of new incremental backup files that contain only changes which have occurred since the last backup session.
Such a chain can be considered active as there are more incremental backups have yet to be created, depending on the
backup job schedule configuration.+
To move data to object storage repositories, an active backup chain must be reset, that is, transformed into inactive.
To transform an active backup chain into inactive, a new active full (or synthetic full) backup file must be created for such
a chain. This can be done either manually or you can configure a schedule, according to which new active full backups will
be created automatically.
Once a new full backup file is created and the offload session is being executed, Veeam Backup & Replication collects all
the restore points (full and incremental) that were created prior to the latest active full, and prepares them to be moved
to the object storage repository.
The graphic shows both inactive and active backup chains created with the incremental method. The inactive backup
chain consisting of one .vbk file and five .vib files can easily be offloaded once it satisfies validation criteria, whereas the
active backup chain consisting of a .vbk file and a .vib file would continue to grow with another incremental backups until
it is reset by another full backup and so on.
168
What can be moved? (reverse) 6.2.11
Active
backup
Inactive backup chain
chain
.vrb
The same applies to backup chains created with the reverse-incremental method, except for in this method, all
the .vrb files starting from the third restore point will be considered inactive automatically
169
Move to capacity tier example 6.2.12
DATA Chunk DATA Chunk DATA Chunk DATA Chunk DATA Chunk DATA Chunk DATA Chunk DATA Chunk
A B C D E F G H
Capacity tier
Monday – first run – nothing is eligible to move to the capacity tier (no inactive chain, inside operational restore window)
Tuesday – nothing is eligible to move to the capacity tier (no inactive chain, inside operational restore window)
Wednesday – nothing is eligible to move to the capacity tier (no inactive chain, inside operational restore window)
Thursday – nothing is eligible to move to the capacity tier (no inactive chain)
Friday – nothing is eligible to move to the capacity tier (no inactive chain)
Saturday 1 – synthetic full in performance tier, previous chain is now inactive (Mon, Tues, Wed, Thurs, Fri)
Saturday 2 - data that’s outside the operational restore window can be moved to the object storage, and the associated
files in the Performance tier are dehydrated (Monday, Tuesday and Wednesday)
Saturday 3 - the archive index is updated with information about the data sent up.
Sunday – Thursday data is now out of the operational restore window and can be moved to object storage
Monday – Friday data is now out of the operational restore window and can be moved to object storage
170
Scale-out Backup Repository:
copy and move modes,
together
171
Copy and move together 6.2.13
You can combine both the copy backups to object storage as soon as they are created option and the move backups to
object storage as they age out of the operational restores window option. In such a scenario, a copy session will be
copying newly created backups right upon creation.
Once the backup chain becomes inactive and exceeds the operational restore window, data blocks will be removed from
each associated backup file in such an inactive on-premises backup chain and only metadata will be preserved. Such a
behaviour mimics data movement, but instead of moving data that was already copied, Veeam Backup & Replication
simply purges associated data blocks from the extents, thereby saving traffic and reducing costs that might be incurred by
your storage provider for performing read/write operations.
172
Copy and move to capacity tier Performance tier
6.2.14
Archive index
(persistent)
Operational restore
Operational
window
Operational
restore window
restore
Operational
window
restore
Operational
window
restore
Operational
window
restore window
METADATA METADATA
DATA Chunk DATA Chunk
DAS
A A
DATA Chunk DATA Chunk
B F
METADATA METADATA
DATA Chunk DATA Chunk
C I NAS
METADATA
DATA Chunk METADATA METADATA METADATA METADATA DATA Chunk METADATA METADATA
D
METADATA DATA Chunk DATA Chunk DATA Chunk DATA Chunk G DATA Chunk DATA Chunk
METADATA E
METADATA F
METADATA G
METADATA H
METADATA METADATA J K
.vbk .vib .vib .vib .vib .vbk .vib .vib
Dedupe appliance
DATA Chunk DATA Chunk DATA Chunk DATA Chunk DATA Chunk DATA Chunk DATA Chunk DATA Chunk DATA Chunk DATA Chunk DATA Chunk
A B C D E F G H I J K
Capacity tier
Monday – first run with immediate copy, all blocks copied to object storage, note that metadata exists in both locations
Tuesday – first incremental, block E copied
Wednesday – block F copied
Thursday – block G copied
Friday – block H copied
Saturday – synthetic full in performance tier, block I copied to object storage, links to existing blocks A, F and G created.
Since the previous chain is now inactive, we are able to dehydrate the files that are outside the operational restore
window (Monday, Tuesday and Wednesday)
Sunday – block J copied, dehydrate Thursday
Monday – block K copied, dehydrate Friday
173
Retention (copy with immutability) 6.2.15
Veeam Backup & Replication allows you to prohibit deletion of data from object storage by making it immutable.
To make data immutable, Veeam Backup & Replication uses the Object Lock technology provided by Amazon and some
S3-Compatible providers. Once imposed, the object lock prohibits deletion of data from object storage until the
immutability expiration date is met. The value that defines the period after which the immutability expiration date occurs
is specified when adding (or editing) an Amazon S3 or S3 Compatible object storage repository. For more information,
see Adding Amazon S3 Object Storage and Adding S3 Compatible Object Storage, respectively.
174
Retention (copy with immutability) TIPS
Considerations
Veeam will add a fixed 10-day generation period to what you set
as the immutability period
Considerations
If you set the immutability period to 30 days, realize that the data will actually be locked for 40 days because of the
Veeam 10 day generation period.
175
Scale-out Backup Repository:
maintenance mode
176
SOBR extend (maintenance mode) 6.2.16
Veeam Backup & Replication allows you to put any of the extents of your Scale-out Backup Repository into maintenance
mode. You can use this mode if you need to perform service actions, such as upgrading an extent or installing a patch on
it. Putting an extent into maintenance mode is mandatory to evacuate backups, as described in evacuating backups from
extents.
177
Scale-out Backup Repository:
sealing an extent
178
Sealing a SOBR extent 6.2.17
What is sealing?
Why seal a SOBR extent?
What happens when an extent is sealed?
Veeam Backup & Replication allows you to put any of the extents of your Scale-out Backup Repository into seal mode.
Sealing up extents gives you the ability to gradually remove data located on these extents by applying a retention policy.
You can use this feature to gracefully stop using some of your extents as backup repositories and exclude them from the
Scale-out Backup Repository configuration altogether.
When sealing up an extent, Veeam Backup & Replication restricts any further data saving to such a sealed extent and
allows only read operations such as restore, merge and remove.
All backup jobs that are targeted to a Scale-out Backup Repository with the sealed extents that store active backup chains
will be forced to create a new active full backup on the next run. The new active full will be saved to another available
extent in the Scale-out Backup Repository scope, thereby forming a new active backup chain. The extent to which the
new active full is going to be saved is chosen automatically by Veeam Backup & Replication, depending on the available
resources.
179
Sealing a SOBR extent TIPS
Considerations
An extent can be put into both the maintenance and seal
modes at the same time.
When putting an extent into seal mode, you will still be able to
restore, merge and remove data without exiting this mode.
Sealing up performance extents gives you the ability to gradually remove data located on these extents by applying a
retention policy. You can use this feature to gracefully stop using some of your performance extents and exclude them
from the Scale-out Backup Repository configuration.
When sealing up a performance extent, Veeam Backup & Replication restricts any further data saving to such a sealed
extent and allows only read operations such as restore, merge and remove.
All restore points that exceed the specified retention period will be continuously removed from the
sealed performance extents on each subsequent backup session.
180
Scale-out Backup Repository:
archive tier
181
Archive tier: write once /(almost) TIPS
never read
Performance Capacity Archive
tier tier tier
Amazon S3
Archive (move) GFS Amazon Glacier
(incl. Deep Archive)
• Policy-based
• Cost optimized
• Save space
Microsoft Azure • Self-sufficient Microsoft Azure Blob
Blob Hot / Cold Storage Archive Tier
• No extra costs
Storing archived data in the archive tier is cheaper than in the capacity tier. However, restoring data from the archive tier
is longer and more expensive compared to the capacity tier. Data must be prepared for restore from the archive tier.
You have a lot of rarely (no more than once a quarter) accessed data that has to be stored in an archive.
You want to save costs and/or space on storing archived data.
Before an object storage repository can be configured as an archive extent, it must be added
to Veeam Backup & Replication backup infrastructure.
You can add an archive extent to your Scale-out Backup Repository and configure its settings on the Add Archive Tier step
of the new Scale-out Backup Repository wizard.
182
Add archive tier to Scale-out Backup TIPS
Repository
New “archive tier”
At the archive tier step of the wizard, select an object storage repository that you want to add as an archive extent and
specify when to move and/or copy data.
The Archive Tier step of the wizard will appear only if you have a compatible type of repository configured as a capacity
extent. For more information, see Limitations for Archive Tier.
You can add only one archive extent per scale-out backup repository.
When you add as an archive extent an object storage repository that contains offloaded backup data, you will be
prompted to synchronize existing backup chains with data in this Scale-out Backup Repository. After the synchronization
is complete, the existing backups will become available as imported and will be displayed in the Home view, under
the Archive (Imported) node in the inventory pane.
183
Move data to archive tier TIPS
Temporary
proxy
Temporary proxy converts to
larger objects Archive
Capacity
Tier Tier
In case the move policy is selected (the outdated backup files are transferred from the performance tier to the capacity
tier), the original file disappears from the performance tier.
Data transfer from the capacity extent to the archive extent is done through proxy appliances — temporary virtual
machines.
The template for all the proxy appliances is set up at the Proxy Appliance step of the Adding Amazon S3 Glacier or Adding
Azure Archive Storage wizard.
After the archiving job is finished, all the proxy appliances are automatically deleted. If the job ends prematurely, the
proxy appliances will be deleted as well. Also, any proxy appliance can be deleted if there are no more tasks for it.
184
6.3 Deduplication appliances
185
Adding deduplicating 6.3.1
storage systems
Leverage deduplication appliance
features by adding in supported
storage, not as shared folder, but
as deduplication storage
appliance.
Dell EMC Data Domain
HPE StoreOnce
ExaGrid
Quantum DXI
For disk-to-disk backups, you can use a deduplicating storage system as a target. Veeam Backup & Replication
supports the following deduplicating storage appliances:
While deduplicating storage systems usage can enable some significant savings on space, forever forward incremental,
synthetic full, and reverse incremental operations can perform poorly with deduplication devices because the backup
files that have been previously written to the storage must be interacted with during these operations. The act of reading
existing data on deduplication device is slow because each block requested must be rehydrated and uncompressed to be
read.
However, with EMC data domain deduplication appliances, it is possible to leverage EMC data domain's own mechanism
of updating file blocks' metadata internally, and consequently achieve greater performance with synthetic full. New full
backup files can then be created without physically moving data into the file, but rather by synthesizing them from the
existing data.
The process of rehydration and uncompressing during read operations from the deduplication storage will also impact
the performance of all restore operations.
186
Support for deduplicating 6.3.2
storage systems
When a dedupe appliance is added as shared folder, Veeam
is storage agnostic and will not leverage appliance features
Shared folder on
Backup data Gateway server
deduplication
appliance
When a dedupe appliance is added as shared folder, Veeam is storage agnostic and will not leverage appliance features
187
Deduplication appliance best practices 6.3.3
It is important to note that while this is Veeam’s general recommendation, there is a wide array of different hardware
deduplication options, some of which have Veeam specific features enabled or are built with solid state drives to improve
random read performance. Because of this, Veeam encourages an in-depth recovery time and recovery point
requirements discussion with a value-added reseller or the hardware manufacturer to determine how best to leverage
deduplicating storage.
Veeam has worked with strategic alliance partners to list these use cases and offer several architecture options to meet
the needs of any scenario.
Applying deduplication to storage systems is a technique used to reduce the space required to maintain a desired backup
retention. Deduplicating storage systems are often optimized for sequential write operations and can offer high ingest
rates, however, there can be a trade off in the form of higher latency when random read operations are required, as they
are with the list of features above.
188
6.4 Hardened repository
189
Hardened repository overview TIPS
Why?
Malware-safe repositories
If set up properly: insider
protection
What
Deny deletion of backups
How
Use “immutable flag” in Linux
Immutable:
Hardened backup repository is a backup repository with an option for switching on immutability. Immutability protects
your data from loss as a result of malware activity by temporarily prohibiting the deletion of data. It can be switched on
while adding a backup repository, at the Configure Backup Repository Settings step of the wizard.
Remember that the transport service does not run as root in a secure environment
A normal user can set the immutability flag, but only root can remove it.
190
Hardened repository TIPS
When adding the Linux server, use temporary credentials. To do that, click Add and select Single-use credentials for
hardened repository at the SSH Connection step of the New Linux Server wizard.
Within the user account that you plan to use to connect to the Linux server, do not select the Add account to the sudoers
file automatically check box. Select the Elevate account privileges automatically and the Use "su" if "sudo" fails check
boxes. For more information, see Linux Accounts (User Name and Password).
191
Permissions TIPS
Single-use, or temporary, credentials is a recommended option for Linux hardened repository, but you can also
use persistent credentials. In this case, the rights for the transport service will be reduced at the Configure Backup
Repository Settings step of the Adding Backup Repository wizard.
192
Job compatibility TIPS
If the backup repository is part of Scale-out Backup Repository with capacity tier added, immutability period for full
backup files with GFS retention policy is set according to the backup repository setting.
Otherwise, the following periods will be compared: immutability period set for the backup repository and the GFS backup
file lifetime. Immutability period for full backup files with GFS retention policy will equal the longest of these periods.
193
How to install hardened repository TIPS
194
Limitations TIPS
Only data in location with only authorized access are 100% bulletproof
solutions.
Examples:
Externally hosted “hardened repository”
S3 object lock at public cloud
Tapes in secure location
Veeam Cloud Connect with insider protection
195
6.5 Impact on storage
196
Impact of file systems 6.5.1
A0 A1 A2
B0
C0 C1
.vbk 1 .vib 1 .vib 2 .vib 3 .vbk 2 Backup Repository
197
Fast Clone impact on backup 6.5.2
A0 A1 A2 A2
Fast clone reference to existing blocks
B0 B0
C0 C1 C1
.vbk 1 .vib 1 .vib 2 .vib 3 .vbk 2 Fast Clone Backup
Repository
To check if fast block cloning is used during backup; open the job report and select the VM.
198
Impact on destination storage 6.5.3
199
Introduction
Environmental configuration
Configuration backup
© 2021 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
In this section:
200
7.1 Protecting data in the
cloud
201
Data could be anywhere in the cloud 7.1.1
Public cloud-the public cloud is defined as computing services offered by third-party providers over the public internet,
making them available to anyone who wants to use or purchase them. They may be free or sold on-demand, allowing
customers to pay only per usage for the CPU cycles, storage or bandwidth they consume.
SaaS - Software as a service (SaaS) is a software licensing and delivery model in which software is licensed on
a subscription basis and is centrally hosted.
202
Cloud-native protection with Veeam 7.1.2
• File-level recovery
1 2 3
• Backup copy job
• Instant VM Recovery®
• Restore to Azure/AWS
Original region/AZ Same or another region/AZ Object storage “External repository” in VBR
Veeam offers data protection solutions for the multi-cloud enterprise with our strong alliance partnerships and seamless
technology integrations with the leading cloud providers, including Amazon Web Services (AWS), Microsoft Cloud, IBM
Cloud and over 20,000 managed cloud providers. In addition, Veeam has new emerging partnerships with Google Cloud,
Alibaba Cloud and Oracle Cloud.
203
Public cloud 7.1.3
204
Full VM recovery 7.1.4
Full VM recovery
With Veeam Backup & Replication, you can restore an entire VM from a backup file to the latest state or to a previous
point in time if the original VM fails.
When you restore an entire VM, you extract the VM image from the backup to the production storage. Though entire VM
restore takes more resources and time to complete than Instant VM Recovery, you do not need to perform extra steps to
finalize the recovery process. Veeam Backup & Replication pulls the VM data from the backup repository to the selected
storage, registers the VM on the chosen ESXi host and, if necessary, powers it on. Entire VM restore enables full disk I/O
performance while Instant VM Recovery provides a “temporary spare” for a VM as the vPower NFS throughput is limited.
205
Direct restore to AWS and Azure TIPS
Direct Restore
to Microsoft Azure /
Amazon AWS
Temporary office
Veeam Backup
Restored VMs
Repository
1) Veeam Backup & Replication (VBR), Veeam Agents for Windows and Linux put backups into VBR repository;
2) Direct Restore to Microsoft Azure (DR2MA): VBR converts backup file and puts data into Azure storage;
3) DR2MA: VM is created in Azure and powered on immediately. VM operates in Azure network;
4) Veeam Powered Network (Veeam PN): Veeam PN extends Azure network to main office network by creating a virtual
private network (VPN) tunnel between them
206
Veeam Cloud Connect backup TIPS
overview
Service Provider
Veeam Cloud
Connect SSL
tunnel
WAN
Cloud repositories
Cloud
Backup
gateway
repository
Service providers (SP) can use Veeam Backup & Replication to offer cloud repository as a service and disaster recovery as
a service to their customers (tenants). Veeam Backup & Replication lets SPs set up the cloud infrastructure so that
tenants can send their data to the cloud and store it there in an easy and secure way.
Veeam Backup & Replication does not offer its own cloud for storing tenant data. Instead, it uses SP computing,
storage and network resources to configure Veeam Cloud Connect Backup and Veeam Cloud Connect Replication
infrastructure components:
Cloud repositories — storage locations in the cloud that store backups of tenant machines. Cloud repositories can be
used as primary storage locations and secondary storage locations to meet the 3–2–1 backup best practice.
Replication resources — dedicated computing, storage and network resources in the SP virtualization environment. To
set up replication resources, the SP configures hardware plans and subscribes tenants to one or several hardware plans.
For tenants, hardware plans appear as cloud hosts. Tenants can create VM replicas on cloud hosts and fail over to VM
replicas in the cloud in case of a disaster on the production site.
207
Recover full VMs, files and folders TIPS
Restore functionalities
include:
Full VM restore
VM files restore
VM guest OS files restore
Application items restore
Disk export
Backup export
208
Veeam Backup for Microsoft Office 365 TIPS
Back up from on-premises and Microsoft Office 365 services to local or object storage
Back up
data to
block
Backup repository
storage
Exchange OneDrive
Online for Business
Object storage
SharePoint Microsoft
Teams Metadata &
Online backup data Amazon S3 S3-compatible
Back up
data to
On premises Veeam Backup object
for Microsoft Office 365 storage
Exchange SharePoint
Metadata Cache repo
Notes:
Shows dataflow from Microsoft Office 365 and On-Premises to VBO to a backup repository
Fades the connection from VBO to the repository and the repository (trying to show that it’s one or the other)
Shows the process to send data to object storage, including the Cache Repo
Shows the powershell extension that can be used to automate backup tasks
Shows the RESTful api that exposes the VBO capabilities to other portals
209
Veeam Backup for Microsoft Office 365 TIPS
Recovery tools
Delivering flexible restore options
Veeam Explorer™
for Microsoft
Microsoft Office 365 Teams
Browse, search &
restore data
Backup repository
Additional recovery options
Exchange SharePoint OneDrive Microsoft Veeam Explorer Object storage
Online Online for Business Teams for Microsoft
Restore prior Exchange
version
Save as a file
Amazon S3 S3-compatible
Email as
an attachment Veeam Explorer
On premises Restore
for Microsoft data
Export to .pst SharePoint
or .zip
Microsoft IBM
Service provider Azure Blob Cloud
restore for a tenant
Exchange
Exchange SharePoint
SharePoint Cache repo
Veeam Explorer
for Microsoft
OneDrive Browse /
search Local storage
RESTful API
210
Backup cloud VMs with Veeam Agents TIPS
Cloud
Veeam SOBR –
Veeam SOBR -
capacity tier
performance tier
A Scale-out Backup Repository can be used for the following types of jobs and tasks:
211
Introduction
Environmental configuration
Configuration backup
© 2021 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
In this section:
212
8.1 Restoring from
VM/Agent backups
213
Instant VM Recovery® 8.1.1
Instant VM Recovery
Features:
Immediately restores a VM into your production environment by running it directly from the backup file.
It uses the patented Veeam vPower technology to mount a VM image to a host.
The archived image of the VM remains in read-only state.
You can redirect VM changes to a specific datastore.
Fast:
restarts a VM directly from a backup file in a matter of seconds
Readily available:
uses existing backups and backup storage
Versatile:
Restore to original location or new location with different settings
214
Instant VM Recovery vSphere 8.1.2
Compressed /deduplicated
backup files
vPower®
Migrate online
If you are recovering a VM to the production network, make sure that the initial VM is powered off to avoid conflicts.
Version 10 allows for multiple VMs to be recovered at once or even an individual disk if required.
215
Instant VM Recovery Hyper-V 8.1.3
Veeam Backup
Server
Data mover
services
Data restore
Disk mount
Backup
Source repository
Hyper-V host
Instant VM Recovery
Veeam Backup & Replication reads the VM configuration from the backup file on the backup repository and creates a
dummy VM with empty disks on the target host. The created VM has the same settings as the VM in the backup file. Note
that Veeam Backup & Replication pre-allocates disk space required for the restored VM at the beginning of the Instant
VM Recovery process.
Veeam Backup & Replication initiates creation of a protective snapshot for the dummy VM and the VM is started. If the
Instant VM Recovery process fails for some reason, the protective snapshot guarantees no data is lost.
On the backup repository and on the target host, Veeam Backup & Replication starts a pair of Veeam data movers that
are used to mount the VM disks from the backup file to the dummy VM.
On the target host, Veeam Backup & Replication starts a proprietary Veeam driver. The driver redirects requests to the
file system of the recovered VM (for example, when a user accesses some application) and reads necessary data from the
backup file on the backup repository via the pair of Veeam data movers that maintain the disk mount.
To finalize VM recovery, you can migrate the VM to the production storage. When you begin the migration
process, Veeam Backup & Replication starts another pair of Veeam data movers on the backup repository and on the
target host. The second pair of Veeam data movers copies data of the recovered VM from the backup repository to the
target host in the background and populates disks of the VM started on the target host.
Note: If you are recovering a VM to the production network, make sure that the initial VM is powered off to avoid
conflicts.
216
Full VM recovery 8.1.4
Full VM recovery
With Veeam Backup & Replication, you can restore an entire VM from a backup file to the latest state or to a previous
point in time if the original VM fails.
When you restore an entire VM, you extract the VM image from the backup to the production storage. Though entire VM
restore takes more resources and time to complete than Instant VM Recovery, you do not need to perform extra steps to
finalize the recovery process. Veeam Backup & Replication pulls the VM data from the backup repository to the selected
storage, registers the VM on the chosen ESXi host and, if necessary, powers it on. Entire VM restore enables full disk I/O
performance while Instant VM recovery provides a “temporary spare” for a VM as the vPower NFS throughput is limited.
217
Full VM restore mode 8.1.5
Full VM recovery
A VM can be restored to its original location or to a new location. When you restore a VM to its original
location, Veeam Backup & Replication powers off the original VM and restores only those disks that are included in the
backup file. All other disks remain unchanged.
When you restore a VM to a new location, you can specify new VM settings such as the new VM name, the host and
datastore where the VM will reside, disk format (thin or thick provisioned) and network
properties. Veeam Backup & Replication will change the VM configuration file and store the VM data to the location of
your choice.
218
Full VM recovery options TIPS
Full VM recovery
Incremental restore (also referred to as quick rollback) recovers only those data blocks necessary to revert the VM or VM
disk to an earlier point in time.
It is recommended that you use quick rollback if you restore a VM or VM disk after a problem that has occurred at the VM
guest OS level.
To perform an incremental restore of a VM or a VM disk make sure that the following requirements are met:
219
Entire VM recovery example scenarios 8.1.6
After guest operating system upgrade the virtual machine is unable to boot
Use Full VM restore with quick roll back enabled
Attacked by ransomware
Use Instant VM Recovery with Secure Restore enabled
220
Recovery using the Agent for Linux 8.1.7
Recovery Media
Command Line
Bare Metal Recovery Wizard
Volumes Export Backups to
Volumes Files
Files a virtual disk (.vhd)
Files Folders
Folders
Folders
A brief overview of recovery capabilities of the Veeam Agent for Linux. See the user guide for full details.
221
Recovery using the Agent for Mac 8.1.8
A brief overview of recovery capabilities of the Veeam Agent for Mac. See the user guide for full details.
222
Recovery using the Agent for Windows 8.1.9
Recovery Media
GUI
Bare Metal Export Backups to a
Volumes
Entire Computer virtual disk (.vmdk,
Files
System Volumes .vhd, .vhdx)
Folders
Manual
A brief overview of recovery capabilities of the Veeam Agent for Windows. See the user guide for full details.
223
Recovery using the Backup Server 8.1.10
A brief overview of recovery capabilities of the Veeam Agents when performed from the Veeam Backup Server/Console.
See the user guide for full details.
224
From / to vSphere Hyper-V AHV Azure AWS GCP
vSphere
Hyper-V
AHV
Windows Agent
Linux Agent
Azure VMs
AWS EC2
GCP VM
Other clouds
(agent based)
© 2021 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
225
8.2 Staged restore
226
Staged restore example 8.2.1
John Smith
exercises his right
to be forgotten In isolated
John environment a
Smith’s script injected to
details are remove John
registered Smith’s details
into the Backup of Backup Production before return to
database production repository database production
database crashes
John Smith is interested in buying a house in October 2017, so he registers his details into the construction
company database.
The construction company takes a backup of this database which includes John’s contact information as well as other
data.
The construction company's database server in production crashes and requires backup recovery.
They power on the machine in an isolated data lab and inject a script to remove John Smith's data, as his data cannot be
restored back into production.
227
Staged restore 8.2.2
Launch deduplicated/compressed/
encrypted backup file inside virtual lab
Staged restore
Once mounted, a script is executed on the VM altering the data on that server.
After successful script execution, the VM is transported to production using quick migration.
Example:
228
Staged restore process 8.2.3
Staged restore
For staged restore, Veeam Backup & Replication uses a preconfigured virtual lab, an executable script located on the
backup server, and credentials to connect to VMs and run the script. Veeam Backup & Replication performs staged
restore in the following way:
In the virtual lab, Veeam Backup & Replication starts VMs directly from compressed and deduplicated backup files that
reside on the backup repository.
Veeam Backup & Replication copies the script from the backup server to VMs that you plan to restore.
Veeam Backup & Replication runs the copied script on every VM.
All VM changes that take place during script execution are written to VM delta files.
After the script execution is complete, Veeam Backup & Replication powers off VMs in the virtual lab.
Veeam Backup & Replication restores VMs in a changed state to the production environment.
229
8.3 NAS recovery and restore
230
NAS Restore example scenarios 8.3.1
Attacked by ransomware
Roll back to point in time
231
Instant file share recovery TIPS
Why?
Allow users to access
files fast after disaster
What
Publish SMB shares
instantly
Limitations
• SMB only (no NFS and file servers)
• Published share is read-only
• No migration to production
232
Instant file share recovery for SMB TIPS
V11
Clients
\\NAS\share\folder1
SMB protocol
Read-only
\\mountserver\share\folder1 Backup
repository
You can use the instant file share recovery feature to publish a point-in-time file share state as a read-only SMB file share
to enable users to instantly access all protected files.
Before you perform instant file share recovery, check prerequisites. Then use the Instant File Share Recovery wizard.
233
Practical use case with DFS TIPS
Deactivated
Switch transparently for production
users (read-only access)
Failed
share Published
from backup
Video - https://www.youtube.com/watch?app=desktop&v=lcdC_LAh2U0&feature=youtu.be
234
File ACL handling when file ACL TIPS
missing
\\NAS\Share01
Inherit from parent folder
Folder 1 Folder2
File C File D
235
File ACL handling when file ACL TIPS
missing \\NAS\Share01
File B
236
Lab 6:
Restoring from backup
(estimated 45 minutes)
1. Perform an Instant VM Recovery from
Microsoft Hyper-V to VMware vSphere
2. Perform an Entire VM restore with quick roll
back
3. Delete a folder from the file share
4. Restore the deleted folder back to the file
share
5. Perform a bare metal restore
237
Introduction
Environmental configuration
Configuration backup
© 2021 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
In this section:
Veeam Explorers
Database Instant Recovery
Guest File Recovery
238
9.1 Veeam Explorers
239
Application-item recovery 9.1.1
Microsoft SharePoint
Browse and search
Microsoft Active directory
Application-item recovery
There are Veeam Explorer applications available for Exchange, SharePoint, Active Directory, SQL and Oracle.
Each explorer shares the ability to view, browse, search, restore and export items (GUI and PS) for each of the
applications shown.
240
Veeam Explorer for 9.1.2
Microsoft Exchange
Recovery of mailbox items
Compare to production server
Veeam Backup & Replication integrates with Veeam Explorer for Microsoft Exchange. Veeam Explorer for Microsoft
Exchange lets you browse Microsoft Exchange mailbox stores in VMs located on storage snapshots and restore Microsoft
Exchange items that you need.
Before you start working with Veeam Explorer for Microsoft Exchange, you need to extract a Microsoft Exchange
database (an EDB file) from the storage snapshot. You can do it in two ways:
You can use the Microsoft Exchange Item Level Restore wizard. In this case, Veeam Backup & Replication will
automatically extract a Microsoft Exchange database from the storage snapshot and open it in Veeam Explorer for
Microsoft Exchange.
You can restore VM guest OS files from a backup of a virtualized Microsoft Exchange server, manually locate a Microsoft
Exchange database and open it in Veeam Explorer for Microsoft Exchange.
241
Veeam Explorer for 9.1.3
When you run the Microsoft Active Directory Object Restore wizard, Veeam Backup & Replication automatically extracts
the Microsoft Active Directory database from the storage snapshot and opens it in Veeam Explorer for Microsoft Active
Directory.
As part of this procedure, Veeam Backup & Replication performs the following actions:
Veeam Backup & Replication creates a clone/virtual copy of the storage snapshot and mounts the clone/virtual copy to
an ESXi host.
Veeam Backup & Replication accesses the configuration file of the virtualized Microsoft Active Directory server (VMX) on
the snapshot clone/virtual copy and uses this configuration file to register a temporary VM on the ESXi host.
Veeam Backup & Replication mounts disks of the Microsoft Active Directory server to the temporary VM.
Veeam Backup & Replication locates the Microsoft Active Directory database and opens it in Veeam Explorer for
Microsoft Active Directory.
242
Veeam Explorer for 9.1.4
Microsoft SharePoint
Recovery of SharePoint items
Full-site and site collection restores for
SharePoint
Veeam Backup & Replication integrates with Veeam Explorer for Microsoft SharePoint. Veeam Explorer for Microsoft
SharePoint lets you browse Microsoft SharePoint content databases in VMs located on storage snapshots and restore
documents, items and document libraries that you need.
Before you start working with Veeam Explorer for Microsoft SharePoint, you need to extract a Microsoft SharePoint
content database (an MDF file) from the storage snapshot. To do this, you need to restore VM guest OS files from a
backup of the virtualized Microsoft SharePoint server, manually locate the content database and open it in Veeam
Explorer for Microsoft SharePoint.
Restore VM guest OS files from a backup of a virtualized Microsoft SharePoint server. For more information, see restoring
VM guest OS files (Microsoft Windows).
In the Veeam backup browser, locate the MDF file and double-click it or select the file and click application Items >
Microsoft SharePoint on the ribbon.
Veeam Backup & Replication will attach the content database to the Microsoft SQL Server on which the Veeam Backup &
Replication configuration database is deployed and open the database in Veeam Explorer for Microsoft SharePoint. After
that, you can browse the database and restore items that you need.
243
Veeam Explorer for 9.1.5
SQL restore service: In most scenarios, Veeam installs a runtime component named Veeam SQL restore service to the VM
guest OS (target or staging server, depending on selected restore or export scenario) — to support restore activities on
the SQL server VM guest —https://helpcenter.veeam.com/docs/backup/explorers/vesql_restore_service.html?ver=110
244
Veeam Explorer for Oracle 9.1.6
245
9.2 Database instant
recovery
246
Database instant recovery TIPS
Choose time to
switch (small
downtime)
Why?
Be online with your database again in seconds
What?
Physical and virtual servers
Instant recovery for production databases
Keep in mind
Small downtime on switch-over
247
Reliability of instant recovery TIPS
Instant recovery session is resilient to network disruption, backup server or mount server crash. If anything disrupts the
restore process, the restore process stays in the waiting mode and performs 10 automatic retries every five minutes. If
the retries fail, you can launch retry after the server or network is up.
248
Switch database to production storage TIPS
The switchover option becomes available after all the database files are copied to the target server and all database files
are synchronized. During switchover, the published mount is detached from the target SQL server instance and the
copied database is attached to this instance. Note that if you have selected to restore to the original server, the restored
database will replace the original database.
249
9.3 Guest file recovery
250
Guest OS file recovery 9.3.1
You can use IFLR (Instant File-Level Restore) to recover individual VM guest OS files and folders from VM backups and
replicas. IFLR does not require you to extract the VM image to a staging location or start the VM prior to restore. You can
restore files and folders directly from a regular image-level backup or replica to the necessary point in time.
IFLR works with any VM guest OS file system. Veeam Backup & Replication offers different tools and methods for
different file systems:
Restore from FAT, NTFS or ReFS: for file-level restore from Microsoft Windows VMs with NTFS, FAT and ReFS file systems,
you can use the file-level restore wizard.
Restore from Linux, Unix and other file systems: for file-level restore from Linux, Solaris, BSD, Novell Storage Services,
Unix, Mac and other file systems, you can use the multi-OS file-level restore wizard.
Note that multi-OS file-level restore supports recovery of files and folders only. Recovery of other file system objects such
as pipes is not supported.
Restore from other file systems: for file-level restore from file systems not supported by file-level restore wizards, you
can leverage the Instant VM Recovery functionality.
251
File-level restore 9.3.2
Backup server/backup
C:\
and replication console
E:\
C:\
E:\
Backup repository
Source host
Mount server
Veeam Backup & Replication mounts disks of the VM from the backup file to the machine where the restore process is
launched. This can be the backup server or machine on which the Veeam Backup & Replication console is installed. This
mount point allows you to browse the VM file system.
If you restore files to the original location, Veeam Backup & Replication creates an additional mount point on the mount
server associated with the backup repository on which the backup file resides. The second mount lets you keep the VM
traffic in one site and reduce load on the network.
252
Multi-OS file-level restore 9.3.3
Backup server
Helper appliance deployed
by backup server
(optional)
\Disk0
\Disk1
Disks
Disks displayed
mounted from
in Veeam
Backup
repository
Explorer
server
and can
be restored
Windows Repository
Source host
server
When you perform file-level restore, Veeam Backup & Replication performs the following operations:
Veeam Backup & Replication deploys a helper appliance on the ESXi host in the virtual infrastructure.
Veeam Backup & Replication mounts disks of the VM from the backup or replica to the helper appliance. The backup
file or VM replica itself remains in the read-only state on the backup repository or datastore.
Veeam Backup & Replication launches the Veeam Backup browser where mounted VM disks are displayed. You can
browse the VM guest file system in the Veeam Backup Browser and restore files or folders to the original VM or to
another location. Alternatively, you can enable an FTP server on the virtual appliance and allow VM owners to restore
files themselves.
When the restore process is finished or the Veeam backup browser is closed by
timeout, Veeam Backup & Replication unmounts the content of the backup file or replica from the helper appliance and
unregisters the helper appliance on the ESXi host.
(Optional) H.A. are no longer required when restoring Linux Guest OS files
253
Lab 7:
Object recovery
(estimated 45 minutes)
1. Delete an active directory user
2. Perform the restore using the Veeam Explorer
for Active Directory
3. Perform the restore using the Veeam Explorer
for Microsoft SQL Server
4. Delete contents of the Important Files folder
5. Perform the restore using the File-level Restore
Wizard for Microsoft Windows
6. Perform the restore using the File-level Restore
Wizard for Linux
254
Introduction
Environmental configuration
Configuration backup
© 2021 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
255
10.1 Recovery from replica
256
Recovery from a replica 10.1.1
Veeam Backup & Replication provides VM-level HA and DR host-based replication using various optimizations with
multiple restore points. In case of software or hardware malfunction, you can quickly recover a corrupted VM by failing
over to its replica.
When VM malfunctions, a replica VM takes over the role of the original VM (failover). Failover is an intermediate step
that should be further finalized. The options are:
Switch back to the original VM and discard changes at the replica (undo failover).
VM replica permanently takes on the role of the original VM (permanent failover).
Switch back to the original VM and transfer changes from the replica
to the original VM (failback to original location).
Switch to a new location by transferring all replica files or committing changes
to an original VM restored from backup (failback to new location).
You can also proceed in the following ways when failing back to production VM:
Undo failback switches the replica back to the failover state.
Commit failback finalizes recovery of the original VM.
257
Replica failover 10.1.2
When there is a problem with production VM it’s possible to restore services by failing over to its
replica
The VM replica takes over the role of the original VM
The VM is up and running within a couple of minutes
A1
A B C
Original state
D E F1
F Undo
failover
G H I
Failover
Original VM
G H I
Commit failback
Snapshot
This video explains this process with the inclusion of a simple whiteboard. -
https://veeam.wistia.com/medias/p98na40e6q
Replica failover
Failover is a process of switching from the original VM on the source host to its VM replica on the target host.
When there is a problem with production VM it’s possible to restore services by failing over to its replica
258
Undo failover 10.1.3
Operations switch back to the original VM and normal operation mode continues
All changes made to the VM replica are discarded
A1 B C
Original state
D E F1
G H I
Failover
A B C
D E F E1 F2
G H I
This video explains this process with the inclusion of a simple whiteboard. -
https://veeam.wistia.com/medias/p98na40e6q
Undo failover
259
Permanent failover 10.1.4
Switch from the original VM to a VM replica is made permanent and this replica is used
as the original VM
A1 B C
D E F1
G H I
Failover
A B C Permanent
failover
D E1
E F2
F E1 F2
G H I
This video explains this process with the inclusion of a simple whiteboard. -
https://veeam.wistia.com/medias/p98na40e6q
Permanent failover
To finalize the failover process, you can permanently fail over to the VM replica.
Switch from the original VM to a VM replica is made permanent and this replica is used as the original VM.
260
Failback 10.1.5
Operations are moved back to the production site from a VM replica after the problem
in the production site is eliminated
The original VM is synchronized with the VM replica and then powered on; all
replication activities are put on hold
A1
A B1
B C A B1
D E F1
E1 F2 E1 F2
G H I
Failover
A B C B1
B Failback
D E F E1 F2
G H I
This video explains this process with the inclusion of a simple whiteboard. -
https://veeam.wistia.com/medias/p98na40e6q
Failback to production
If you want to resume operation of a production VM, you can fail back to it from a VM replica. When you perform
failback, you go back from the VM replica to the original VM, shift your I/O and processes from the target host to the
production host and return to the normal operation mode.
If you want to resume operation of a production VM, you can fail back to it from a VM replica. When you perform
failback, you go back from the VM replica to the original VM, shift your I/O and processes from the target host to the
production host and return to the normal operation mode.
261
Undo failback 10.1.6
A1
A B1
B C
D E F1
E1 F2
G H I
Failover
A B C B1
B Failback
D E F E1 F2
G H I
This video explains this process with the inclusion of a simple whiteboard. -
https://veeam.wistia.com/medias/p98na40e6q
Undo failback
If the original VM is not working as expected after the failback operation, you can undo failback and get back to the VM
replica.
If the production VM is not working as expected, failback can be undone and operations are moved back to the VM
replica
The VM replica returns to the failover state
262
Commit failback 10.1.7
A1 B1
B C
D E1
E F2
F1
G1
G H I
Failover
A B C B1
B Failback
D E F E1 F2
G H I
This video explains this process with the inclusion of a simple whiteboard. -
https://veeam.wistia.com/medias/p98na40e6q
Commit failback
To confirm failback and finalize recovery of the original VM, you need to commit failback.
When you commit failback, you confirm that you want to get back to the original
VM. Veeam Backup & Replication gets back to the normal operation mode and resumes replication activities for the
original VM to which you failed back.
263
Failover plan 10.1.8
When?
Primary group of interdependent VMs is out of service for any reason
Failover plan must be prepared in advance
What?
A preset scenario for one-click failover for a group of interdependent VMs
You can set order for the VMs in the plan, and the delay intervals to make sure
that some VMs are already running at the moment the dependent VMs start
What’s next?
If necessary, you can undo failover to switch the workload back to source VMs discarding
the changes that were made to the replicas during failover
Failover plan
If you decide to commit failover or failback, you need to process every VM individually. Although you can undo failover
for the whole group using the undo failover plan option.
Note: The maximum number of VMs that you can start simultaneously when you run a failover plan is 10.
264
Planned failover 10.1.9
When?
If you know that your primary VMs are going to go offline
Maintenance or software upgrade of the primary VMs
Advance notice of a disaster approaching that will require taking the primary servers offline
What?
Smooth manual switching from a primary virtual machine to its replica with minimum
interrupting in operation
What’s next?
The finalizing options for a planned failover are similar to those of an unplanned failover:
undoing failover, permanent failover or failback and commit failback
Planned failover
You can use the planned failover, for example, if you plan to perform datacenter migration, maintenance or software
upgrade of the primary VMs. You can also perform planned failover if you have an advance notice of a disaster
approaching that will require taking the primary servers offline.
265
Planned failover process 10.1.10
Original VM VM
Incremental
replication run
Replica
VM replica in
failover state
VM
Snapshot Source host Target host
Planned failover
Smooth manual switching from a primary virtual machine to its replica with minimum interruption in operation
Everything is transferred from production VM to replica VM, no data is lost
During planned failover, Veeam Backup & Replication always retrieves VM data from the production infrastructure, even
if the replication job uses the backup as a data source. This approach helps Veeam Backup & Replication synchronize the
VM replica to the latest state of the production VM.
If you start planned failover for several VMs that are replicated with one replication job, these VMs will be processed one
by one, not in parallel.
Each planned failover task for each VM is processed as a separate replica job session. If a backup proxy is not available
and the session has to wait for resources, job sessions for other VMs in the same task cannot be started before the
current session is finished.”
Note: A planned failover cannot be performed if the replication job is running for the VM replica in question or the VM
replica is in the failover state.
266
Perform a failover (snapshot) 10.1.11
267
Perform a failover (CDP) 10.1.12
268
Replica recovery example scenarios 10.1.13
Power utility advises power will be cut this afternoon and outage will last longer than backup power
Perform planned failover
269
Perform a failback (snapshot or CDP) 10.1.14
Possible destinations:
Failback to the original VM
Failback to the original VM restored in a different location
Failback to the specified location (original VM is lost)
270
Failback example scenarios 10.1.15
Manually switch when you are ready (can be changed to a schedule later)
Use manual mode
At the Failback Mode step of the wizard, specify when switch from replicas to production VMs must be performed:
• Select Auto if you want Veeam Backup & Replication to perform the switch automatically right after the state of
the production VMs is synchronized with the state of their replicas.
• Select Scheduled if you want Veeam Backup & Replication to perform the switch at a specific time.
• Select Manual if you want to perform the switch manually.
If you select the Scheduled or Manual option, you can further reset/set the scheduled time or switch to the
production VM manually.
271
Feature comparison snapshot and CDP 10.1.16
Planned failover + -
Failover plan + +
Network throttling + +
Preferred networks + +
Cloud Connect + -
272
Introduction
Environmental configuration
Configuration backup
© 2021 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
273
11.1 SureBackup overview
274
SureBackup: Key benefits 11.1.1
With Veeam® SureBackup® technology you can automatically verify the recoverability
of every backup and replica.
Operational risk
If a company cannot recover from a system failure, it may not be able to serve its customers causing a loss of revenue and
client’s loyalty.
The risk increases by not responding in time to the needs of users like business applications, developers, and business
users which leads to a delay of a response to key customers needs and wants.
Use SureBackup to avoid manual testing once or twice a year and instead start automatically testing every day or as
frequent as the business demands.
275
SureBackup: How does it work 11.1.2
ESXi / Hyper-V
vPower®
Windows backup
repository
In the virtual lab, it starts VMs from the application group in the required order. VMs from the application group remain
running until the verified VMs are booted from backups and tested.
Once the virtual lab is ready, Veeam Backup & Replication starts verified VMs from the necessary restore point, tests and
verifies them one by one or, depending on the specified settings, creates several streams and tests a number of VMs
simultaneously.
Once the verification process is complete, VMs from the application group
are powered off. Optionally, you can leave the VMs from the application group running
to perform manual testing or enable user-directed application item-level recovery.
276
Backup recovery verification 11.1.3
Virtual lab
Application Heartbeat
group Linked job(s)
Ping
Proxy
appliance App
Production
vSwitch Report
Isolated network
Hypervisor
vPower
In the virtual lab, it starts VMs from the application group in the required order. VMs from the application group remain
running until the verified VMs are booted from backups and tested.
Once the virtual lab is ready, Veeam Backup & Replication starts verified VMs from the necessary restore point, tests and
verifies them one by one or, depending on the specified settings, creates several streams and tests a number of VMs
simultaneously.
Once the verification process is complete, VMs from the application group
are powered off. Optionally, you can leave the VMs from the application group running
to perform manual testing or enable user-directed application item-level recovery.
277
Veeam Virtual Lab Networking 11.1.4
192.168.1.X
10 20 30 10 20
100 1
Prod
Proxy Appliance Default
Gateway
Address
Isolated network
(No Uplink to Prod)
Physical NIC
Production Network
278
Optional additional checks 11.1.5
The backups can also be tested for corruption (any file system) as well as scanned for
potential virus/malware threats (Windows only)
After the Ping, Heartbeat and Application test are executed. The SureBackup job can do both a backup file integrity check
and/or scan the restore point or snapshot for potential virus threats.
In addition to recovery verification tests, Veeam Backup & Replication allows you to perform backup file validation — a
CRC check that runs for backup files of VMs verified by the SureBackup job.
279
Replica recovery verification 11.1.6
Application
Virtual lab
group Linked job(s)
Heartbeat
Ping
Proxy
appliance App
DR
vSwitch Report
Isolated network
VMware ESXi
Production storage
To guarantee recoverability of your data, Veeam Backup & Replication provides the usage of SureBackup recovery
verification technology with replicas.
It lets you validate your DR environment without impacting the production infrastructure. You can automatically verify
every created restore point of every VM replica and ensure that they are functioning as expected.
The SureBackup technology is not limited only to VM replica verification. It also provides the following capabilities:
280
11.2 Sandbox
281
On-Demand Sandbox 11.2.1
VM backups
VM replicas
Storage snapshots
Primary storage Storage Isolated
snapshot sandbox
On-Demand Sandbox
Using the virtual lab feature to create an isolated environment for testing, troubleshooting or training.
From the technical standpoint — leave the application group running after the VM restore point verification completes.
282
Lab 8:
Testing backup and replication
(estimated 45 minutes)
1. Create a basic single-host virtual lab for automated testing
of backups
283
Introduction
Environmental configuration
Configuration backup
© 2021 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
284
12.1 Veeam Backup
Enterprise Manager
285
Enterprise Manager (overview) 12.1.1
Federates several Veeam® Backup & Replication™ servers: view statistics, reports
Centralized license management
Start, stop, clone and edit jobs.
Enables 1-click restore for files, VMs and application-items
Provides granular rights delegation for administration and restore
Password loss protection
Veeam Backup & Replication helps your organization optimize performance in remote office/branch office (ROBO) and
large-scale deployments while maintaining a view of your entire virtual environment through Veeam Backup Enterprise
Manager. This is a management and reporting component that allows you to manage multiple Veeam Backup &
Replication installations from a single web console.
Note: Veeam Backup Enterprise Manager keys help you to restore encrypted data in case of lost or forgotten
password used for encryption. If the Veeam Backup Server on which you encrypt data is added to Veeam Backup
Enterprise Manager, Veeam Backup & Replication employs the public Enterprise Manager key in the encryption
process. To decrypt backups or tapes encrypted with the public Enterprise Manager key, you can apply a matching
private Enterprise Manager key, instead of a password. The private Enterprise Manager key unlocks the underlying
storage keys and lets you access the content of an encrypted file.
286
Enterprise Manager (file indexing) 12.1.2
When you run a backup job with the file indexing option enabled, Veeam Backup & Replication indexes the VM file
system, collects indexing data and saves it in the Veeam Backup Catalog folder on the Veeam backup server.
During the next catalog replication session started on Veeam Backup Enterprise Manager, indexing data from the Veeam
Backup server is replicated to the Veeam Backup Catalog on Veeam Backup Enterprise Manager server. By federating
indexing data from all connected Veeam Backup Servers, the Veeam backup catalog service on Veeam Backup Enterprise
Manager creates a global catalog for the whole backup infrastructure.
287
Enterprise Manager 12.1.3
Portal admin
Portal user
Restore operator
Veeam Backup & Replication helps your organization optimize performance in remote office/branch office (ROBO) and
large-scale deployments while maintaining a view of your entire virtual environment through Veeam Backup Enterprise
Manager. This is a management and reporting component that allows you to manage multiple Veeam Backup &
Replication installations from a single web console.
Note: Veeam Backup Enterprise Manager keys help you to restore encrypted data in case of lost or forgotten
password used for encryption. If the Veeam Backup Server on which you encrypt data is added to Veeam Backup
Enterprise Manager, Veeam Backup & Replication employs the public Enterprise Manager key in the encryption
process. To decrypt backups or tapes encrypted with the public Enterprise Manager key, you can apply a matching
private Enterprise Manager key, instead of a password. The private Enterprise Manager key unlocks the underlying
storage keys and lets you access the content of an encrypted file.
288
Course feedback
Before we continue with the final module, please visit the link
shown to give feedback on the course.
https://www.surveymonkey.com/r/VMCE11
Veeam will use the feedback you provide in order to develop the
course and ensure that future course participants get the best
possible experience.
289
Introduction
Environmental configuration
Configuration backup
© 2021 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
290
13.1 Veeam ONE
291
Veeam ONE overview 13.1.1
Why?
Enables real-time monitoring, business documentation and management reporting
To collect information about the managed virtual infrastructure and track the efficiency of data protection, you must
configure connections to VMware vSphere, vCloud Director, Microsoft Hyper-V virtual management servers and Veeam
Backup & Replication servers in Veeam ONE client. Configured connection settings are automatically propagated to
all Veeam ONE components.
292
Veeam ONE components (Server) 13.1.2
Server side:
Veeam ONE Web Services
Veeam ONE Server
Primarily used to render reports.
Collects data from connected sources
Server-side component of the Veeam
and stores it to the database.
ONE Web Client
Services installed: Monitoring service,
Can be deployed to the same server as
Reporting service, Error reporting
the Veeam ONE Server or a different
service, Web API
server
Veeam ONE can be installed on either a physical or virtual machine; however, it must be running Microsoft Windows.
293
Veeam ONE components (Client) 13.1.3
By default, Veeam ONE agent client is deployed on Veeam Backup & Replication servers when you connect these servers
to Veeam ONE.
294
Veeam ONE Client 13.1.4
Monitor alarms
View VM/Agent/file
backup job status and
statistics
Manage/configure
intelligent diagnostics
Backup infrastructure
The backup infrastructure summary dashboard shows the latest state of data protection operations in the virtual
environment and indicates the most intensively used resources in the backup infrastructure.
VM jobs status, agent jobs and policies status, file backup jobs status
The charts reflect the latest status of VM protection jobs, agent protection jobs and policies, and file protection jobs for
the selected level of the backup infrastructure hierarchy.
Every chart segment shows how many jobs ended with a specific status — failed jobs (red), jobs that ended with warnings
(yellow), successfully performed jobs (green), and jobs that are currently running (blue).
295
Veeam ONE Client: alarms 13.1.5
Alarms include:
VMware vSphere and vCloud Director alarms
Microsoft Hyper-V alarms
Veeam Backup & Replication alarms
Internal alarms for monitoring issues with Veeam ONE
And many more…
Veeam ONE includes a set of alarms monitor the efficiency of Veeam Backup & Replication data protection in the virtual
environment.
Predefined data protection alarms are configured to warn you about events or issues that can cause loss of data or
prevent Veeam Backup & Replication infrastructure from functioning properly:
Connectivity issues and inability of backup infrastructure components to communicate with each other
State of Veeam Backup & Replication software installed on backup infrastructure components
Failing jobs or jobs finished with warnings
Configuration issues, such as fast decreasing space on backup repositories or cloud repositories
Long-running jobs that exceed the backup window
Product license and prepaid support contract
On the alarms dashboard, you can view triggered alarms, track alarm history, resolve and acknowledge alarms and
perform other actions. For more information on working with triggered alarms
296
Veeam ONE Web Client: dashboard 13.1.6
Veeam ONE Web Client analyzes data collected from VMware vSphere, Microsoft Hyper-V and Veeam Backup &
Replication servers. Web Client provide structured information to help you examine historical data for the managed
backup infrastructure and virtual environment. You can view reports in the web browser, export them to various
formats, or schedule automatic report delivery by email, to disk or a network share.
Veeam ONE Web Client includes three working areas — dashboards, workspace and configuration.
Dashboards
In the dashboards section, you can work with predefined and custom dashboards. Veeam ONE dashboards provide
at-a-glance view on the state of the Veeam Backup & Replication infrastructure and virtual environment, and
present information on the health state, performance, configuration and other aspects of the managed
environment.
Workspace
In the workspace section, you can work with reports and deployment projects.
Reports provide an insight into performance, health state, configuration and efficiency aspects of the Veeam Backup
& Replication infrastructure and virtual environment.
Deployment projects allow you to predict future resource utilization and plan resource reservations in the virtual
environment
Configuration
In the configuration section, you can configure Veeam ONE settings and perform administrative tasks, such as
scheduling data collection for reports and dashboards.
297
Veeam ONE Web Client: reports 13.1.7
Dashboards are composed of widgets that display various aspects of the managed environment. Every widget is located
in a separate cell, or entry, in the dashboard.
298
Generating reports 13.1.8
Generating reports
To obtain a point-in-time view of your virtual infrastructure and data protection operations, you can create reports from
the Veeam ONE Client console.
299
Business View monitoring 13.1.9
VMs
Hosts
Clusters
Datastores
Computers protected with Veeam Agent
Veeam ONE Client can present your virtual infrastructure from the technical perspective (in terms of VMware
vSphere or Microsoft Hyper-V inventory), and from the business perspective (based on your company needs and
priorities). Veeam ONE Client presents infrastructure objects from the business perspective using categorization
capabilities provided by the embedded business view component.
Business view allows you categorize virtual and backup infrastructure objects — VMs, hosts, clusters, datastores and
computers protected with Veeam Backup Agent for Microsoft Windows and Veeam Backup Agent for Linux — according
to constructs of your business. You can categorize virtual infrastructure objects by such criteria as business unit,
department, purpose, SLA and others. Categorization data is continuously synchronized with Veeam ONE
Client and Veeam ONE Web Client, and enables you to monitor, troubleshoot, resolve issues and report on business
groups of infrastructure objects.
300
Lab 9:
Configuring Veeam ONE
(estimated 45 minutes)
1. Add the Microsoft Hyper-V server to the Veeam ONE server
301
Introduction
Environmental configuration
Configuration backup
© 2021 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
In this section:
302
14.1 Configuration backup
303
Performing configuration backup 14.1.1
and restore
Exports configuration data for all Veeam® Backup & Replication™
objects:
Backup infrastructure
Backups Sessions Tapes
components and objects
Hosts, servers, backup proxies,
Backups, replicas Job sessions Tape libraries
repositories, WAN accelerators
and backup copies performed on the connected to the
and jobs, global settings
created on the backup server. backup server.
configured on the backup
backup server.
server and so on.
You can back up and restore a Veeam Backup & Replication configuration database.
If the backup server fails for some reason, you can reinstall the backup server and quickly restore its configuration from
the configuration backup file (.bco). You can also use configuration backups to apply the configuration of one backup
server to another backup server in your backup infrastructure.
304
Creating configuration backups 14.1.2
Exports configuration data for all Veeam Backup & Replication objects:
How?
Veeam Backup & Replication retrieves configuration data for the Veeam Backup Server from the SQL database, writes this
data into a set of .xml files and archives these .xml files to a .bco file.
Why?
You can reinstall the Veeam Backup Server and then quickly restore its configuration from the backup file.
When?
It is recommended that you regularly create a configuration backup for every Veeam Backup Server in your backup
infrastructure.
305
Restoring configuration data 14.1.3
Important! Before you start the restore process, stop all jobs that are currently running. During restore
of configuration, Veeam Backup & Replication temporary stops the Veeam backup services and jobs.
To restore data from the configuration backup, you can use one of two methods: data restore and data migration.
Select restore if you want to restore data from the configuration backup on the same Veeam Backup Server where this
backup was created
Select migrate if you want to restore data from the configuration backup on a new Veeam Backup Server
Important! Before you start the restore process, stop all jobs that are currently running. During restore of configuration,
Veeam Backup & Replication temporary stops the Veeam backup services and jobs.
306
Veeam Availability Suite v11:
Configuration and Management
307