VMCE11 - Student Guide

Veeam Availability Suite™ v11:
Configuration and Management
Student Guide
© 2021 Veeam Software. Confidential information. All rights reserved.
All trademarks are the property of their respective owners. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or
translated into any language in any form by any means, without written permission from Veeam Software Inc (Veeam). The information contained in this document
represents the current view of Veeam on the issue discussed as of the date of publication and is subject to change without notice. Veeam shall not be liable for
technical or editorial errors or omissions contained herein. Veeam makes no warranties, express or implied, in this document. Veeam may have patents, patent
applications, trademark, copyright, or other intellectual property rights covering the subject matter of this document. All other trademarks mentioned herein are the
property of their respective owners. Except as expressly provided in any written license agreement from Veeam, the furnishing of this document does not give you
any license to these patents, trademarks, copyrights, or other intellectual property.
Please read the End User Software License Agreement before using the accompanying software program(s). Using any part of the software indicates that you
accept the terms of the End User Software License Agreement.
Document Revision: 20211124

Veeam Availability Suite v11:
1
Course Overview
© 2020 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
Printing the Facilitator Guide

In order to print the supporting Facilitator Guide, select notes pages under print layout in the print settings section.
Creating additional space for notes:

If you need additional space for notes, add a hidden slide to the Presentation.
In order to print a page for hidden slides, be sure to select print hidden slides at the bottom of the Print dialog box.
Course materials
PPT with slides and built-in Facilitator Guide
Student Notebook: A copy of the slides with a space for students to take notes.
Student Guide: A copy of the slides with Veeam notes below.
2
Version Control
Last update
V20210531: Release
V20210909: Content updates and corrections, minor animation updates
V20211111: Cover update
V20211124: Content updates and corrections, minor animation updates
3
1: Introduction
4
Introduction FIRST LOOK
Environmental configuration AND SETUP
Building backup capabilities
Building replication capabilities
Second backup location

PROTECTION
STRATEGIES
Advanced repository functionality
Protecting data in the cloud
Restoring from backup
Object recovery
RESTORE
Recovery from replica STRATEGIES
Testing backup and replication
Veeam® Backup Enterprise Manager
Veeam ONE™ overview

VAS
SUPPLEMENTS
Configuration backup
5
Overview of what can be protected 1.2
vSphere (vCenter, ESXi)
Hyper-V (SCVMM. Server)
Nutanix Acropolis Hypervisor (Prism)
NAS (SMB, NFS, Windows or Linux managed file server share)
Agents (Windows, Linux, UNIX, Mac)
Overview of what can be protected
vSphere (vCenter, ESXi)

Hyper-V (SCVMM. Server)
AHV - ensure the class are made aware that AHV, although supported, is not covered within the Veeam Availability Suite
v11: Configuration and Management class
NAS (SMB, NFS, Windows or Linux managed file server share)
Agents (Windows, Linux, UNIX (Solaris & AIX). Mac)
6
RPO and RTO 1.3
RPO (Recovery Point Objective) RTO (Recovery Time Objective)

Point in time to which system’s Amount of time within which
data must be recovered a system must be recovered
after an outage after an outage
RTO/RPO
Describe the graphic shown on screen in, highlighting RPO and RTO
Naturally we would like both of these figures to be as close to zero as possible. What stops us having an RPO and RTO of
zero?
Cost – we are essentially balancing business risk and cost.
7
3-2-1 Rule 1.4
Backup specialists agree that in order to ensure recoverability you need:
Three different Two different media One offsite copy Of which is: No errors after
copies of data offline air-gapped automated backup
or immutable testing and
recoverability
verification
3-2-1 rule
Three different copies of data:

• Production data (copy of data – one)
• Back up of production data (copy of data – two)
• Copy of back up of production data (copy of data – three)
How many in this class today can say that they are operating in an environment that meets the 3-2-1 rule?
Use the answers to this question to generate discussion.
Use this opportunity to find out more about the different environments people are working within.
8
Backup options 1.5
SOBR
Backup
proxy 1
Veeam Backup Primary Primary Primary

& Replication backup backup backup Object storage
console repository repository repository (Cloud)
Backup
proxy 2
Copy
Cloud
Backup server Primary backup repository
Backup repository (VCC)
proxy 3
Copy
Primary backup Tape

Tape server
repository device
Backup options
The diagram shows many of the concepts we will be covering in class. As class proceeds, you can go back and reference
this slide to show and reinforce the lesson.
9
Introduction
Environmental configuration
MODULE 2: Building replication capabilities
Environmental Second backup location

Configuration Protecting data in the cloud
2.1 Veeam components Object recovery
Recovery from replica

2.2 Deployment types Testing backup and replication
2.3 Global settings and job filter view Veeam Backup Enterprise Manager
2.4 Data location tagging Veeam ONE™ overview
In this section:
Veeam components
Deployment types
10
2.1 Veeam components
Backup server
Proxy server
Backup repository
11
Backup server 2.1.1
Coordinates backup, replication, recovery

verification and restore tasks
Controls job scheduling and resource allocation
Is used to set up and manage backup

infrastructure components, as well as to specify
global settings for the backup infrastructure
Backup server
The backup server is a Windows-based physical or virtual machine on which Veeam Backup & Replication is installed. It is
the core component in the backup infrastructure that fills the role of the “configuration and control center.” The backup
server performs all types of administrative activities, including:
Coordinating backup, replication, recovery verification and restore tasks

Controlling job scheduling and resource allocation
To set up and manage backup infrastructure components, as well as to specify global settings for the backup
infrastructure
In addition to its primary functions, a newly deployed backup server also performs the roles of the default backup proxy
and the backup repository (it manages data handling and data storing tasks).
12
Backup proxy server 2.1.2
Retrieving VM data from the production storage

Deduplicating
Compressing
Encrypting
Sending data to the backup repository or another

backup proxy
Proxy server
A backup proxy is an architecture component that sits between the backup server and other components of the backup
infrastructure. While the backup server administers tasks, the proxy processes jobs and delivers backup traffic.
Basic backup proxy tasks include the following:

Retrieving VM data from the production storage
Compressing
Deduplicating
Encrypting
Sending data to the backup repository (for example, if you run a backup job) or another backup proxy (for example, if you
run a replication job)
13
Gateway server 2.1.3
"Bridges" the backup server and backup

repository
It is required for any shared folder backup

repository and some deduplication storage
appliances
Gateway server
A gateway server is an auxiliary backup infrastructure component that “bridges” the backup server and backup
repository.
The gateway server is required if you deploy the following types of backup repositories in the backup infrastructure:
Shared folder backup repositories
Dell EMC Data Domain deduplicating storage appliance
HPE StoreOnce deduplicating storage appliance
14
Backup repository 2.1.4
Direct attached storage
Network attached storage
Deduplicating storage appliances
Object storage*
Backup repository server
A backup repository is a storage location where Veeam keeps backup files, VM copies and metadata for replicated
VMs. To configure a backup repository, you can use the following storage types:
Direct attached storage. You can add virtual and physical servers as backup repositories both Microsoft Windows servers
and Linux servers
Network attached storage. You can add CIFS (SMB) shares as backup repositories.
Deduplicating storage appliances.
Object storage. You can use cloud storage services as backup repositories.
* Let learners know that backups cannot be made directly to Object Storage
15
2.2 Deployment types
Simple deployment
Advanced deployment
Backup options (reference for knowledge check)
Data location tagging
Defining data location
16
Simple deployment 2.2.1
Veeam Backup
& Replication™
Backup proxy Backup Veeam Backup

server repository & Replication
console
Simple deployment
So what does a simple “next next finish” deployment of Veeam Backup and Replication look like?
This diagram gives an outline to our starting point – as we progress through the course we will expand on this diagram.
17
Advanced deployment 2.2.2
Backup proxy
server
Veeam Backup
& Replication Backup server
console
Backup
repository
Advanced deployment
In large-scale virtual environments with a large number of jobs, the load on the backup server is heavy. In this case, it is
recommended that you use the advanced deployment scenario that moves the backup workload to dedicated backup
infrastructure components. The backup server here functions as a "manager" for deploying and maintaining backup
infrastructure components.
18
2.3 Global settings and job
filter view
19
Global Settings 2.3.1
Located in the main menu, key

settings:
Global Network Traffic Rules

In-flight encryption
Traffic throttling
Preferred networks
Storage Latency Control

Control load on production
storage
E-mail/SMTP server settings
The global network traffic can be used for three key settings:
• Enforcing in-flight encryption of networking traffic (enabled by default for non-private IP ranges)
• Throttling network traffic (can be scheduled)
• Preferred networks (used to control which network two Veeam Data Mover services will use to communicate if they
both have that network in common)
Storage Latency Control

• Used to control Veeam’s load on the production storage. Can be customized on a per-datastore/volume level.
• In the Stop assigning new tasks to datastore at field, specify the I/O latency limit at
which Veeam Backup & Replication must not assign new tasks targeted at the datastore.
• In the Throttle I/O of existing tasks at field, specify the I/O latency limit at which Veeam Backup & Replication must
decrease the speed of data retrieval or writing to/from the datastore. When the I/O latency for this datastore reaches
this value, the Veeam Data Mover working with this datastore will slow down data retrieval or writing.
20
Job filter-based views 2.3.2
Add filtered view directly

to management tree
A job filter allows you to filter jobs by different parameters. For example, you can create a filter that will show only VM
backup copy jobs.
To show jobs that include any of the specified keywords, separate these keywords by a semicolon without a space. For
example, if you enter "Backup Job;Daily", Veeam Backup & Replication will show all jobs that include "Backup
Job" or "Daily" keywords in their names.
NOTE:
Only the user who creates filters can access them — that is, other users cannot use these filters.
https://helpcenter.veeam.com/docs/backup/vsphere/job_filter.html?ver=110
21
2.4 Data location tagging
22
Data location tagging 2.4.1
A list of locations (tags) in Veeam

Backup & Replication. The tags can
be assigned to infrastructure
objects for example:
Geographical region
Country
To control data migration in the virtual infrastructure, Veeam Backup & Replication introduces a notion of location. A
location defines a geographical region, or country, in which an infrastructure object resides. You can create a list of
locations and assign to backup infrastructure objects information about locations to which they belong.
Veeam Backup & Replication allows you to assign information about locations to the following infrastructure objects:
Virtual infrastructure objects: vCenter Servers, datacenters, clusters and hosts.

Backup infrastructure objects: simple backup repositories, Scale-out Backup Repositories, tape libraries and tape vaults.
Agent management objects: protection groups.
23
Defining data location tagging 2.4.2
objects
Useful for GDPR compliance
Defining virtual objects

vCenter
Datacenter
Cluster
Hosts
Defining backup objects

Simple repositories
Scale-out Backup Repositories
Tape libraries
Location tags are used to prevent accidental errors when configuring backup and replication jobs or performing out-of-
place restores, by issuing a warning when an action may result in a data sovereignty violation and producing audit trails
whenever such action is confirmed.
Information about infrastructure object’s location is stored in the Veeam Backup & Replication configuration database.
When VM data in the virtual infrastructure migrate from one location to another, Veeam Backup & Replication displays a
warning and stores a record about data migration to job or task session details. In addition to
it, Veeam Backup & Replication logs this information to Microsoft Windows event logs. For example, if you back up VMs
from a host that resides in Germany to a backup repository that resides in Australia, Veeam Backup & Replication will
display a warning that VM data changes its location in the backup job wizard, display information about data migration in
the backup job session details and log it to Microsoft Windows event logs.
24
Introduction
MODULE 3: Building backup capabilities
Building Backup Building replication capabilities
Capabilities Second backup location
Protecting data in the cloud
3.1 VM backup Restoring from backup
3.2 Backup job modes Object recovery
3.3 Backup optimizations Recovery from replica
3.4 Agent backup capabilities Testing backup and replication
3.5 NAS backup capabilities Veeam Backup Enterprise Manager
3.6 Transport modes Veeam ONE™ overview
25
3.1 VM backup
26
Virtual machine backups 3.1.1
How?
Image-level backups using hypervisor-level snapshots are processed by the Veeam Data Movers.
Consistency?
Crash-consistent backups or application consistent backups are possible.
Limitations?
Certain hypervisor features can prevent snapshots, which will prevent image-level backups.
Latency sensitive servers. Such virtual machines can be protected using a Veeam Agent instead.
Examples of vSphere features that can prevent snapshots: Physical raw device mappings, SCSI bus sharing (shared VMDK),
independent mode virtual disk.
If a snapshot cannot be made by Veeam, try creating it manually. It may be required to involve for example VMware
support if manual snapshots cannot be created.
To create a VM snapshot, the VM is “stunned” in order to (i) serialize device state to disk, and (ii) close the current
running disk and create a snapshot point. The process is the same for both Windows and Linux. However with VSS
integration for Windows guests, this may cause an increase in file system operations, and so it may take longer to
complete a “stun” operation in these guests.
Great blog post: https://cormachogan.com/2015/04/28/when-and-why-do-we-stun-a-virtual-machine/
27
Backup architecture - Data movers 3.1.2
Backup
server
Veeam
Data Mover
Service
Veeam
Data Mover
Service
Source host
Repository server
Backup proxy
VM backup architecture – data movers
In it’s simplest form Veeam Backup & Replication uses the following components for the backup process:
One or more source hosts with associated datastores

One or more backup proxies
Backup repository
All backup infrastructure components engaged in the job make up a data pipe. The source host and backup repository
produce two terminal points for the dataflow. Veeam Backup & Replication processes VM data in multiple cycles, moving
VM data over the data pipe block by block.
Veeam Backup & Replication collects VM data, transforms and transports it to target with the help of Veeam Data
Movers. Veeam Backup & Replication uses two-service architecture — one Veeam Data Mover controls interaction with
the source host, and the other one controls interaction with the backup repository. The Veeam data movers
communicate with each other and maintain a stable connection.
To back up to a Microsoft Windows or Linux backup repository in the local site, you need to deploy a backup proxy on a
machine that has access to the source datastore, and point the backup job to this backup proxy. In this scenario, the
source-side Veeam Data Mover is started on the backup proxy, and the target-side Veeam data mover is started on the
Microsoft Windows or Linux repository. VM data is sent from the backup proxy to the backup repository over the LAN.
To back up to a shared folder in the local site, you need to deploy a gateway server that has access to the shared folder
backup repository. You can use the same Microsoft Windows machine as the backup proxy and gateway server for SMB.
In this scenario, Veeam Backup & Replication starts the source-side and target-side Veeam data movers on the same
machine, and sends VM data from the backup proxy to the shared folder backup repository over the LAN.
28
Guest processing/interaction 3.1.3
Why?
Certain capabilities such as application consistency or indexing will require execution inside the virtual machine.
Capabilities?
Application/transactionally consistency through VSS or custom pre-freeze and post-thaw scripts
Transaction log backup (Microsoft SQL Server and Oracle)
File system indexing
How?
Credentials must be provided in order to inject a runtime (and custom scripts if used) into the virtual machine. The
runtime is pushed out from what is known as a Guest Interaction Proxy or can optionally be installed on each virtual
machine (persistent agent)
Guest processing
If you back up or replicate running VMs, you can enable guest processing options. Guest processing options are advanced
tasks that require Veeam Backup & Replication to communicate with the VM guest OS. Veeam Backup & Replication
offers the following guest processing options:
Application-aware processing. You can create transactionally consistent backups and replicas of VMs that run Microsoft
Active Directory, Microsoft Exchange, Microsoft SharePoint, Microsoft SQL Server or Oracle. The transactionally
consistent backup guarantees proper recovery of these applications without data loss.
Pre-freeze and post-thaw scripts. You can use pre-freeze and post-thaw scripts to quiesce VMs running applications that
do not support Microsoft VSS.
Transaction log truncation. You can set the backup or replication job to truncate transaction logs on the VM guest OS
after the VM is successfully processed.
Transaction logs backup for Microsoft SQL Server and Oracle. You can set up the backup job to back up transaction logs
from Microsoft SQL Server and Oracle VMs.
VM guest file system indexing. You can set up the backup job to create a catalogue of files and folders on the VM guest
OS. The catalogue lets you search for VM guest OS files and 1-click restore in Veeam Backup Enterprise Manager.
VM guest file system indexing is optional. If you do not enable this option in the backup job settings, you will still be able
to perform 1-click restore from the backup created with such backup job.
VM guest OS files exclusion. You can exclude/include individual files and folders from/to backup or replica.
29
Guest interaction proxy 3.1.4
Application-aware processing
Transaction log processing
Guest file system indexing
Only used for processing Windows targets
Guest interaction proxy
The guest interaction proxy is a backup infrastructure component that sits between the backup server and processed
VM. This component is needed if the backup or replication jobs perform the following processing of VMs:
Application aware image processing

Transaction logs processing
Only used for processing Windows targets – for processing non-Windows targets the Backup Server is used for
processing.
30
Snapshot removal concerns (vSphere) 3.1.5
What is the issue?

Veeam creates snapshots as a part of image-level backups. It also automatically removes them.
Problems removing a snapshot?

Veeam makes an API call to vSphere who in turn removes the snapshot. This process can time out for example due to
overtaxed production storage.
Solution?
When snapshot removal times out, the Veeam Snapshot Hunter will be launched in the background and automatically
find and consolidate Veeam-related snapshots.
Veeam Backup & Replication checks the datastore to discover orphaned snapshot files. To consolidate these files with the
VM disks, Veeam Backup & Replication calls a consolidation algorithm. The algorithm consists of three steps, each
representing a VMware method.
VMware Consolidate method

1. As a first attempt, Veeam Backup & Replication calls the VMware Snapshot Consolidate method. This method is the
same mechanism that VMware vSphere uses for VMs with the Needs Consolidation status.
2. Hard consolidation without quiesce
1. If the first attempt fails, Veeam Backup & Replication creates a new snapshot and calls the VMware Delete all
snapshots method. As a result, all VM snapshots and associated files are deleted. The snapshot is taken
without quiescing the VM.
3. Hard consolidation with quiesce
1. If the snapshot deletion still fails, Veeam Backup & Replication implies another VMware method that creates
a quiesced snapshot and then removes all VM snapshots.
NOTE
Hard consolidation without quiesce and hard consolidation with quiesce are performed only if the VM does not have any
user snapshots. In case there are one or more user snapshots, these steps will not be performed.
Full details: https://helpcenter.veeam.com/docs/backup/vsphere/snapshot_hunter_hiw.html?ver=110
31
3.2 Backup job modes
32
Backup job modes overview 3.2.1
Reverse incremental backup Incremental backup
• Forever forward incremental backup method

• Forward incremental backup method
Backup job modes
Reverse incremental backup
The reverse incremental backup method produces a backup chain that consists of the last full backup file (VBK) and a set
of reverse incremental backup files (VRB) preceding it.
Forever forward incremental
The forever forward incremental backup method produces a backup chain that consists of the first full backup file (VBK)
and a set of forward incremental backup files (VIB) following it.
Forward incremental
The forward incremental backup method produces a backup chain that consists of the first full backup file (VBK) and a set
of forward incremental backup files (VIB) following it. Additionally, the forward incremental backup chain contains
synthetic full and/or active full backup files that “split” the backup chain into shorter series.
33
Selecting a backup job mode 3.2.2
Reverse incremental
Forward incremental
Forever forward incremental
A forward incremental backup

chain without a periodic full
backup, will become a forever
forward backup chain
Advanced job settings
Advanced settings are where the backup mode is set up. The following section will investigate the different backup
modes and retention policies.
34
Reverse incremental 3.2.3
Retention settings: keep four points; run once/day
Source data blocks: A1

A2
A3 B3
B1
B2
B4 C1
C2 D3
D1
D2
A1 A2 A3
B1 B2 B3 B4
C1 C2
D1 D2 D3
Mon Tue Wed Thu Fri Sat Sun Mon Tue

1 2 3 4 5 6 7 8 9
Retention for reverse incremental backup example: four restore points
When you define retention policy, you specify how ‘far’ you want to be able to roll back and thus, how many restore
points will be kept. Once the specified number is exceeded, the earliest restore point will be removed automatically.
In reverse incremental backup, Veeam Backup & Replication immediately deletes the earliest reverse increment as soon
as it meets the retention policy.
35
Forever forward incremental 3.2.4
Retention settings: keep four days; run once/day

A1
A2 B1
B2
B3
B4 C2
C1 D2
D1
D3
A1
B1
C1
D1 B2 A2 A3 C2 B3 D2 B4 D3

1 2 3 4 5 6 7 8 9
Retention for forever forward incremental backup example: three restore points
If the number of restore points in forever forward incremental backup chains exceeds the retention policy settings,
Veeam Backup & Replication transforms the backup chain to make room for the most recent restore point.
As a result, you will have the exact number of restore points indicated in the job settings in the repository folder.
36
Forward incremental – synthetic full 3.2.5
Retention settings: keep four days; run once/day; synthetic full Saturday

A1
A2 B3
B1
B2
B4 C2
C1 D3
D1
D2
A1
B1 B3
C1
D1 B2 A2 A3 C2 D2 B4 D3

1 2 3 4 5 6 7 8 9
One click per day (nine total)

Synthetic full backup created on Saturday (Blocks come from the repository)
Retention is applied after day nine
37
Forward incremental – active full 3.2.6
Retention settings: keep four days; run once/day; active full Saturday

A1
A2 B3
B4
B1
B2 C2
C1 D2
D1
D3
A1
B1
C1
D1 B2 A2 A3 C2 D2 B4 D3

1 2 3 4 5 6 7 8 9
One click per day (nine total)

Active full backup created on Saturday (Blocks come from the source)
Retention is applied after day nine
(Only difference between this slide and previous is the full backup creation on Saturday 6, the first five clicks can go
through quick.)
38
Active full and synthetic full 3.2.7
Active
Full backup full backup
Active full backup Incremental backups

.vbk .vib .vib .vib .vib .vib .vib .vbk .vib
Sun Mon Tue Wed Thu Fri Sat Sun Mon
Backup chain
Synthetic
full
Full backup backup
Synthetic full backup

Incremental backups
.vbk .vib .vib .vib .vib .vib .vib .vbk .vib
Sun Mon Tue Wed Thu Fri Sat Sun Mon
Active full and synthetic full backups
Both active full and synthetic full backups are essentially an entire VM image stored inside the backup file.
The way active full and synthetic full backups are constructed differs.
In the following slides the synthetic full backup process will be explained in more detail, showing that a portion of
Sunday’s backup will come from production storage.
39
Incremental backup jobs 3.2.8
Retention settings: keep seven days; run once/day
Reverse incremental
Forever forward
incremental
Forward incremental
Active full on Saturdays
Mon Tue Wed Thu Fri Sat Sun Mon Tue Wed Thu Fri Sat Sun Mon Tue Wed Thu Fri Sat
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
This slide shows the different retention on a single slide.
Interesting pause points:

Click #1: Active full for all chains
Click #2: .vrb creation for reverse incremental (slower animated) .vib for both forward
Click #6: Active full creation
Click #8: Retention applied for reverse and forever forward
Click #12: Retention applied for forward
40
Grandfather-Father-Son (GFS) 3.2.9
retention
Requires scheduled periodical full backups to be enabled
Long term retention benefits
Independent retention parameters
Backup and backup copy job support
Guest interaction proxy
The guest interaction proxy is a backup infrastructure component that sits between the backup server and processed VM.
This component is needed if the backup or replication jobs perform the following processing of VMs:
Application aware image processing

Transaction logs processing
41
GFS retention options 3.2.10
Where is it located?
Options can be found
within the configure…
section of the storage
screen of the wizard.
Weekly, monthly and yearly can be enabled without inter-dependencies
When you configure the GFS schedule in the backup copy job settings, you specify for how long archive backups must be
stored and on which day certain GFS backup must be created.
https://helpcenter.veeam.com/docs/backup/vsphere/backup_copy_gfs_periods.html?ver=110
42
GFS retention example 3.2.11
Example: Keep 12 monthly and four weekly GFS restore points

Periodical synthetic full backups scheduled: Every Saturday
GFS weekly: Use full backup from Fridays (if more than one full is created in the week
GFS monthly: Use the GFS weekly backup from the first week of the month
GFS GFS GFS
Wait for Flag Wait for Flag Wait for Flag
next full M+W next full W next full W
backup backup backup
Backup Job
Forward Inc. + GFS
Retention: 7
Mon Tue Wed Thu Fri Sat Sun Mon Tue Wed Thu Fri Sat Sun Mon Tue Wed Thu Fri Sat
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
Shown are periodical synthetic full backups scheduled to run every Saturday
GFS weekly: The weekly GFS flag is assigned to use full backup from Fridays, as you can see, there is no full backup on
Friday, so the flag remains until a periodical full backup is produced (Saturday)
GFS monthly: Use the GFS weekly backup from the first week of the month. When monthly and weekly GFS flags are
used together, VBR ensures that the monthly flag is associated with the weekly flag to ensure that two full backups aren’t
retained saving on storage.
43
3.3 Backup optimizations
44
Detecting bottlenecks TIPS
If no warnings or errors occurs during backup/restore, but performance

is lower than expected, check if Veeam bottlenecks are a cause.
Resources are measured in percent

Insufficient component will work 100% of time, others are idling
Having a bottleneck does not necessarily mean that you have a problem
If no warnings or errors occurs during backup/restore, but performance is lower than expected, check if Veeam
bottlenecks are a cause.
45
Changed Block Tracking 3.3.1
Full backup Hyper-V

leverages either Hyper-V* native
Resilient Change Tracking (RCT) or
Veeam’s® proprietary Changed Block
VM image Backup repository
Tracking (CBT) mechanism
Incremental backup
vSphere
Changes leverages VMware
only
vSphere native CBT
VM image Backup repository
Changed block tracking
To perform incremental backups, Veeam Backup & Replication needs to know which data blocks have changed since the
previous job run. Depending on the hypervisor, various methods are used.
Whenever Veeam Backup & Replication cannot leverage changed block tracking — for instance, if your VMs run an earlier
version of VMware virtual hardware, CBT is disabled at the ESX host level or you are running a Hyper-V mixed cluster
2012R2/2016 — it fails over to Veeam’s proprietary filtering mechanism.
Veeam Backup & Replication uses CBT for the following operations:
Backup
Replication
Entire VM restore
VM disk restore
For VMs with virtual disks in thin format, Veeam Backup & Replication also uses CBT during active full backup sessions to
detect unallocated regions of virtual disks and skip them
Notes: Hyper-V 2016: VM version must be equal to less than 9 and cluster level must be equal to less that eight–
otherwise RCT/CBT is unavailable.
Hyper-V RCT is only available on Windows Server 2016 and newer, RCT is unavailable in mixed Hyper-V clusters (fx
2012R2 and 2016 mixed)
46
Inline deduplication 3.3.2
Why? How?
Reduce backup storage consumption Avoid storing space that has been pre-
allocated but not used.
Reduce the amount of data sent over the network
Avoid storing data blocks that are identical
to data blocks already in the resulting
backup file
Deduplication
47
Compression levels comparison 3.3.3
300 100
90
250
80
70
200
Time (seconds)
60
Time, seconds
150 50
40 Size, GB
100
30
20
50
22 GB 10
12 GB 9.70 GB 9 GB
0 0
Dedupe-friendly (rle) Optimal (lz4) High (zlib) Extreme (zlib high)
Compression levels
Data compression decreases the size of created backups but affects duration of the backup procedure. Veeam Backup
& Replication allows you to select one of the following compression levels:
No compression is recommended if you plan to store backup files and VM replica files on storage devices that support
hardware compression and deduplication.
Dedupe-friendly is an optimized compression level for very low CPU usage. You can select this compression level if you
want to decrease the load on the backup proxy.
Optimal is the recommended compression level. It provides the best ratio between size of the backup file and time of the
backup procedure.
High compression level provides additional 10% compression ratio over the optimal level at the cost of about 10 times
higher CPU usage.
Extreme compression provides the smallest size of the backup file but reduces the backup performance. We recommend
that you run backup proxies on computers with modern multi-core CPUs (six cores recommended) if you intend to use
the extreme compression level.
48
Zeroing out dirty blocks (BitLooker™) 3.3.4
Further size reduction for backup or replica(s) on NTFS file system.

Skips page file blocks and blocks from deleted files.
VM guest OS before processing VM guest OS after processing Transported data
Data size optimization
This feature is required to avoid the situation when VM file system treats the data blocks with data which has been
deleted as valid content which needs to be backed up. Only supported for NTFS file system.
With this option enabled, Veeam Backup & Replication performs the following operations during the job session:
Veeam Backup & Replication accesses the MFT file on the VM guest OS to identify deleted file blocks, and zeros out these
blocks.
Veeam Backup & Replication processes and transports data blocks of the VM image in the following manner:
If a data block of the VM image contains only the deleted file blocks, Veeam Backup & Replication does not read this data
block from the source datastore.
If a data block of the VM image contains zeroed out blocks and other data, Veeam Backup & Replication copies this block
to the target. Due to data compression, data blocks that are marked as deleted are compressed, and the size of the
resulting backup or replica file reduces.
49
Data size optimization configuration 3.3.5
Options can be found
within the advanced
section of the storage
screen of the wizard.
Data size optimization
Within the advanced section of the storage screen of the wizard.
50
Lab 1:
VM backup capabilities
(estimated 45 minutes)
1. Create an encrypted Hyper-V backup job
2. Create a vSphere backup job
3. Clone a backup job
4. Delete a backup job
5. Modify a backup job
51
3.4 Agent backup capabilities
52
Agent backups 3.4.1
Why?
Protect physical workloads such as servers, workstations, latency sensitive virtual machines, and workloads in the cloud.
Can also be used for virtual machines when image-level backups are not possible.
Deployment?
Agents can be manually installed (standalone mode) or automatically deployed using protection groups.
Management?
Use the same console as you use for your virtual machine backups for a single pane of glass experience.
53
Creating an Agent backup TIPS
Considerations
There is no Veeam proxy server used when processing an Agent

based backup. The workload itself acts as proxy.
The only exception is when the backup from storage snapshots

feature is leveraged.
To create a Veeam Agent backup job, you must create a Veeam Agent backup job in Veeam Backup & Replication with
the Managed by backup server option selected in the job settings.
If you want to protect a Mac computer, you must create a Veeam Agent backup policy.
54
Managed agent architecture example 3.4.2
Backup server
Veeam Agent for Mac
Veeam Agent for Microsoft Windows
Veeam Agent for Unix

Veeam Agent for Linux (Solaris and AIX)
Backup repository
Agent deployment
You can use Veeam Backup & Replication to manage Veeam Agent for Microsoft Windows on computers in your
infrastructure. As part of the Veeam Agent management scenario, you can remotely deploy Veeam Agent for Microsoft
Windows and Linux to your computers, as well as configure and manage Veeam Agent backup jobs in Veeam Backup &
Replication.
Direct integration of agent management into the Veeam Backup & Replication console
Built-in full agent management provides administrators:

The ability to deliver centralized deployment and management
A single pane of glass to see all backups and restores in one console
Microsoft failover cluster support
55
Agent deployment
56
Protection groups 3.4.3
Individual computers Microsoft Active Directory objects
Recommended for small Dynamic containers such as

deployments or without Active organizational units or security
Directory groups.
Computers listed in a CSV file Computers with pre-installed agents
Dynamic comma separated (CSV) Useful when using third-party software

file. Recommended for CMDB distribution solutions
integration or large environments
without Active Directory
Individual computers
You can organize individual computers into a protection group by specifying the necessary computers in the protection
group settings. This option is recommended for smaller environments that do not have Microsoft Active Directory
deployed.
Microsoft Active Directory objects

You can create protection groups that include one or more Microsoft Active Directory objects: entire domain, container,
organization unit, group, computer or cluster. This allows you to manage Veeam Agents on computers being part of an
Active Directory domain. Protection groups that include Active Directory domain, containers, groups and/or organization
units are dynamic in their nature. For example, if a new computer is added to a container, Veeam Backup &
Replication will automatically discover this computer and start managing this computer as specified in the protection
group settings.
You can specify a protection scope based on Active Directory objects in one of the following ways:
You can select individual Active Directory objects that you want to include in a protection group, for example, selected
organization units and/or computers.
You can include in the protection group an entire domain or other Active Directory object (such as a container or
organization unit) and exclude specific child objects being part of this object, for example, selected organization units
and/or computers.
Computers listed in a CSV file

You can add multiple computers to a protection group by importing a list of computers from a CSV file. Protection groups
that include computers listed in a CSV file are also dynamic. If a new computer appears in a CSV file after the protection
group is created, during the next protection group rescan session, Veeam Backup & Replication will automatically update
the protection group settings to include the added computer.
57
Computers with pre-installed agents
You can create protection groups with a flexible scope. Protection groups with a flexible scope are empty just after they are
created. You must deploy Veeam Agents on computers and configure Veeam Agents to connect to the Veeam backup
server. After deployment and configuration, computers become members of the protection group.
This option is recommended if you do not have the full list of computers that you want to protect when you create the
protection group. This option also provides a convenient way to install agents using third-party software distribution
solutions, when deploying them from the Veeam backup server is not possible due to security and network connectivity
restrictions.
57
Computers with pre-installed agents TIPS
Why?
Security teams don’t like admin$ and SSH
credentials requirement
How and what

Export agent with configuration certificate
Agent “knocks” on VBR door
Notification available for “not seen for X
days”
Why?
Security teams don’t like admin$ and SSH credentials requirement
How and what

Export agent with configuration certificate
Agent “knocks” on VBR door
Notification available for “not seen for X days”
58
Protection groups exclusions for AD 3.4.4
There is the ability to

define exclusions for the
protection group:
All virtual machines
Computers that have
been offline for more
than 30 days
AD objects
Protection groups - exclusions
Note: Virtual machines are excluded by default. Including them is especially useful for testing!
Exclusions are only available for the ”Microsoft Active Directory
59
Distribution server 3.4.5
Deploys Veeam Agent setup files to protected

computers
By default is added to the backup server but

can be a dedicated server to reduce load
Distribution server
The distribution server is an architecture component in the Veeam Agent management infrastructure used for
deployment of Veeam Agent setup files to protected computers. When you instruct Veeam Backup & Replication to
install Veeam Agent on a protected computer, the Veeam Backup Server communicates to the distribution server,
and Veeam Backup & Replication uploads Veeam Agent setup file from the distribution server to the target computer.
By default, the role of the distribution server is assigned to the backup server itself. However, you can deploy a dedicated
distribution server to reduce workload on the backup server. To deploy a distribution server, you need to add a Windows-
based server to Veeam Backup & Replication and select this server in the properties of a protection group.
60
Protection groups (options) 3.4.6
Options include:
Rescan intervals
Distribution server
Auto-update
Protection groups - options
Rescan interval
Distribution server
Auto-update
Changed block tracking driver (Requires Windows server 2008 R2 SP1 or newer)
Note: Use a distribution server to achieve load balancing and to save transfer via WAN for ROBO
61
Delete Agent from protection group TIPS
Even if orphaned (if alive, it will appear again)
Uninstalling Veeam Agent Uninstalling Veeam Agent

You can remove Veeam Agent from a specific protected computer, for example, if you want to reinstall Veeam Agent
running on the protected computer. When you remove Veeam Agent from a protected computer, Veeam Backup &
Replication also removes the Veeam Installer Service from this computer.
To uninstall Veeam Agent:
Open the Inventory view.
In the inventory pane, expand the Physical Infrastructure node and select the necessary protection group.
In the working area, select the necessary computer and click Uninstall Everything on the ribbon or right-click the
computer and select Agent > Uninstall all components.
In the displayed notification window, click Yes.
62
Agent backup job types comparison 3.4.7
Workstation
Retention based on days when computer is used
Single backup job to a non-Cloud Connect repository
Server (partial list of key features)

Retention based on restore points
Application-aware processing
File indexing and search
Transaction log backup
Parallel disk processing
Multiple backup jobs
Changed block tracking
Job types – managed by server
To back up data of your protected computers, you must configure a Veeam Agent backup job. The Veeam Agent backup
job defines what data to back up, how, where and when to back up data. In Veeam Backup & Replication, you can create
Veeam Agent backup jobs of the following types:
Backup job
The backup job that runs on the backup server in the similar way as a regular job for VM data backup. The backup job is
intended for protected computers that have permanent connection to the backup server.
The backup job that processes Veeam Agent computers runs on the backup server in the similar way as a regular job for
VM data backup. The backup job is intended for protected computers that have permanent connection to the backup
server, such as standalone servers and failover clusters. You can use the backup job to create Veeam Agent backups in a
backup repository or cloud repository.
In Veeam Backup & Replication, the backup job of this type is also referred to as the Veeam Agent backup job managed
by the backup server.
Job types – managed by agent
In situations where the protected computer has limited access to the backup server, jobs can also be managed by the
agent themselves.
Backup policy
63
The backup policy that describes configuration of individual Veeam Agent backup jobs that run on protected computers.
Veeam Backup & Replication uses the backup policy as a saved template and applies settings from the backup policy to
Veeam Agents that run on computers added to the backup policy. The backup policy is intended for protected computers
that may have limited connection to the backup server.
The backup policy describes configuration of individual Veeam Agent backup jobs that run on protected computers. Veeam
Backup & Replication uses the backup policy as a saved template and applies settings from the backup policy to Veeam
Agents that run on computers specified in the backup policy. The backup policy is intended for protected computers that
may have limited connection to the backup server, such as workstations, laptops and so on. You can choose to create
Veeam Agent backups in a backup repository, cloud repository, network shared folder or on a local storage of a protected
computer.
In Veeam Backup & Replication, the backup policy is also referred to as the Veeam Agent backup job managed by Veeam
Agent.
63
Agent backup job modes 3.4.8
Managed by backup server

A Backup Job is created in Veeam Backup &
Replication. The backup server will trigger and
control the backup jobs, the agent will perform
the protection tasks.
Clusters can only be managed by the backup
server
Managed by agent
A Policy will be pushed to these agents, defining
when and what to backup to which location.
The backups will be triggered and run from the
agent system itself.
Workstations can only be managed by the agent
Job types – managed by server
To back up data of your protected computers, you must configure a Veeam Agent backup job. The Veeam Agent backup
job defines what data to back up, how, where and when to back up data. In Veeam Backup & Replication, you can create
Veeam Agent backup jobs of the following types:
Backup job
The backup job that runs on the backup server in the similar way as a regular job for VM data backup. The backup job is
intended for protected computers that have permanent connection to the backup server.
The backup job that processes Veeam Agent computers runs on the backup server in the similar way as a regular job for
VM data backup. The backup job is intended for protected computers that have permanent connection to the backup
server, such as standalone servers and failover clusters. You can use the backup job to create Veeam Agent backups in a
backup repository or cloud repository.
In Veeam Backup & Replication, the backup job of this type is also referred to as the Veeam Agent backup job managed
by the backup server.
Job types – managed by agent
In situations where the protected computer has limited access to the backup server, jobs can also be managed by the
agent themselves.
Backup policy
64
The backup policy that describes configuration of individual Veeam Agent backup jobs that run on protected computers.
Veeam Backup & Replication uses the backup policy as a saved template and applies settings from the backup policy to
Veeam Agents that run on computers added to the backup policy. The backup policy is intended for protected computers
that may have limited connection to the backup server.
The backup policy describes configuration of individual Veeam Agent backup jobs that run on protected computers. Veeam
Backup & Replication uses the backup policy as a saved template and applies settings from the backup policy to Veeam
Agents that run on computers specified in the backup policy. The backup policy is intended for protected computers that
may have limited connection to the backup server, such as workstations, laptops and so on. You can choose to create
Veeam Agent backups in a backup repository, cloud repository, network shared folder or on a local storage of a protected
computer.
In Veeam Backup & Replication, the backup policy is also referred to as the Veeam Agent backup job managed by Veeam
Agent.
64
Veeam Agent for Linux
65
Veeam Agent for Linux overview 3.4.9
Application-aware
Backup Modes Destinations
processing
Local storage
Entire Machine Shared Folder Oracle
Volume level backup Veeam Backup Repository PostgreSQL
File level backup (Including deduplicating storage) MySQL
Veeam Cloud Connect Repository
Built-in snapshot
Custom recovery and changed block
File indexing Data encryption
media tracking (CBT)
drivers
The recovery media can be downloaded from http://repository.veeam.com/backup/linux/agent/veeam-recovery-media/
66
Veeam Agent for MAC
67
Veeam Agent for Mac overview 3.4.10
Backup Modes Destinations Encryption
Local storage
Shared Folder
User data
Veeam Backup Repository
Custom scope
(Including deduplicating storage)
Veeam Cloud Connect Repository
TIP
If you want to back up the root directory and specify / in the Path to a directory field, Veeam Agent does not
automatically include mount points in the backup scope. To include mount points, you need to specify paths to these
mount points manually.
For example, you have a file system mounted to the /Library/Media directory. If you add / as an object to the backup
scope, Veeam Agent will not back up the mounted file system. To back up the root directory and the mounted file
system, add the following objects to the backup scope:
/
/Library/Media
68
Veeam Agent for Microsoft
Windows
69
Veeam Agent for Windows overview 3.4.11
Backup Modes Destinations Application-aware

processing
Local storage
Shared Folder Active Directory
Entire Machine Veeam Backup Repository Exchange
Volume level backup (Including deduplicating storage) MS SQL
File level backup Veeam Cloud Connect Repository Oracle
Microsoft OneDrive SharePoint
Data Custom
Backup cache
Veeam change encryption Recovery Transaction
block tracking Media log processing
(CBT) drivers Parallel disk Resume SQL & Oracle
processing File indexing backups
70
Support for failover clusters 3.4.12
Application awareness for:

Microsoft SQL Server:
Classic SQL cluster with
shared disk
SQL always on cluster
Exchange DAG clusters
Nodes are automatically
processed in a sequential
manner within a single failover
cluster backup job to avoid DAG
failover issues.
Failover cluster — select this option if you want to back up data pertaining to a failover cluster.
With this option selected, the backup job will be managed by the Veeam backup server — you do not need to select the
job mode.
This is only availablem
71
Advanced protection group settings 3.4.13
Restrict or manage agent features

remotely
Great for non-managed or bandwidth
restricted machines
Advanced protection group settings
Ability to remote instruct agents to restrict or manage parts of how it operates —this is because there is no other
component to do it.
72
Backup from Storage Snapshots (BfSS) 3.4.14
Why
Offload processing from source
machine
Isolate network traffic
What
Same systems supported like for
VMware integration*
Backup job configuration

Advanced storage configuration
Disabled per default
Failover cluster — select this option if you want to back up data pertaining to a failover cluster.
With this option selected, the backup job will be managed by the Veeam backup server — you do not need to select the
job mode.
This is only availablem
73
BfSS: How it works TIPS
Backup proxy reads the data

from the storage snapshot
Storage Backup proxy Repository Veeam Backup &

system Replication™
Server/host
Disk attached
to the machine
Data disk
Regular backup for operating system
OS disk
Create transportable VSS snapshot at agent side
Create snapshot at storage device
Proxy mounts transportable VSS snapshot for processing
Finalize job session at agent side
74
BfSS: Considerations TIPS
Works only for Windows servers and failover clusters

(managed by server)
Requires proxy with same OS or above (and Windows

2012R2 and above)
No support for virtual machines with RDMs in vSphere
RDM won’t be supported. There is no way to understand that volume sits in the storage system due to RDM architecture
(it adds another 'layer' to device manager in Windows so we can’t do matching with volume on storage)
75
Lab 2:
Agent backup capabilities
1. Create a protection group for automatic

deployment of Veeam Agents
2. Create a backup job for a protection
group
3. Create a backup job for an individual
server
76
3.5 NAS backup capabilities
77
Adding a file share 3.5.1
Supported NAS types:
Windows or Linux-
managed server
Enterprise NAS system
NFS v3, v4.1
SMB v1, v2, v3
Adding a file share
In the infrastructure view there is now an option to view file shares and add a file share to the infrastructure. The adding
a file share dialog window shows that Veeam v10 supports Windows and Linux servers as well as NFS and SMB NAS
shares.
Enterprise NAS systems are for example NetApp Data ONTAP, Lenovo ThinkSystem DM series and Dell EMC Isilon.
78
File-share backup architecture 3.5.2
Backup Cache
server repository
File share Backup proxy Backup

repository
File share backup architecture
Veeam Backup & Replication allows you to back up and restore content of NAS file shares.
To enable and configure the NAS backup feature in Veeam Backup & Replication, add the following components to the
backup infrastructure:
File share
Cache repository
File proxy
Backup repository
79
Backup proxy 3.5.3
Processes jobs
Delivers backup and restore traffic
Windows server (no Linux)
Different type of Backup Proxy than used for

virtual machines
Backup proxy
A file proxy is an architecture component that sits between the file share and other components of the backup
infrastructure. The file proxy operates as a data mover that transfers data from the source file share to the backup
repository. The file proxy processes jobs and delivers backup and restore traffic.
One file share equals one concurrent task
80
Cache repository 3.5.4
By default, is added to the backup server but

can be a dedicated server to reduce load.
Stores checksums in RAM during

backup/restore
Coordinates backup proxies
Does not store or process real data
Cache repository
A cache repository is a storage location where Veeam Backup & Replication keeps temporary metadata. Veeam Backup &
Replication uses the cached metadata to reduce the load on the file share during the backup procedure. This allows
performing incremental backups from the file share very quickly and very efficiently.
You can assign the role of a cache repository to a simple backup repository added to
the Veeam Backup & Replication infrastructure.
81
Cache repository TIPS
To minimize the network load during backup,

locate the cache repository close to the file
share in the computer network — ideally one
hop away from each other.
A cache repository is a storage location where Veeam Backup & Replication keeps temporary cached metadata for the
data backed up by the file share backup jobs.
82
Full backup 3.5.5
Cache
repository
2 3
1 5
4
Backup proxy Backup repository
File share (short retention)
NAS full backup
Veeam Backup & Replication performs file share backup to the backup storage in the following way:
1. The backup proxy enumerates files and folders on the file share and creates a cyclic redundancy check (CRC) tree.
2. The backup proxy transfers the CRC tree to the cache repository.
3. The cache repository saves the CRC tree. When the cache repository receives a new CRC tree structure from the
proxy, it compares it with the CRC tree created during the previous run of the backup session. If any files or folders
of the file share have changed since the previous backup session run, the cache repository instructs the backup
proxy to start reading changed data from the source file share.
4. The backup proxy reads new data from the file share.
5. The backup proxy creates data packages and transfers them to the target backup repository. Data packages comprise
backup data files (each 64 Mb in size) and metadata files that contain names and versions of backup files and
allocation of data in backup files.
83
Incremental backup 3.5.6
Do not read the entire file share again
Check whether a folder has changed by comparing checksums and

repeat for sub-folders
Ignore folders with no changes
Reduce load on environment
Do not read the entire file share again
Check whether a folder has changed by comparing checksums and repeat for sub-folders
Ignore folders with no changes
Reduce load on environment
84
Changed file tracking 3.5.7
Cache repository request

folder enumeration by
source agent (file proxy).
NAS
Folder Folder CRC is returned and

1 2
compares to .vCache
Folder
File A File B
on the cache repository
3
File C File D
Changed file tracking
Veeam Backup & Replication performs file share backup in the following way:
When a new backup job session starts, Veeam Backup & Replication assigns a file proxy to enumerate files and folders on
the file share and to create a file tree with cyclic redundancy check (CRC) values.
The file proxy enumerates files and folders on the file share and creates the file tree with CRC values.
The file proxy transfers the file tree to the cache repository.
The cache repository saves the file tree.
When the cache repository receives a new tree structure from the proxy, it compares it with the file tree created during
the previous run of the backup session. If any files or folders of the file share have changed since the previous backup
session run, the cache repository instructs the file proxy to start reading changed data from the source file share.
The file proxy reads new data from the file share.
The file proxy creates data packages. Data packages contain backup data saved as data files (each 64 megabytes in size)
and metadata files that contain names and versions of backup files and allocation of data in backup files.
The file proxy sends new data to the target backup repository.
85
Changed file tracking 3.5.8
Cache .vcache
NAS repository
Folder Folder
1 2
Folder
File A File B Backup proxy 1
3 Short term
retention
File C File D
Changed File Tracking
Veeam Backup & Replication performs file share backup in the following way:
When a new backup job session starts, Veeam Backup & Replication assigns a file proxy to enumerate files and folders on
the file share and to create a file tree with cyclic redundancy check (CRC) values.
The file proxy enumerates files and folders on the file share and creates the file tree with CRC values.
The file proxy transfers the file tree to the cache repository.
The cache repository saves the file tree.
86
Creating file share backup TIPS
Considerations
Skipped files and folders do not, by default, generate a warning or

failure
Linux file shares do not use backup proxies. Linux machines act as
a proxy on its own
Considerations
Give an overview of the consideration outlined on the slide.
In your antivirus, exclude the c:\Program\Files\(x86)\Veeam\Backup\Transport\x64\VeeamAgent.exe for performance.
Warning: it can weaken the security of the file proxy and repository
87
NAS ACL handling, locked files
and retention
88
Advanced settings - ACL Handling 3.5.9
Advanced settings – ACL handling
Folder-level only (recommended) to back up permissions and attributes from folders only. The restored files will inherit
permissions from the target folder.
Files and folders (slower) to back up permissions and attributes from both folders and individual files. This option can
significantly reduce the backup performance.
89
Advanced settings - Locked files 3.5.10
Supported sources:
CIFS path
VSS snapshot
NFS path
Path of storage snapshot folder
How are locked files handled
You can instruct Veeam Backup & Replication to back up data from Microsoft VSS snapshots or native storage snapshots.
During backup jobs, Veeam Backup & Replication will read data of shared files and folders from snapshots, which speeds
up backup operations and improves RPOs.
To define if Veeam Backup & Replication will use snapshots for backups:
At the SMB file share step of the wizard, click advanced.
In the advanced window, select one of the following options:
To ignore the snapshot functionality, select backup directly from the file share. Veeam Backup & Replication will ignore
locked files and folders. When creating a backup job, you can configure notifications to list files and folders that are
skipped during the backup procedure.
To backup files from Microsoft VSS snapshots, select backup from Microsoft VSS snapshot. If you select this option, make
sure that the file share and the file proxy used for the file backup job support SMB protocol version three or later.
To backup files from the native storage snapshots, select backup from a native storage snapshot at the following path and
specify the path to the folder on the SMB file share where snapshots are stored in the \\server\folder format. If you
select this option, you can additionally use scripts, for example, to create a snapshot before the backup and remove it
after the backup. You can define these scripts, when creating a new file share backup job.
90
Versions examples 3.5.11
One backup of file runs per day with no change
No Change: No Change:
file remains file remains
the same the same
FILE v1 FILE v1 FILE v1
DAY DAY DAY

ONE TWO THREE
There can be a number of backup retention scenarios depending on the configuration of backup and archive repositories.
Below you can find example cases that illustrate NAS backup retention with different settings.
https://helpcenter.veeam.com/docs/backup/hyperv/nas_retention_scenarios.html?ver=110
91
Versions examples 3.5.12
Two backups of file run per day
File File No Change:No Change: File change:

change: change: file remainsfile remains becomes new
becomes becomes the same the same file version
new file new file
FILE v1 FILE
versionv2 FILE
versionv3 FILE v3 FILE v3 FILE v4
DAY DAY DAY

ONE TWO THREE
92
Retention options for file versions TIPS
Only files with multiple versions go

to long term retention.
Short term repository always keeps
latest version.
Production File v1 File v2 File v3 File v4 ISO
Example: static ISO file never gets

archived.
Except if you delete from source.
Short term File v1 File v2 File v3 File v4 ISO
retention
Long term
retention
93
Retention options (short-term retention) 3.5.13
Source
SMB
Cache
repository
NFS
Backup proxy Short term

retention
Linux file share
Short term retention:
New NAS backup format
Capacity tier of Scale-out Backup Repository™ (SOBR)
Windows file share will be ignored
Retention in days or months
Retention options – short term retention
Give explanation of the graphic shown, key points to highlight:
Short term retention
New NAS backup format

Capacity tier of SOBR will be ignored
Retention in days or months
94
Retention options (long-term retention) 3.5.14
Source
SMB
Cache
repository
NFS
Backup proxy Short term Long term

retention retention for archival purposes
Linux file share Long term retention:
Does not help to follow the 3-2-1 rule
Archive older versions to cheaper storage
Windows file share
Object storage supported
Optional: filter file types
Retention options – long term retention
Give explanation of the graphic shown, key points to highlight:
Long term retention
Archive older versions to cheaper storage

Object storage supported
Optional: filter file types
95
Retention options (backup copy job) 3.5.15
Source
SMB
Cache
repository
NFS
Secondary copy: Backup proxy Short term

retention
Long term
retention for archival purposes
Linux file share
Compliant with 3-2-1 rule
Creates copy of primary short-term
retention
Windows file share Same or different retention
Secondary copy
Capacity tier of SOBR will be ignored
Retention options – Backup Copy Job
96
Lab 3:
NAS backup capabilities
1. Deploy required Veeam components for

creating file share backups
2. Add the file share to the Veeam Backup
Server
3. Create a backup job for a file share
97
3.6 Transport modes
98
Proxy transport modes (vSphere) 3.6.1
Proxy transport modes
Transport mode is a method that is used by the Veeam data mover service at the proxy to retrieve VM data from the
source host and write VM data to the target destination.
Job efficiency and time required for job completion greatly depends on the transport mode.
The transport mode is a method used by the Veeam Data Mover Service to retrieve VM data from the source and write
VM data to the target.
For data retrieval, Veeam Backup & Replication offers the following modes (beginning with the most efficient):
Direct storage access
Virtual appliance
Network
99
Direct storage access (vSphere) 3.6.2
Direct SAN access

Veeam
Backup
server
1
5
Source
host
2 4
6 7
Production Backup Backup

storage proxy repository
Direct storage access (VMware) – Direct SAN access
Benefits
Quickest processing mode
Least impact on production
Backup processing fully offloaded
LAN-free backup traffic
No impact on consolidation ratio
Considerations
Supports block storage only
iSCSI: physical and virtual backup proxy servers both supported
Physical backup proxy server requirement for Fibre channel SAN
Consider repurposing older servers
Might be hard for beginners to setup
Advanced data fetcher (double I/O performance) available
only when backup from storage snapshots are utilized
100
Direct storage access (vSphere) 3.6.3
Direct NFS access

Veeam
Backup
server
1
5
NFS
Source client
host
2 4
6 7
NAS Backup Backup

Direct storage access (VMware) – direct NFS access
1. The backup proxy sends a request to the ESXi host to locate a VM on the NFS datastore.
2. The ESXi host locates the VM.
3. Veeam Backup & Replication triggers VMware vSphere to create a VM snapshot.
4. The ESXi host retrieves metadata about the layout of VM disks on the storage (physical addresses of data blocks).
5. The ESXi host sends metadata to the backup proxy.
6. The backup proxy uses metadata to copy VM data blocks directly from the NFS datastore over LAN.
7. The backup proxy processes copied data blocks and sends them to the target over LAN.
Benefits
Advanced data fetcher (double I/O performance)
Recommended transport mode for VMs whose disks are located on NFS datastores
Veeam Backup & Replication bypasses the ESXi host and reads/writes data directly from/to NFS datastores
VM data still travels over the LAN but there is no load on the ESXi host
Considerations
Unavailable for VMs that have at least one snapshot
Unavailable for Windows VM’s if VMware tools quiescence option is enabled
If a VM has some disks that cannot be processed in the direct NFS access mode, Veeam Backup & Replication processes
these VM disks in the network transport mode
101
Virtual appliance mode (vSphere) 3.6.4
Veeam
Backup Server
VMware
backup proxy
Source ESXi host Backup repository

ESXi host with a virtual
backup proxy
Virtual appliance mode
Benefits
Advanced data fetcher (double I/O performance)
Easy to setup
Fast data transfers with any storage
Uses Windows VMs
Allows for 100% virtual deployment
Uses the SCSI/SATA hot-add capability of ESXi hosts
Considerations
Can affect your consolidation ratio
102
Network mode (vSphere) 3.6.5
Veeam
Backup
server
1
4
Source
host
2 4
Production Backup Backup

Network mode (VMware)
1. The backup proxy sends a request to the ESXi host on which the processed VM is registered to locate the VM on the
datastore.
2. The ESXi host locates the processed VM on the datastore.
3. Veeam Backup & Replication instructs VMware vSphere to create a VMware vSphere VM snapshot.
4. ESXi host copies VM data blocks from the source storage and sends them to the backup proxy over LAN. Note that
the real data transfer speed may be significantly less than the available speed. This is because the backup proxy and
the ESXi host communicate over the ESXi management network.
5. The backup proxy sends the data to target.
Network mode can be used with any infrastructure configuration. In this mode, data is retrieved via the ESXi host over
the LAN using the Network Block Device protocol (NBD).
The process of data retrieval in network mode includes the following steps:
The backup proxy sends a request to the ESXi host to locate the necessary VM on the datastore.
The ESXi host locates the VM on the datastore.
VM data blocks are copied from the production storage and sent to the backup proxy over the LAN.
The backup proxy sends the data to target.
Benefits
Easy to setup
Any storage
Quick to start data transfer
Fast, with 10 Gigabyte Ethernet
103
Considerations
Painfully slow performance on 1GB ethernet
Leverages ESXi VMkernel (management) interface
Note: You can instruct Veeam Backup & Replication to switch to the Network transport mode and transfer VM data over
the LAN if the primary transport mode is inaccessible.
103
Backup from Storage Snapshots 3.6.6
Backup Store
Low RPO
Create Create Backup proxy Backup repository

VM snapshot storage snapshot
Backup from Storage Snapshots
Backup from Storage Snapshots lets you speed up backup and replication for VMware vSphere VMs whose disks are
hosted on storage systems. When you perform Backup from Storage Snapshots, Veeam Backup & Replication leverages
storage snapshots for VM data processing. Backup from Storage Snapshots lets you reduce impact of backup and
replication activities on the production environment and improve RPOs.
Some of the perks of leveraging storage snapshots for data protection-related activities are:
Direct storage access (no proxying through ESXi)
No mount, re-signature, VM registration or clean up
VMware Changed Block Tracking (CBT) can still be leveraged
Easy to setup — a single checkbox!
Instant VMware snapshot commit
Note: Hyper-V has its native integration with storage snapshots via hardware VSS.
104
Storage integration 3.6.7
Standard VM backup
VM snapshot lifetime
I/O
Backup
t
VM snapshot VM snapshot delete
Storage integration
To be able to use incremental forever image level backups with Change-Block-Tracking over the VMware Storage API, a
VM snapshot is required. However, VM snapshots come with drawbacks, as all changes during the backup were written
to the snapshot and they need to be committed to the main storage when the snapshot is deleted.
This leads to:

High storage load at snapshot delete
Potential VM stuns at snapshot delete
It will take a long time to delete the snapshot
105
Storage integration 3.6.8
VM backup with Veeam Snapshot integration
VM snapshot lifetime
I/O
Backup
t
VM snapshot VM snapshot
commit
Storage Delete storage snapshot
snapshot
Storage integration
Together with Veeam unique agentless application aware backup engine Veeam creates Storage Snapshots directly after
the VMware Snapshot to preserve the consistent state within the Storage Snapshot. After the Storage Snapshot was
created Veeam will release the VMware Snapshot.
As the Storage Snapshot can be deleted, after the backup has completed, without any overhead there will be no negative
effects to the VMs.
Storage Snapshot based backups can be used together with VMware Change Block Tracking.
106
Proxy transport mode overview 3.6.9
(vSphere)
Recommendations for installing the backup proxy, depending on the storage
type and desired transport mode:
Production
Direct storage access Virtual appliance Network mode
storage type
Physical proxy with direct FC
Fibre Channel (FC) SAN Virtual proxy running
access to the SAN
on an ESXi host
connected to the Physical or
iSCSI SAN Physical or virtual proxy storage device virtual proxy
connecting to
the ESXi host(s)
Only use for NFS v4.1 VMkernel interface
NFS storage Physical or virtual proxy (management
Virtual proxy network)
Virtual proxy on every
Local storage Not supported
ESXi host
Proxy transport mode overview (VMware)
The graphic shows recommendations for backup proxies dependent on storage and transport mode.
107
Introduction
Building Backup capabilities
Building Replication Second backup location

Capabilities Protecting data in the cloud
4.1 Replication Object recovery

4.2 Utilize the CDP policy Testing backup and replication
Veeam Backup Enterprise Manager
In this section:
Replication
CDP Policy
108
4.1 Replication
109
Replication overview 4.1.1
1:1 copy of a VM in native hypervisor format, ex: vSphere to vSphere or Hyper-

V to Hyper-V though NOT vSphere to Hyper-V
Thus, at rest there is:
No deduplication
No compression
No encryption
Production vSphere DR vSphere
or Hyper-V host or Hyper-V host
Supported targets:
Standalone or managed hosts
Clusters
Building replication capabilities
What is a replica?
A replica is a 1:1 copy of a virtual machine in native hypervisor format
While a replica can’t be encrypted, the connection between the hosts can be encrypted (in flight encryption)
Supported targets
Managed hosts is a host managed by either a VMware vCenter Server (vSphere) or Microsoft SCVMM (Hyper-V).
110
Building replication capabilities (vSphere) 4.1.2
Onsite replication
Veeam® Backup
Server
Data mover Data mover Data mover

service service service
Backup Source VMware Target host

repository host backup proxy
Building replication capabilities (VMware) – onsite replication
If the source host and target host are located in the same site, you can perform onsite replication.
Onsite replication requires the following replication infrastructure components:
Source and target hosts

Backup proxy. In the onsite replication scenario, the source Veeam data mover and target Veeam data mover are started
on the same backup proxy. The backup proxy must have access to the backup server, source host, target host and backup
repository holding replica metadata.
Backup repository for storing replica metadata.
In the onsite replication scenario, Veeam Backup & Replication does not perform data compression. Replication traffic is
transferred decompressed between the two Veeam data mover started on the same backup proxy.
111
Building replication capabilities (vSphere) 4.1.3
Offsite replication
Veeam® Backup
Server

WAN
Backup Source VMware VMware Target host

repository host backup proxy backup proxy
Building replication capabilities (VMware) – offsite replication
If the source host is located in the primary site, and the target host is located in the DR site, you can perform offsite
replication.
Offsite replication can run over two data paths:

Direct data path
Via a pair of WAN accelerators
Replication over direct data path
The common requirement for offsite replication is that one Veeam data mover runs in the production site, closer to the
source host, and the other Veeam data mover runs in the remote DR site, closer to the target host. During backup, the
Veeam data movers maintain a stable connection, which allows for uninterrupted operation over WAN or slow links.
112
Building replication capabilities (Hyper-V) 4.1.3
Onsite replication
Veeam® Backup
Server

Backup Source Target host

repository host
Building replication capabilities (Hyper-V) – onsite replication
Veeam Backup & Replication supports two replication scenarios:
On-host replication
Off-host replication
Both scenarios are applicable for onsite replication and replication to a remote DR site. In both scenarios, you can
replicate VM data over a direct data path or over a pair of WAN accelerators.
113
Building replication capabilities (Hyper-V) 4.1.3
Offsite replication
Veeam® Backup
Server

WAN
Backup Source Target host

repository host
Building replication capabilities (Hyper-V) – onsite replication
Veeam Backup & Replication supports two replication scenarios:
On-host replication
Off-host replication
Both scenarios are applicable for onsite replication and replication to a remote DR site. In both scenarios, you can
replicate VM data over a direct data path or over a pair of WAN accelerators.
114
Leveraging snapshots 4.1.6
vSphere Hyper-V
Hyper-V snapshot
Based on vSphere snapshots
(check points)
Restore point
limitation number
28 47
Illustration
Leveraging snapshots
Snapshot replica in many respects is similar to forward incremental backup. During the first run of a replication job,
Veeam Backup & Replication copies the VM running on the source host and creates its full replica on the target host. The
replica is stored uncompressed, in a native hypervisor format.
All subsequent replication jobs are incremental. Veeam Backup & Replication copies only those data blocks that have
changed since the last replication cycle.
The reason for the limitation number on restore points is on VMware has a supported limit of 32 snapshots, minus the
working snapshots we require, and a bit of overhead and Hyper-V has a supported limit of 50 snapshots, minus the
working snapshots we require and a bit of overhead.
115
Replica seeding 4.1.7
Veeam® Backup
Server
Source Target
ESXi host Backup repository Backup repository ESXi host
in production site in DR site
Replica seeding
If you plan to replicate to a remote DR site over WAN or low-bandwidth network, you can use replica seeding. Replica
seeding helps reduce the amount of VM data transferred over the network.
Replica seeding can be used if you have a backup for the replicated VM on the backup repository located in the DR site. In
this case, you can point the replication copy job to this backup. During the first session of the replication job, Veeam
Backup & Replication will use this backup file as a "seed". Veeam Backup & Replication will restore the VM image from
the backup and register the VM replica on the target host. After that, Veeam Backup & Replication will synchronize the
VM replica with the source VM. All subsequent incremental replication runs will be performed in the regular manner.
116
Replica mapping 4.1.8
Veeam® Backup
Server
Source Target
ESXi host ESXi host
Replica mapping
The most common use case if splitting up, consolidating or re-creating replication jobs. If a replica for the VM that you
plan to replicate already exists on the target host in the DR site, you can use replica mapping. Replica mapping helps
reduce the amount of VM data transferred over the network.
To use replica mapping, you must point the replication job to a VM replica on the host in the DR site. During the first
session of the replication job, Veeam Backup & Replication will calculate the difference between the source VM and VM
replica and copy necessary data blocks to synchronize the VM replica to the latest state of the source VM. All subsequent
incremental replication sessions will be performed in the regular manner.”
117
Remote replica from backup 4.1.9
Veeam® Backup
Server
Reduces workload on
production environments
No extra snapshot
required
Backup Backup Target
repository 1 repository 2 ESXi host
Sun
.vbk .vib .vbk 1 Mon
Tue
Sun Tue Mon 2
3
Remote replica from backup
Disaster recovery plans often require that you back up and replicate the same VM for DR and HA purposes. Normally, this
doubles the workload on the virtual infrastructure. You need to create two VM snapshots, independently from one
another, and transfer VM data from the production site twice.
You can reduce the workload on the production environment by using the replica from backup option. This option can be
used for onsite and offsite replication scenarios.
When you perform replication from backup, Veeam Backup & Replication does not address hosts and storage in the
production environment to read VM data. As a source of data, it uses a backup chain that already exists on the backup
repository. As a result, you do not need to create a VM snapshot for replication and transport the same data twice. You
retrieve VM data only during the backup job. The replication job reuses retrieved data to build VM replica restore points.
Although replica from backup might resemble replica seeding, there is difference between these options:
Replica seeding uses the backup file only during the first run of a replication job. To further build VM replica restore
points, the replication job addresses the production environment and reads VM data from the source storage.
Replica from backup uses a backup chain on the backup repository as the only source of data. When building a new VM
replica restore point, Veeam Backup & Replication always reads data from the latest restore point in the backup chain,
either full or incremental. The backup chain on the backup repository may be created with a backup job or a backup copy
job.
118
Network remapping 4.1.10
Use table to map

production networks
to DR site
Updates VM replica
configuration file
on the DR site
No need to re-configure
VM replica network
settings manually
Network remapping
Network mapping can be helpful if you use different networks in the production site and DR site. In this situation, you can
configure a table that maps production networks to networks in the DR site. During every replication job
session, Veeam Backup & Replication will check the network mapping table and update the VM replica configuration file
to replace the production network with the specified network in the DR site. As a result, when you perform failover, the
VM replica will be connected to the necessary networks in the DR site, and you will not have to re-configure network
settings for the VM replica manually.
119
Re-IP (Windows only feature) 4.1.11
Mounts VM disks of replica

to the backup server
Changes IP address
configuration via Microsoft
Windows registry
Whole operation takes less

than a second.
Re-IP
For Microsoft VMs, Veeam Backup & Replication also automates reconfiguration of VM IP addresses. If the IP addressing
scheme in the production site differs from the DR site scheme, you can create a number of re-IP rules for the replication
job.
When you fail over to the replica, Veeam Backup & Replication checks if any of the specified re-IP rules apply to the
replica. If a rule applies, Veeam Backup & Replication mounts VM disks of the replica to the backup server and changes its
IP address configuration via the Microsoft Windows registry. The whole operation takes less than a second. If failover is
undone for any reason or if you fail back to the original location, replica IP address is changed back to the pre-failover
state.
120
Lab 4:
Replication capabilities
replicating virtual machines to the
production site
replicating virtual machines to the DR
site
3. Create a Microsoft Hyper-V replication
job
4. Create a VMware vSphere replication job
121
4.2 Utilize the CDP policy
122
Continuous Data Protection (CDP) 4.2.1
Continuous data protection (CDP) is a technology that helps you protect

mission-critical VMware virtual machines when data loss for seconds or
minutes is unacceptable. CDP also provides minimum recovery time
objective (RTO) in case a disaster strikes because VM replicas are in a
ready-to-start state.
Common use cases:

Critical workloads needing lowest RPO
The “top 5%” of your applications
Continuous data protection (CDP) is a technology that helps you protect mission-critical VMware virtual machines when
data loss for seconds or minutes is unacceptable. CDP also provides minimum recovery time objective (RTO) in case a
disaster strikes because VM replicas are in a ready-to-start state.
Common use cases:

Critical workloads needing lowest RTO and RPO
The “top 5%” of your applications
123
CDP benefits 4.2.2
Lowest RPOs and RTOs
No VMware snapshots = no VM stuns
No workload or hardware dependency
No physical distance limit like for synchronous replication
Policy-based protection
Flexible retention
Lowest RPOs and RTOs – Seconds or minutes instead of hours
VM snapshots — Veeam CDP captures all write I/O directly in the data path with the VMware-certified I/O filter driver,
eliminating the need to create VM snapshots as with classic replication jobs. And with I/O level tracking, only the data
actually changed is sent over to a DR site, as opposed to larger virtual disk blocks returned by changed block tracking.
• No workload or hardware dependency — Protect ANY OS and applications that can run within a vSphere VM. And unlike
storage-based replication, Veeam CDP works across non-matching storage arrays, hyperconverged storage solutions and
even local vSphere ESXi storage.
• Asynchronous replication — Unlike synchronous array-based replication, Veeam CDP can be used across any distance
while requiring significantly lower bandwidth, thanks to I/O consolidation when the same block is overwritten multiple
times and network traffic compression.
• Policy-based protection — Unlike with regular replication jobs, you don’t have to worry about scheduling at all. Just
define the required RPO (maximum data loss allowed in case of a disaster) and the CDP policy will take care of performing
the sync cycles as needed. Also, to reduce monitoring events spam, you can define acceptable RPO violation thresholds
so that sporadic connectivity issues do not result in alarms.
• Flexible retention — Separately define short-term retention, allowing crash-consistent restores to a point in time with
RPO period granularity and long-term retention policy with optional periodic application-consistent restore points,
providing an additional layer of protection.
124
Short-term retention TIPS
Minimum two seconds

Recommendation: not less than 15 seconds
Crash consistent
Veeam Backup & Replication retains short-term restore points for the number of hours specified in CDP policy settings.
When the retention period is exceeded, Veeam Backup & Replication transforms the replication chain in the following
way. The example shows how short-term retention works for a VM replica with one virtual disk.
1. Veeam Backup & Replication checks whether the replication chain contains outdated short-term restore points.
2. If an outdated restore point exists, Veeam Backup & Replication commits data for the restore point from the
transaction log file (.tlog) into the nearest delta or base disk file (<disk_name>-flat.vmdk or <disk_name>-<index>.vmdk).
3. If the transaction log file does not contain data for further restore points, Veeam Backup & Replication deletes the
transaction log file as redundant — its data has already been committed into the base or delta disk file.
125
Long-term retention TIPS
Allows application consistency
Veeam Backup & Replication retains long-term restore points for the number of days specified in CDP policy settings.
When the retention period is exceeded, Veeam Backup & Replication transforms the replication chain in the following
way. The example shows how long-term retention works for a VM replica with one virtual disk.
1. Veeam Backup & Replication checks whether the replication chain contains outdated long-term restore points.
2. If an outdated restore point exists, Veeam Backup & Replication rebuilds the file that contains data for the base disk
(<disk_name>-flat.vmdk) to include data of the file that contains data for the delta disk (<disk_name>-<index>.vmdk). To
do that, Veeam Backup & Replication commits into the base disk file data from the earliest delta disk file. This way, the
base disk file ‘moves’ forward in the replication chain.
126
Estimate required proxy resources TIPS
Based on VMware values for last hour
To test whether VMware CDP proxies available in the backup infrastructure can handle replication, click Test.
Veeam Backup & Replication will analyze available CPU on all source and all target VMware CDP proxies, the
maximum VM disk write speed during the last hour and will calculate approximate requirements for VMware CDP
proxies. In the CDP Infrastructure Assessment window, you will see the calculated values:
The CPU rows show CPU cores available on all proxies (source or target).
The Proxy RAM rows show RAM required for CDP and, in parenthesis, RAM available on all proxies (source or target). If
values in the parentheses and near them are the same, you need to upgrade proxies for which values coincide to provide
more resources. RAM on proxies must be doubled up because CDP uses 50% of RAM by default. You can change this
value with a registry key. For more information, contact Veeam Customer Support.
The Proxy Bandwidth rows show the maximum disk write speed during the last hour and, in parenthesis, available
bandwidth based on available cores of source or target proxies.
127
Failover TIPS
Unplanned (disaster)
Planned
Failover plans are supported
Hint: use arrow keys to find

the correct point in time
As a rule, the initial synchronization is performed when disk data is sent to the target host for the first time. During the
initial synchronization, Veeam Backup & Replication sends data for full copies of virtual disks and creates the very first
restore points.
During the incremental synchronization, Veeam Backup & Replication mainly sends data for incremental changes made to
virtual disks and creates short-term and long-term restore points. For more information on restore points and files
created for VM replicas, see Replication Chain.
128
RPO reporting TIPS
Configured per policy Warning
Error
Success
To instruct the CDP policy to display a warning or error if a newly created restore points are not transferred to the target
within the set RPO, click Reporting. Then specify when the policy must display error and warning.
If you have configured email notification settings, Veeam Backup & Replication will mark the policy with
the Warning or Error status and will also send email notifications.
129
Introduction
Secondary Second backup location

Backups Protecting data in the cloud
5.1 Backup copy architecture Object recovery

5.2 Backup copies Testing backup and replication
5.3 Backup to tape Veeam Backup Enterprise Manager
In this section:
Backup copy architecture

Backup copies
Backup to tape
130
5.1 Backup copy architecture
131
Direct path (Windows and Linux 5.1.1
repositories)
Veeam® Backup
Server
Veeam Data Veeam Data

Mover Mover
Source backup Target backup

repository server repository server
Backup copy architecture – direct path - Windows and Linux repositories
Veeam Backup & Replication transports data directly from the source backup repository to the target backup repository.
This type of data transport is recommended for copying backups to onsite backup repositories or offsite backup
repositories over fast connections.
Microsoft Windows and Linux repositories. Veeam Backup & Replication uses the source Veeam data mover on the
source backup repository and target Veeam data mover on the target backup repository.
132
Direct path (shared folder 5.1.2
or deduplication appliance repository)

Backup
server
Veeam Data Veeam Data

Mover service Mover service
Source backup Target backup

repository Gateway server Gateway server repository
Backup copy architecture – direct path - shared folder or deduplication appliance repository
Veeam Backup & Replication transports data directly from the source backup repository to the target backup repository.
This type of data transport is recommended for copying backups to onsite backup repositories or offsite backup
repositories over fast connections.
Shared folder backup repository. If you have instructed Veeam Backup & Replication to automatically select the gateway
server, Veeam Backup & Replication will use Veeam data movers deployed on mount servers associated with backup
repositories. In case mount servers cannot be used for some reason, Veeam Backup & Replication will fail over to the
backup server.
If you have explicitly defined the gateway server, Veeam Backup & Replication will use the source Veeam data mover on
the gateway server in the source site and target Veeam data mover on the gateway server on the target site.
133
WAN accelerator 5.1.3
Data deduplication (digest files)

Low bandwidth mode (less than 100Mbit/s)
Global data caching
High bandwidth mode (more than 100Mbit/s)
Advanced compression
WAN acceleration
For WAN acceleration, Veeam Backup & Replication uses dedicated components — WAN accelerators. WAN accelerators
are responsible for global data caching and data deduplication. Technically, WAN accelerators add a new layer in the
backup infrastructure — between the Veeam data movers on the source side and the Veeam data mover on the target
side.
134
WAN accelerator architecture 5.1.4
Low bandwidth Low bandwidth
Digest files Cache

Source site Target site
fingerprints WAN accelerator WAN accelerator populate
WAN optimized
TCP/IP
Write
Read
Primary backup Off-site backup

repository repository
WAN acceleration - infrastructure
Deployment:
Infrastructure: no changes required (transport port is configurable)
One to many: a single WAN accelerator in HQ, multiple WAN accelerators at branches
Existing WAN accelerators: Configure bypass in the settings
Populate the global cache to reduce the amount of traffic transferred over the WAN for the first time
135
WAN accelerator (many to one) 5.1.5
WAN optimized
TCP/IP
Source Target
Backup copy job
WAN accelerators WAN accelerator
Global cache
Accelerator 1
Accelerator 2
Source
backup repositories Target
backup repository
WAN Acceleration – many to one infrastructure
The WAN global cache can be used by several source WAN accelerators simultaneously. For example, if you have several
remote/branch offices, you can configure several source WAN accelerators in remote sites and one target WAN
accelerator in the head office.
In this case, the global cache will hold cache data for separate source WAN accelerators. The cache data for every source
WAN accelerator will be stored in a dedicated subfolder in the global cache folder.
136
Backup copy (transport path over 5.1.6
WAN accelerator)
Backup
server
Veeam Veeam
Data Mover Data Mover
service service
Source WAN Target WAN

Source backup accelerator accelerator Target backup
repository server repository server
Transport path over WAN accelerators
Veeam Backup & Replication transports data through a pair of WAN accelerators: one deployed on the source side and
the other one deployed on the target side. WAN accelerators remove redundant blocks before transferring data and thus
significantly reduce the amount of traffic going over the network. This type of data transport is recommended for copying
backups offsite over slow connections or WAN.
When Veeam Backup & Replication transports data via WAN accelerators, it uses Veeam data movers on the following
backup infrastructure components:
Microsoft Windows and Linux repositories. Veeam Backup & Replication uses the source Veeam data mover on the
source backup repository and target Veeam data mover on the target backup repository.
Shared folder backup repository. If you have instructed Veeam Backup & Replication to automatically select the gateway
server, Veeam Backup & Replication will use the data mover services deployed on the source and/or target WAN
accelerator. If you have explicitly defined the gateway server, Veeam Backup & Replication will use the source Veeam
data mover on the gateway server in the source site and target Veeam data mover on the gateway server on the target
site.
137
5.2 Backup copies
138
Backup copy job considerations 5.2.1
Secondary backup
storage (onsite)
Backup
Production Primary
storage backup storage
Secondary backup
storage (offsite)
Backup copy job considerations

Optimize your backup infrastructure for fast backups and restores, and low cost
Use fast storage for primary backups and restores
Control costs by limiting the number of restore points
Keep older restore points on lower cost (per TB) storage
Reduce complexity by doing backup copy to tape
Characteristics of backup copy job functionality:

Efficiently copies backups on and off site
Forever incremental: synthetic full backups managed at the target,
validation (and remediation) built-in
Selective: specify VMs, frequency and retention
Simple: eliminates need for multiple backup jobs, scripted file copies and storage-based file replication
139
Backup copy modes (immediate copy 5.2.2
mode)
Data is copied as soon as it appears on the

source backup repository
Source Target
backup repository backup repository
Backup copy modes – immediate copy mode
In the immediate copy mode, Veeam Backup & Replication copies restore points as soon as they appear on a source
backup repository. Veeam Backup & Replication copies only restore points created by source backup jobs (backup jobs
that you select when configuring a backup copy job). Veeam Backup & Replication can also copy transaction log backups if
you enable this capability in job settings.
The immediate copy mode is supported for the following backup types:
Backups created with Veeam Backup & Replication

Backups created with Veeam Agent for Microsoft Windows or Veeam Agent for Linux operating in the managed mode
Only backups created by backup jobs managed by the backup server are supported.
Backups created with Veeam Plug-ins for Enterprise Applications
140
Immediate copy mode 5.2.3
Copies every restore point created by selected primary backup jobs as soon
as it is created in the primary backup repository.
Transaction log backup processing: backup copy job in the

immediate copy mode can be configured to copy
transaction log backups, enabling point-in-time database
recovery.
Backup copy jobs in both immediate and periodic copy
mode do not wait for the primary backup job to finish
before starting the copy process when per-VM backup
chains are used.
Immediate copy mode
Immediate copy mode is designed to help meet strict off-site backup RPOs, and even comes with the built-in RPO
monitor functionality that will notify you when the restore point was not copied within the specified period of time after
its creation.
141
Backup copy modes (periodic copy 5.2.4
mode)
Restore point is copied once the interval

specified in the backup copy job settings is
reached
Source Target
backup repository backup repository
Backup copy modes – periodic copy mode
In the periodic copy mode, Veeam Backup & Replication copies restore points once an interval specified in backup copy
job settings. This interval is also known as backup copy interval.
Veeam Backup & Replication can copy restore points created by backup jobs or restore points of individual machines. If
you select backup jobs when configuring copy job settings, Veeam Backup & Replication copies only restore points that
selected backup jobs create. If you select machines, Veeam Backup & Replication copies all restore points of the selected
machines — even restore points created by different backup jobs.
The periodic copy mode is supported for the following backup types:
Backups created with Veeam Backup & Replication

Backups created with Veeam Agent for Microsoft Windows or Veeam Agent for Linux operating in the standalone or
managed mode
For the managed mode, backups created by both backup jobs managed by the backup server and jobs managed by
Veeam Agent are supported.
Backups created with Veeam Backup for Nutanix AHV
Backups created with Veeam Backup for AWS
For more information visit:

https://helpcenter.veeam.com/archive/backup/100/vsphere/backup_copy_sync_interval.html
142
Retention policy 5.2.5
Simple retention policy GFS retention policy

Similar to forever forward Tiered retention policy
Description
incremental for regular backups scheme
Define how many restore points you Specify how many weekly,
Setting up want to retain on the target backup monthly or yearly backups
repository you want to retain
Can be used to double primary Scheme intended for long-

Purpose
storage term archiving
Contains only one full backup.

For this reason, the number
Backup chain specifics
of restore points allowed by
retention is limited to 999
Retention policy
The backup copy job has its own retention policy settings, independent of retention policy settings specified for a backup
job. The retention policy of a backup copy job defines how long Veeam Backup & Replication must retain copied restore
points on the target backup repository.
143
5.3 Backup to tape
144
Backup to tape (architecture) 5.3.1
Backup
Veeam Backup Server
repository
Tape catalog
Backup catalog
Database
Tape
device
Tape
server
Backup to tape – architecture
Veeam's native tape support operates by way of Veeam tape servers. The tape server works with tape devices to ensure
that they can be managed from within Veeam Backup Server.
145
Organization in tape infrastructure 5.3.2
Entity Description
Logical units that distribute free tapes for writing data
Media pools and store information about data that was archived to
them.
Separate sets of tapes with data continuously written to
Media sets
them.
Backup sets A set of files written to tape within one tape job session.
Media vaults Logical containers for visualizing data stored offline.

A user-defined period of time set to protect data from
Data retention
overwriting.
Organization in tape infrastructure
Data retention period is a period of time when data written to tapes is protected from overwriting.
The retention period is set by the user for the media pool and is applied to all tapes in this media pool. To set the
retention policy, you can choose between the following options:
Never overwrite data
Define a particular time period to protect data
Not to protect data at all.
146
Tape parallel processing 5.3.3
Media pool
Source backup chain job 1

Drive 1
Source backup chain job 2

Drive 2
Tape job
A
Source backup chain job 3 Drive 3
Source backup chain job 4 Waiting for drive…
Tape parallel processing
When you process tape jobs in parallel, the media pool assigns a drive to each running tape job. The media pool can use
the predefined maximum number of drives and process the equal number of tape jobs simultaneously. For example, if
you set three drives as the maximum, you can process up to three tape jobs at the same time. If you have more jobs
running at the same time, they are queued. When one of the jobs finishes and releases its drive, the first queued job
takes the drive.
For example:
You set the maximum number of drives to three.
Tape job A has four primary jobs.
Tape job A starts, and occupies three drives to process three primary jobs. The fourth primary job is queued and waits.
Parallel processing is enabled in media pool settings. To use drives of multiple libraries, you must enable the parallel
processing mode for the libraries that are managed by the media pool. A separate media set is opened per each drive
used.
147
Tape copy options and what it does TIPS
Copy from one drive to other drive via tape server

Modify database and link old backups with new tapes
Preserve link for old tapes
File parts are detected and prompt for additional tape
You can use the tape copy feature to migrate backups or files stored on previous generation tapes to newer ones.
You can also use this feature to make copies of tapes.
Before starting a tape copy job, check the following prerequisites:

The tape server must have at least 1 GB of RAM per each tape drive used during a tape copy session.
The tapes to copy must not be occupied by any other operations, such as backup, restore and cataloging. During the tape
copy procedure, the tapes will be locked.
The tapes to copy must be cataloged. Tapes in the Unrecognized media pool are not available for copying. For more
information, see Cataloging Tapes.
All tapes to copy and machine backups on them must be decrypted. Encrypted tapes cannot be copied. Encrypted
backups are skipped from copying. For more information, see Add Optional Media Pool Settings.
To copy content of a tape to another one, use the Copy Tapes wizard.
Launch the Copy Tapes wizard.
Choose source tapes to copy.
Choose a target media pool where to copy the tapes.
Specify tape copy options.
Finish working with the wizard.
148
Lab 5:
Second site backup
1. Prepare Veeam infrastructure
2. Create a backup copy job
3. Modify a backup copy job
149
Introduction
Advanced Repository Second backup location

Functionality Protecting data in the cloud
6.1 Per-machine backup chains Object recovery
6.2 Scale-out Backup Repository Recovery from replica
6.3 Deduplication appliances Testing backup and replication
6.4 Hardening repositories Veeam Backup Enterprise Manager
6.5 Impact on storage Veeam ONE™ overview
150
6.1 Per-machine backup
chains
151
Per-job backup chain features 6.1.1
By default:
Backup jobs write VM data to repository in one write stream
Store data on all VMs to same backup file
Backup job
VM1 VM1 VM1
VM2 VM2 VM2
VM3 VM3 VM3

Write stream
VBK VIB VIB

Backup repository
Backup chain
Per-job backup chains
By default, backup jobs write VM data to the backup repository in one write stream, and store data of all VMs to the
same backup file. Such behavior can be non-optimal if the target storage device is able to write data in multiple streams
simultaneously. In this situation, the backup repository may become the bottleneck for the data transfer, even though its
resources will not be fully utilized.
152
Per-job backup chains considerations 6.1.2
Not optimal if:

Storage device supports simultaneous multi-write data stream
Source data for a single job grows larger than 16 TB
Backup job
VM1 VM1 VM1
VM2 VM2 VM2
VM3 VM3 VM3

Write stream
VBK VIB VIB

Backup repository
Backup chain
Per-job backup chains
Note: per-job backup chains are not recommended for storage devices that support simultaneous multi-write data
streams
153
Per-machine backup chains 6.1.3
If you create per-machine backup files:

Backup jobs can use separate write streams
Store VM data in separate backup files
Storage devices usage will be more efficient
Job performance may increase

Backup job
VM1 VM1 VM1
Backup
chain 1
Write stream 1
VM2 VM2 VM2
Backup
chain 2
Write stream 2
VM3 VM3 VM3
Backup repository
Backup
chain 3
VBK VIB VIB

Write stream 3
Per-machine backup chains
You can instruct Veeam Backup & Replication to create per-machine backup files on the backup repository. In this case,
the backup job will use a separate write stream for every VM in the job, and store data of every VM to a separate backup
file. Resources of the storage device will be used more efficiently, and the job performance may increase.
154
6.2 Scale-out Backup
Repository
155
Scale-out Backup Repository 6.2.1
Performance Capacity
tier tier
S3 compatible
DAS
Move oldest backups
and / or Amazon S3
immediate copy backup
NAS • Policy-based Microsoft Azure

• Transparent Blob
• Space efficient
• Self-sufficient
• No extra costs
IBM Cloud
object storage
Dedupe
appliance
Veeam capacity tier
The Scale-out Backup Repository is a logical entity — it groups several backup repositories called extents. When you
configure the Scale-out Backup Repository, you actually create a pool of storage devices and systems, summarizing their
capacity. You can expand the Scale-out Backup Repository at any moment. For example, if backup data grows and the
backup repository reaches the storage limit, you can add a new storage system to the Scale-out Backup Repository. The
free space on this storage system will be added to the capacity of the Scale-out Backup Repository. As a result, you will
not have to move backups to a backup repository of a larger size.
156
Performance tier 6.2.2
Repository for full and incremental

backup files
Supports both active and inactive
backup chains
Data placement rules include:
Data locality
Performance locality
Performance tier
Repository for full and incremental backup files.

Data placement is done according to the data locality and performance locality rules.
Both active and inactive backup chains can reside on the performance tier.
157
Placement policy 6.2.3
Data locality
No limitations to backup chains
New backup chain with
dependencies stored in same or
different extent
Performance
When using Veeam® Scale-out
Backup Repositories™, full and
incremental backup files in the
same backup chain and stored on
different extents.
Placement policy
Data locality
If you set the data locality policy for a Scale-out Backup Repository, all backup files that belong to the same backup chain
are stored on the same extent of the Scale-out Backup Repository.
The data locality policy does not put any limitations to backup chains. A new backup chain may be stored on the same
extent or another extent. For example, if you create an active full backup, Veeam Backup & Replication may store the full
backup file to another extent, and all dependent incremental backup files will be stored together with this full backup
file.
However, if you use a deduplicating storage appliance as an extent to the Scale-out Backup
Repository, Veeam Backup & Replication will attempt to place a new full backup (active or synthetic) to the extent where
the full backup from the previous backup chain resides. Such behavior will help increase the data deduplication ratio.
158
Capacity tier 6.2.4
Offload and/or copy backup chains

to following storage types
including:
Amazon S3
S3 compatible
Microsoft Azure BLOB
IBM Cloud Object Storage
Automatic and manual offloading
options
Only inactive backup files can be
moved
Extent offloads to cloud based object
every four hours
Capacity tier
Offload backup chains to S3, S3 Compatible or BLOB Storage.

Only inactive backup files
Offloading can be done manually or automatically
Capacity tier augments your Scale-out Backup Repository abilities and allows you to store your backup data in
cloud-based object storage such as:
Amazon S3
Microsoft Azure blob storage
IBM Cloud object storage
S3 compatible
Such an approach helps you comply with possible data storage regulations your organization might be adhering to.
For example, you might be running out of space, as your extents are capable of keeping no more than 10 restore
points at a time, or your organization policies allow you to store only certain amount of data on your extents,
whereas the rest of the data should be stored elsewhere because of its outdated state.
To safely reclaim valuable storage space on your on-premises devices and make it easier to place the backup data to
cloud repositories, Veeam Backup & Replication implements proprietary mechanisms that help you efficiently
offload your data from the extents to cloud-based object storage every four hours.
Automatic offloading is based on:

Backup age
Repository free space
Allowed time window
All viable backups can be manually offloaded from the performance tier to the capacity tier
159
Capacity tier TIPS
Backups placed in object buckets, can be protected against

ransomware by making use of immutability.
Veeam Backup & Replication allows you to prohibit deletion of data from the extents of the scale-out backup repository
by making that data temporarily immutable. It is done for increased security: immutability protects your data from loss as
a result of attacks, malware activity or any other injurious actions.
You can enable the immutability feature for any tier of scale-out backup repository.
To learn how immutability works with capacity tier of the scale-out backup repository, see
https://helpcenter.veeam.com/docs/backup/vsphere/immutability_capacity_tier.html?ver=110
To learn how immutability works with archive tier of the scale-out backup repository, see
https://helpcenter.veeam.com/docs/backup/vsphere/immutability_archive_tier.html?ver=110
160
Scale-out Backup Repository:
copy mode
161
When does data get copied? 6.2.5
Restore points are copied to

the capacity tier after the
backup or backup copy job
has completed to create the
third copy of the data to
follow the 3-2-1 rule
When does data get copied?
Once the backup (or backup copy) job is complete, Veeam Backup & Replication initiates a new copy session which simply
extracts data blocks and metadata from each new backup file (.vbk, .vib, .vrb) created on any of the extents of your Scale-
out Backup Repository and copies these blocks to object storage, thereby making an identical replica of your backup data.
162
Copy to capacity tier example 6.2.6
Archive index Performance tier

(persistent)
METADATA METADATA
DATA Chunk DATA Chunk
DAS
A A
B F
METADATA METADATA
C I NAS
DATA Chunk METADATA METADATA METADATA METADATA DATA Chunk METADATA METADATA
D DATA Chunk DATA Chunk DATA Chunk DATA Chunk G DATA Chunk DATA Chunk
METADATA E F G H METADATA J K
.vbk .vib .vib .vib .vib .vbk .vib .vib
Dedupe appliance
Mon Tue Wed Thu Fri Sat Sun Mon

METADATA METADATA
METADATA METADATA
METADATA METADATA METADATA METADATA METADATA METADATA METADATA METADATA
DATA Chunk DATA Chunk DATA Chunk DATA Chunk DATA Chunk DATA Chunk DATA Chunk DATA Chunk DATA Chunk DATA Chunk DATA Chunk
A B C D E F G H I J K
Capacity tier
Copy to capacity tier example
Monday – first run with immediate copy, all blocks copied to object storage, note that metadata exists in both locations
Tuesday – first incremental, block E copied
Wednesday – block F copied
Thursday – block G copied
Friday – block H copied
Saturday – synthetic full in performance tier, block I copied to object storage, links to existing blocks A, F and G created
Still Saturday - we only transferred a single DATA chunk (Chunk I) because we already had many of the required blocks of
data in the capacity tier. Information about this is stored in the performance tier, in the archive index.
Sunday – block J copied
Monday – block K copied
163
move mode
164
Move mode: Why? How? What? 6.2.7
Why?
Reduce amount of local storage required by dehydrating backup files.
How?
Move inactive backup data to the capacity tier.
What about restores?

A local copy of meta-data is kept. Any blocks of data still available on the performance tier will be used. Only missing
blocks will be retrieved from the capacity tier.
When does data get copied?
Once the backup (or backup copy) job is complete, Veeam Backup & Replication initiates a new copy session which simply
extracts data blocks and metadata from each new backup file (.vbk, .vib, .vrb) created on any of the extents of your Scale-
out Backup Repository and copies these blocks to object storage, thereby making an identical replica of your backup data.
165
Dehydrating backup files 6.2.8
Backup file in
backup repository Object storage
Data
Metadata
Move backups to capacity tier
Metadata is stripped from the backup chain and kept on the performance tier.
Only the blocks of actual backup data will be offloaded to the object storage.
Offloading, as a result, will be on source side deduplicated.
During restore Veeam can access the metadata of a backup and therefore knows which blocks of data are available from
restore from the performance tier or only on the capacity tier. Only the required blocks of data will be transported back
from the object storage bucket.
166
Dehydrating backup files 6.2.9
Dehydrated backup file

Object storage
in backup repository
Data
Metadata
Move backups to capacity tier
Metadata is stripped from the backup chain and kept on the performance tier.
Only the blocks of actual backup data will be offloaded to the object storage.
Offloading, as a result, will be on source side deduplicated.
During restore Veeam can access the metadata of a backup and therefore knows which blocks of data are available from
restore from the performance tier or only on the capacity tier. Only the required blocks of data will be transported back
from the object storage bucket.
167
What can be moved? (forward) 6.2.10
Inactive backup chain (forward incremental with periodical fulls)
Active
Inactive backup chain backup
chain
Sun Mon Tue Wed Thu Fri Sat Sun
Inactive backup chain – forward incremental
When a backup job is being executed for the first time, Veeam Backup & Replication creates an initial full backup file that
contains complete information about the VMs that are being backed up. Each subsequent backup job sessions initiate
creation of new incremental backup files that contain only changes which have occurred since the last backup session.
Such a chain can be considered active as there are more incremental backups have yet to be created, depending on the
backup job schedule configuration.+
To move data to object storage repositories, an active backup chain must be reset, that is, transformed into inactive.
To transform an active backup chain into inactive, a new active full (or synthetic full) backup file must be created for such
a chain. This can be done either manually or you can configure a schedule, according to which new active full backups will
be created automatically.
Once a new full backup file is created and the offload session is being executed, Veeam Backup & Replication collects all
the restore points (full and incremental) that were created prior to the latest active full, and prepares them to be moved
to the object storage repository.
The graphic shows both inactive and active backup chains created with the incremental method. The inactive backup
chain consisting of one .vbk file and five .vib files can easily be offloaded once it satisfies validation criteria, whereas the
active backup chain consisting of a .vbk file and a .vib file would continue to grow with another incremental backups until
it is reset by another full backup and so on.
168
What can be moved? (reverse) 6.2.11
Inactive backup chain (reverse incremental)
Active
backup
Inactive backup chain
chain
.vrb
Sun Mon Tue Wed Thu Fri Sat Sun
Inactive backup chain – reverse incremental
The same applies to backup chains created with the reverse-incremental method, except for in this method, all
the .vrb files starting from the third restore point will be considered inactive automatically
169
Move to capacity tier example 6.2.12
Archive index Performance tier

(persistent)
Operational restore
Operational
window
Operational
restore window
restore
Operational
window
restore
Operational
window
restore
Operational
window
restore window
METADATA METADATA
DAS
A A
B F
METADATA METADATA
C I NAS
METADATA
D
METADATA DATA Chunk DATA Chunk DATA Chunk DATA Chunk G DATA Chunk DATA Chunk
METADATA E
METADATA F
METADATA G
METADATA H
METADATA METADATA J K
Dedupe appliance

METADATA
METADATA
METADATA METADATA METADATA METADATA METADATA
.vbk .vib .vib .vib .vib
DATA Chunk DATA Chunk DATA Chunk DATA Chunk DATA Chunk DATA Chunk DATA Chunk DATA Chunk
A B C D E F G H
Capacity tier
Move to capacity tier
Monday – first run – nothing is eligible to move to the capacity tier (no inactive chain, inside operational restore window)
Tuesday – nothing is eligible to move to the capacity tier (no inactive chain, inside operational restore window)
Wednesday – nothing is eligible to move to the capacity tier (no inactive chain, inside operational restore window)
Thursday – nothing is eligible to move to the capacity tier (no inactive chain)
Friday – nothing is eligible to move to the capacity tier (no inactive chain)
Saturday 1 – synthetic full in performance tier, previous chain is now inactive (Mon, Tues, Wed, Thurs, Fri)
Saturday 2 - data that’s outside the operational restore window can be moved to the object storage, and the associated
files in the Performance tier are dehydrated (Monday, Tuesday and Wednesday)
Saturday 3 - the archive index is updated with information about the data sent up.
Sunday – Thursday data is now out of the operational restore window and can be moved to object storage
Monday – Friday data is now out of the operational restore window and can be moved to object storage
170
copy and move modes,
together
171
Copy and move together 6.2.13
Restore points are copied to

the capacity tier after the
backup or backup copy job
has completed.
When the restore points are

outside the operational
restore window and in an
inactive chain, they will be
dehydrated in the
performance tier.
Copy and move together
You can combine both the copy backups to object storage as soon as they are created option and the move backups to
object storage as they age out of the operational restores window option. In such a scenario, a copy session will be
copying newly created backups right upon creation.
Once the backup chain becomes inactive and exceeds the operational restore window, data blocks will be removed from
each associated backup file in such an inactive on-premises backup chain and only metadata will be preserved. Such a
behaviour mimics data movement, but instead of moving data that was already copied, Veeam Backup & Replication
simply purges associated data blocks from the extents, thereby saving traffic and reducing costs that might be incurred by
your storage provider for performing read/write operations.
172
Copy and move to capacity tier Performance tier
6.2.14
Archive index
(persistent)
Operational restore
Operational
window
Operational
restore window
restore
Operational
window
restore
Operational
window
restore
Operational
window
restore window
METADATA METADATA
DAS
A A
B F
METADATA METADATA
C I NAS
METADATA
D
METADATA DATA Chunk DATA Chunk DATA Chunk DATA Chunk G DATA Chunk DATA Chunk
METADATA E
METADATA F
METADATA G
METADATA H
METADATA METADATA J K
Dedupe appliance

METADATA METADATA
METADATA METADATA
METADATA METADATA METADATA METADATA METADATA METADATA METADATA METADATA
DATA Chunk DATA Chunk DATA Chunk DATA Chunk DATA Chunk DATA Chunk DATA Chunk DATA Chunk DATA Chunk DATA Chunk DATA Chunk
A B C D E F G H I J K
Capacity tier
Copy and move to capacity tier
Monday – first run with immediate copy, all blocks copied to object storage, note that metadata exists in both locations
Tuesday – first incremental, block E copied
Wednesday – block F copied
Thursday – block G copied
Friday – block H copied
Saturday – synthetic full in performance tier, block I copied to object storage, links to existing blocks A, F and G created.
Since the previous chain is now inactive, we are able to dehydrate the files that are outside the operational restore
window (Monday, Tuesday and Wednesday)
Sunday – block J copied, dehydrate Thursday
Monday – block K copied, dehydrate Friday
173
Retention (copy with immutability) 6.2.15
Immutability will prohibit the deletion of data by taking advantage

of the S3 object lock technology
This means the following operations cannot be performed:

Manual removal of data
Removal of data by the retention policy
Removal of data using any cloud service provider tools
Removal of data by the cloud service provider technical support department
Removal of data by the ”remove deleted items data after” option
Retention – copy with Immutability
Veeam Backup & Replication allows you to prohibit deletion of data from object storage by making it immutable.
To make data immutable, Veeam Backup & Replication uses the Object Lock technology provided by Amazon and some
S3-Compatible providers. Once imposed, the object lock prohibits deletion of data from object storage until the
immutability expiration date is met. The value that defines the period after which the immutability expiration date occurs
is specified when adding (or editing) an Amazon S3 or S3 Compatible object storage repository. For more information,
see Adding Amazon S3 Object Storage and Adding S3 Compatible Object Storage, respectively.
The following operations cannot be performed on immutable data:

Manual removal of data, as described in Removing Backups from Object Storage Repository.
Removal of data by the retention policy, as described in Retention Policy.
Removal of data using any cloud service provider tools.
Removal of data by the cloud service provider technical support department.
Removal of data by the remove deleted items data after” option, as described in Maintenance Settings.
174
Retention (copy with immutability) TIPS
Considerations
Veeam will add a fixed 10-day generation period to what you set
as the immutability period
Immutability period can only be set, adjusted or turned off for

future backup copies
Once a backup is copied with immutability there is no way to

change the immutability period so be careful
Considerations
Give an overview of the consideration outlined on the slide.
If you set the immutability period to 30 days, realize that the data will actually be locked for 40 days because of the
Veeam 10 day generation period.
175
maintenance mode
176
SOBR extend (maintenance mode) 6.2.16
What is maintenance mode?

Why put an extent in maintenance?
What happens when an extent is placed in maintenance mode?
SOBR extend - maintenance mode
Veeam Backup & Replication allows you to put any of the extents of your Scale-out Backup Repository into maintenance
mode. You can use this mode if you need to perform service actions, such as upgrading an extent or installing a patch on
it. Putting an extent into maintenance mode is mandatory to evacuate backups, as described in evacuating backups from
extents.
177
sealing an extent
178
Sealing a SOBR extent 6.2.17
What is sealing?
Why seal a SOBR extent?
What happens when an extent is sealed?
Sealing a SOBR extent
Veeam Backup & Replication allows you to put any of the extents of your Scale-out Backup Repository into seal mode.
Sealing up extents gives you the ability to gradually remove data located on these extents by applying a retention policy.
You can use this feature to gracefully stop using some of your extents as backup repositories and exclude them from the
Scale-out Backup Repository configuration altogether.
When sealing up an extent, Veeam Backup & Replication restricts any further data saving to such a sealed extent and
allows only read operations such as restore, merge and remove.
All backup jobs that are targeted to a Scale-out Backup Repository with the sealed extents that store active backup chains
will be forced to create a new active full backup on the next run. The new active full will be saved to another available
extent in the Scale-out Backup Repository scope, thereby forming a new active backup chain. The extent to which the
new active full is going to be saved is chosen automatically by Veeam Backup & Replication, depending on the available
resources.
179
Sealing a SOBR extent TIPS
Considerations
An extent can be put into both the maintenance and seal
modes at the same time.
When both modes are applied, maintenance mode overrides

seal mode.
When putting an extent into seal mode, you will still be able to
restore, merge and remove data without exiting this mode.
Sealing up performance extents gives you the ability to gradually remove data located on these extents by applying a
retention policy. You can use this feature to gracefully stop using some of your performance extents and exclude them
from the Scale-out Backup Repository configuration.
When sealing up a performance extent, Veeam Backup & Replication restricts any further data saving to such a sealed
extent and allows only read operations such as restore, merge and remove.
All restore points that exceed the specified retention period will be continuously removed from the
sealed performance extents on each subsequent backup session.
180
archive tier
181
Archive tier: write once /(almost) TIPS
never read
Performance Capacity Archive
tier tier tier
Amazon S3
Archive (move) GFS Amazon Glacier
(incl. Deep Archive)
• Policy-based
• Cost optimized
• Save space
Microsoft Azure • Self-sufficient Microsoft Azure Blob
Blob Hot / Cold Storage Archive Tier
• No extra costs
Storing archived data in the archive tier is cheaper than in the capacity tier. However, restoring data from the archive tier
is longer and more expensive compared to the capacity tier. Data must be prepared for restore from the archive tier.
This feature is most useful in the following cases:
You have a lot of rarely (no more than once a quarter) accessed data that has to be stored in an archive.
You want to save costs and/or space on storing archived data.
Before an object storage repository can be configured as an archive extent, it must be added
to Veeam Backup & Replication backup infrastructure.
You can add an archive extent to your Scale-out Backup Repository and configure its settings on the Add Archive Tier step
of the new Scale-out Backup Repository wizard.
182
Add archive tier to Scale-out Backup TIPS
Repository
New “archive tier”
Move old GFS restore

points
Avoid moving data to

archive if retention is
too low (higher costs)
At the archive tier step of the wizard, select an object storage repository that you want to add as an archive extent and
specify when to move and/or copy data.
Consider the following:
The Archive Tier step of the wizard will appear only if you have a compatible type of repository configured as a capacity
extent. For more information, see Limitations for Archive Tier.
You can add only one archive extent per scale-out backup repository.
When you add as an archive extent an object storage repository that contains offloaded backup data, you will be
prompted to synchronize existing backup chains with data in this Scale-out Backup Repository. After the synchronization
is complete, the existing backups will become available as imported and will be displayed in the Home view, under
the Archive (Imported) node in the inventory pane.
183
Move data to archive tier TIPS
Temporary
proxy
Temporary proxy converts to
larger objects Archive
Capacity
Tier Tier
One temporary proxy per

backup chain (up to 64 per
default)
Data removed from capacity

tier
Independent fulls or dedupe

(aka “block cloned”)
In case the move policy is selected (the outdated backup files are transferred from the performance tier to the capacity
tier), the original file disappears from the performance tier.
Data transfer from the capacity extent to the archive extent is done through proxy appliances — temporary virtual
machines.
The template for all the proxy appliances is set up at the Proxy Appliance step of the Adding Amazon S3 Glacier or Adding
Azure Archive Storage wizard.
After the archiving job is finished, all the proxy appliances are automatically deleted. If the job ends prematurely, the
proxy appliances will be deleted as well. Also, any proxy appliance can be deleted if there are no more tasks for it.
184
6.3 Deduplication appliances
185
Adding deduplicating 6.3.1
storage systems
Leverage deduplication appliance
features by adding in supported
storage, not as shared folder, but
as deduplication storage
appliance.
Dell EMC Data Domain
HPE StoreOnce
ExaGrid
Quantum DXI
Support for deduplicating storage systems
For disk-to-disk backups, you can use a deduplicating storage system as a target. Veeam Backup & Replication
supports the following deduplicating storage appliances:
Dell EMC data domain

HPE StoreOnce
ExaGrid
Quantum DXI
While deduplicating storage systems usage can enable some significant savings on space, forever forward incremental,
synthetic full, and reverse incremental operations can perform poorly with deduplication devices because the backup
files that have been previously written to the storage must be interacted with during these operations. The act of reading
existing data on deduplication device is slow because each block requested must be rehydrated and uncompressed to be
read.
However, with EMC data domain deduplication appliances, it is possible to leverage EMC data domain's own mechanism
of updating file blocks' metadata internally, and consequently achieve greater performance with synthetic full. New full
backup files can then be created without physically moving data into the file, but rather by synthesizing them from the
existing data.
The process of rehydration and uncompressing during read operations from the deduplication storage will also impact
the performance of all restore operations.
186
Support for deduplicating 6.3.2
storage systems
When a dedupe appliance is added as shared folder, Veeam
is storage agnostic and will not leverage appliance features
Shared folder on
Backup data Gateway server
deduplication
appliance
Support for deduplicating storage systems
When a dedupe appliance is added as shared folder, Veeam is storage agnostic and will not leverage appliance features
187
Deduplication appliance best practices 6.3.3
When using Veeam with a

deduplicating storage system a
best practice can be to have a
non-duplicating storage system
as the primary backup target for
the most recent restore points
Use backup copy jobs for long
term retention.
See Veeam KB2660 for additional details and links to

best practices per appliance.
It is important to note that while this is Veeam’s general recommendation, there is a wide array of different hardware
deduplication options, some of which have Veeam specific features enabled or are built with solid state drives to improve
random read performance. Because of this, Veeam encourages an in-depth recovery time and recovery point
requirements discussion with a value-added reseller or the hardware manufacturer to determine how best to leverage
deduplicating storage.
Veeam has worked with strategic alliance partners to list these use cases and offer several architecture options to meet
the needs of any scenario.
Applying deduplication to storage systems is a technique used to reduce the space required to maintain a desired backup
retention. Deduplicating storage systems are often optimized for sequential write operations and can offer high ingest
rates, however, there can be a trade off in the form of higher latency when random read operations are required, as they
are with the list of features above.
188
6.4 Hardened repository
189
Hardened repository overview TIPS
Why?
Malware-safe repositories
If set up properly: insider
protection
What
Deny deletion of backups
How
Use “immutable flag” in Linux
Immutable:
Hardened backup repository is a backup repository with an option for switching on immutability. Immutability protects
your data from loss as a result of malware activity by temporarily prohibiting the deletion of data. It can be switched on
while adding a backup repository, at the Configure Backup Repository Settings step of the wizard.
Remember that the transport service does not run as root in a secure environment
A normal user can set the immutability flag, but only root can remove it.
190
Hardened repository TIPS
Use non-root account
When adding the Linux server, use temporary credentials. To do that, click Add and select Single-use credentials for
hardened repository at the SSH Connection step of the New Linux Server wizard.
Within the user account that you plan to use to connect to the Linux server, do not select the Add account to the sudoers
file automatically check box. Select the Elevate account privileges automatically and the Use "su" if "sudo" fails check
boxes. For more information, see Linux Accounts (User Name and Password).
191
Permissions TIPS
Transport service running under normal user account

Immurepo service is running as root
Immurepo service removes immutable flag when time expires
Single-use, or temporary, credentials is a recommended option for Linux hardened repository, but you can also
use persistent credentials. In this case, the rights for the transport service will be reduced at the Configure Backup
Repository Settings step of the Adding Backup Repository wizard.
192
Job compatibility TIPS
Backup jobs that do not merge

Forward incremental with
synthetic / active full
Backup copy job with GFS

Active full backup copy job not
required in V11!
If the backup repository is part of Scale-out Backup Repository with capacity tier added, immutability period for full
backup files with GFS retention policy is set according to the backup repository setting.
Otherwise, the following periods will be compared: immutability period set for the backup repository and the GFS backup
file lifetime. Immutability period for full backup files with GFS retention policy will equal the longest of these periods.
193
How to install hardened repository TIPS
1. Create unprivileged Linux user that can

elevate to root
2. Create backup folder with permissions for
unprivileged account
3. Add Linux with unprivileged user account
(single-use credentials)
4. Check whether Veeam transport is
running as defined user
5. Remove “elevate to root” permissions
6. Ideally, disable SSH access.
194
Limitations TIPS
Image level backups only (no NAS or plug-ins)

Requires backup modes with periodic fulls
Protects against external threats. It does not help against malicious
insider
Only data in location with only authorized access are 100% bulletproof
solutions.
Examples:
Externally hosted “hardened repository”
S3 object lock at public cloud
Tapes in secure location
Veeam Cloud Connect with insider protection
195
6.5 Impact on storage
196
Impact of file systems 6.5.1
Full backup Incremental backups Synthetic full

90%
80%
70%
60%
A0 A1 A2
B0
C0 C1
.vbk 1 .vib 1 .vib 2 .vib 3 .vbk 2 Backup Repository
Impact of file systems
Impact of ReFS/XFS file system on Veeam backup repository.
No I/O penalty for:

Reverse incremental transform and forward incremental merge
Compacting or creation of synthetic full backup file
ReFS is not deduplication! Performance improvements on:

Reversed Incremental doesn`t consume IO
Synthetic full operation in backup jobs
Creation of GFS backups (synthetic method) in backup copy jobs
Compact of full backup file for both
Merge of backup files for both
197
Fast Clone impact on backup 6.5.2
Full Backup Incremental

Backups
Synthetic
Full
60%
A0 A1 A2 A2
Fast clone reference to existing blocks
B0 B0
C0 C1 C1
.vbk 1 .vib 1 .vib 2 .vib 3 .vbk 2 Fast Clone Backup
Repository
Impact on destination storage
To check if fast block cloning is used during backup; open the job report and select the VM.
198
Impact on destination storage 6.5.3
Method Impact on destination storage I/O Benefit from fast clone
Active full 1 write I/O
Forever forward incremental 3 I/O (1 I/O read + 2 I/O write)
Forward incremental 1 write I/O
Reverse incremental 3 I/O (1 I/O read + 2 I/O write)
199
Introduction
Protecting Data Second backup location

in the Cloud Protecting data in the cloud
Restoring From backup
7.1 Protecting data Object recovery
in the cloud Recovery From replica
Testing Backup and replication
In this section:
Key Veeam components

Simple deployment
3-2-1 rule
RTO/RPO
200
7.1 Protecting data in the
cloud
201
Data could be anywhere in the cloud 7.1.1
Public cloud VCSP SaaS
Public cloud-the public cloud is defined as computing services offered by third-party providers over the public internet,
making them available to anyone who wants to use or purchase them. They may be free or sold on-demand, allowing
customers to pay only per usage for the CPU cycles, storage or bandwidth they consume.
VCSP - Veeam Cloud & Service Provider
SaaS - Software as a service (SaaS) is a software licensing and delivery model in which software is licensed on
a subscription basis and is centrally hosted.
202
Cloud-native protection with Veeam 7.1.2
• File-level recovery
1 2 3
• Backup copy job
• Instant VM Recovery®
• Restore to Azure/AWS
Original region/AZ Same or another region/AZ Object storage “External repository” in VBR
1 – Protection via native snapshots

2 – Protection via backups in object storage
3 – Protection via migration to on-premises DC
Veeam® Backup for Public Cloud
(AWS, Azure, GCP)
Veeam offers data protection solutions for the multi-cloud enterprise with our strong alliance partnerships and seamless
technology integrations with the leading cloud providers, including Amazon Web Services (AWS), Microsoft Cloud, IBM
Cloud and over 20,000 managed cloud providers. In addition, Veeam has new emerging partnerships with Google Cloud,
Alibaba Cloud and Oracle Cloud.
203
Public cloud 7.1.3
Restoring backups to the cloud

VBR Direct Restore to AWS
VBR Direct Restore to Azure
This is another way to migrate date to the public cloud
204
Full VM recovery 7.1.4
Full VM recovery
With Veeam Backup & Replication, you can restore an entire VM from a backup file to the latest state or to a previous
point in time if the original VM fails.
When you restore an entire VM, you extract the VM image from the backup to the production storage. Though entire VM
restore takes more resources and time to complete than Instant VM Recovery, you do not need to perform extra steps to
finalize the recovery process. Veeam Backup & Replication pulls the VM data from the backup repository to the selected
storage, registers the VM on the chosen ESXi host and, if necessary, powers it on. Entire VM restore enables full disk I/O
performance while Instant VM Recovery provides a “temporary spare” for a VM as the vPower NFS throughput is limited.
205
Direct restore to AWS and Azure TIPS
Main office Extended company network
Direct Restore
to Microsoft Azure /
Amazon AWS
Temporary office
Veeam Backup
Restored VMs
Repository
1) Veeam Backup & Replication (VBR), Veeam Agents for Windows and Linux put backups into VBR repository;
2) Direct Restore to Microsoft Azure (DR2MA): VBR converts backup file and puts data into Azure storage;
3) DR2MA: VM is created in Azure and powered on immediately. VM operates in Azure network;
4) Veeam Powered Network (Veeam PN): Veeam PN extends Azure network to main office network by creating a virtual
private network (VPN) tunnel between them
206
Veeam Cloud Connect backup TIPS
overview
Service Provider
Tenant to VCSP Veeam

Service
Provider
Production Veeam Environment
Veeam Cloud
Connect SSL
tunnel
WAN
Cloud repositories
Cloud
Backup
gateway
repository
Backup data from on-premises to VCSP

SP can leverage AWS, Azure or other IaaS offerings
Customer has no cloud resources to manage
Service providers (SP) can use Veeam Backup & Replication to offer cloud repository as a service and disaster recovery as
a service to their customers (tenants). Veeam Backup & Replication lets SPs set up the cloud infrastructure so that
tenants can send their data to the cloud and store it there in an easy and secure way.
Veeam Backup & Replication does not offer its own cloud for storing tenant data. Instead, it uses SP computing,
storage and network resources to configure Veeam Cloud Connect Backup and Veeam Cloud Connect Replication
infrastructure components:
Cloud repositories — storage locations in the cloud that store backups of tenant machines. Cloud repositories can be
used as primary storage locations and secondary storage locations to meet the 3–2–1 backup best practice.
Replication resources — dedicated computing, storage and network resources in the SP virtualization environment. To
set up replication resources, the SP configures hardware plans and subscribes tenants to one or several hardware plans.
For tenants, hardware plans appear as cloud hosts. Tenants can create VM replicas on cloud hosts and fail over to VM
replicas in the cloud in case of a disaster on the production site.
207
Recover full VMs, files and folders TIPS
Restore functionalities
include:
Full VM restore
VM files restore
VM guest OS files restore
Application items restore
Disk export
Backup export
208
Veeam Backup for Microsoft Office 365 TIPS
Back up from on-premises and Microsoft Office 365 services to local or object storage
Microsoft Office 365
Back up
data to
block
Backup repository
storage
Exchange OneDrive
Online for Business
Object storage
SharePoint Microsoft
Teams Metadata &
Online backup data Amazon S3 S3-compatible
Back up
data to
On premises Veeam Backup object
for Microsoft Office 365 storage
RAM Microsoft IBM

Azure Blob Cloud
Exchange SharePoint
Metadata Cache repo
PowerShell RESTful API

Local storage
Notes:
Shows dataflow from Microsoft Office 365 and On-Premises to VBO to a backup repository
Fades the connection from VBO to the repository and the repository (trying to show that it’s one or the other)
Shows the process to send data to object storage, including the Cache Repo
Shows the powershell extension that can be used to automate backup tasks
Shows the RESTful api that exposes the VBO capabilities to other portals
209
Veeam Backup for Microsoft Office 365 TIPS
Recovery tools
Delivering flexible restore options
Veeam Explorer™
for Microsoft
Microsoft Office 365 Teams
Browse, search &
restore data
Backup repository
Additional recovery options
Exchange SharePoint OneDrive Microsoft Veeam Explorer Object storage
Online Online for Business Teams for Microsoft
Restore prior Exchange
version
Save as a file
Amazon S3 S3-compatible
Email as
an attachment Veeam Explorer
On premises Restore
for Microsoft data
Export to .pst SharePoint
or .zip
Microsoft IBM
Service provider Azure Blob Cloud
restore for a tenant
Exchange
Exchange SharePoint
SharePoint Cache repo
Veeam Explorer
for Microsoft
OneDrive Browse /
search Local storage
RESTful API
Recovery from a backup repository

Some additional recovery options
Recovery from object storage (note that the search and browse takes place in the cache repo, not the object storage
Shows the RESTful api that exposes the Explorer capabilities to other portals
210
Backup cloud VMs with Veeam Agents TIPS
Cloud
IaaS VMs Veeam

Agent Veeam Backup &
Replication™
Veeam SOBR –
Veeam SOBR -
capacity tier
performance tier
A Scale-out Backup Repository can be used for the following types of jobs and tasks:
Backup jobs created by Veeam Agent for Linux 2.0 or later

Backup jobs created by Veeam Agent for Microsoft Windows 2.0 or later
Backup jobs created by Veeam Agent for Mac
211
Introduction
Restoring From Second backup location

Backup Protecting data in the cloud
8.1 Restoring from VM/Agent backups Object recovery
8.2 NAS recovery and restore Recovery from replica
8.3 Staged restore Testing backup and replication
In this section:

Simple deployment
3-2-1 rule
RTO/RPO
212
8.1 Restoring from
VM/Agent backups
213
Instant VM Recovery® 8.1.1
Restarts VMs directly from a backup file in a matter

of seconds
Uses existing backups and backup storage
Keeps users working while you troubleshoot the

problem
Restores to original location or new location with

different settings
Instant VM Recovery
Features:
Immediately restores a VM into your production environment by running it directly from the backup file.
It uses the patented Veeam vPower technology to mount a VM image to a host.
The archived image of the VM remains in read-only state.
You can redirect VM changes to a specific datastore.
Fast:
restarts a VM directly from a backup file in a matter of seconds
Readily available:
uses existing backups and backup storage
Buys you time:

users keep working while you troubleshoot the problem
Versatile:
Restore to original location or new location with different settings
214
Instant VM Recovery vSphere 8.1.2
Compressed /deduplicated
backup files
vPower®
Migrate online
Production storage Backup repository
Instant VM Recovery VSphere
If you are recovering a VM to the production network, make sure that the initial VM is powered off to avoid conflicts.
Version 10 allows for multiple VMs to be recovered at once or even an individual disk if required.
215
Instant VM Recovery Hyper-V 8.1.3
Veeam Backup
Server
Data mover
services
Data restore
Disk mount
Backup
Source repository
Hyper-V host
Instant VM Recovery
Veeam Backup & Replication reads the VM configuration from the backup file on the backup repository and creates a
dummy VM with empty disks on the target host. The created VM has the same settings as the VM in the backup file. Note
that Veeam Backup & Replication pre-allocates disk space required for the restored VM at the beginning of the Instant
VM Recovery process.
Veeam Backup & Replication initiates creation of a protective snapshot for the dummy VM and the VM is started. If the
Instant VM Recovery process fails for some reason, the protective snapshot guarantees no data is lost.
On the backup repository and on the target host, Veeam Backup & Replication starts a pair of Veeam data movers that
are used to mount the VM disks from the backup file to the dummy VM.
On the target host, Veeam Backup & Replication starts a proprietary Veeam driver. The driver redirects requests to the
file system of the recovered VM (for example, when a user accesses some application) and reads necessary data from the
backup file on the backup repository via the pair of Veeam data movers that maintain the disk mount.
To finalize VM recovery, you can migrate the VM to the production storage. When you begin the migration
process, Veeam Backup & Replication starts another pair of Veeam data movers on the backup repository and on the
target host. The second pair of Veeam data movers copies data of the recovered VM from the backup repository to the
target host in the background and populates disks of the VM started on the target host.
Note: If you are recovering a VM to the production network, make sure that the initial VM is powered off to avoid
conflicts.
216
Full VM recovery 8.1.4
Full VM recovery
With Veeam Backup & Replication, you can restore an entire VM from a backup file to the latest state or to a previous
point in time if the original VM fails.
When you restore an entire VM, you extract the VM image from the backup to the production storage. Though entire VM
restore takes more resources and time to complete than Instant VM Recovery, you do not need to perform extra steps to
finalize the recovery process. Veeam Backup & Replication pulls the VM data from the backup repository to the selected
storage, registers the VM on the chosen ESXi host and, if necessary, powers it on. Entire VM restore enables full disk I/O
performance while Instant VM recovery provides a “temporary spare” for a VM as the vPower NFS throughput is limited.
217
Full VM restore mode 8.1.5
Full VM recovery
A VM can be restored to its original location or to a new location. When you restore a VM to its original
location, Veeam Backup & Replication powers off the original VM and restores only those disks that are included in the
backup file. All other disks remain unchanged.
When you restore a VM to a new location, you can specify new VM settings such as the new VM name, the host and
datastore where the VM will reside, disk format (thin or thick provisioned) and network
properties. Veeam Backup & Replication will change the VM configuration file and store the VM data to the location of
your choice.
218
Full VM recovery options TIPS
For an incremental restore of

VM or VM disk make sure the
following requirements are
met.
Restore performed to original location
CBT is enabled for VM you plan to restore
The backup file used for restore is created

with use changed block tracking option
enabled
It is recommended to use quick rollback if
restoring a VM or VM disk after a problem has
occurred at VM guest OS level.
Full VM recovery
Incremental restore (also referred to as quick rollback) recovers only those data blocks necessary to revert the VM or VM
disk to an earlier point in time.
It is recommended that you use quick rollback if you restore a VM or VM disk after a problem that has occurred at the VM
guest OS level.
To perform an incremental restore of a VM or a VM disk make sure that the following requirements are met:
Restore is performed to the original location

CBT is enabled for the VM disk or all disks of a VM you plan to restore
The backup file used for restore is created with the use Changed Block Tracking option enabled
219
Entire VM recovery example scenarios 8.1.6
After guest operating system upgrade the virtual machine is unable to boot
Use Full VM restore with quick roll back enabled
Virtual machine is unable to boot after power failure

Option 1: If downtime is priority, use Instant VM Recovery
Option 2: If performance is priority, use Full VM Restore
Attacked by ransomware
Use Instant VM Recovery with Secure Restore enabled
220
Recovery using the Agent for Linux 8.1.7
Recovery Media
Command Line
Bare Metal Recovery Wizard
Volumes Export Backups to
Volumes Files
Files a virtual disk (.vhd)
Files Folders
Folders
Folders
A brief overview of recovery capabilities of the Veeam Agent for Linux. See the user guide for full details.
221
Recovery using the Agent for Mac 8.1.8
Only support for recovery of individual files and folders.
A brief overview of recovery capabilities of the Veeam Agent for Mac. See the user guide for full details.
222
Recovery using the Agent for Windows 8.1.9
Recovery Media
GUI
Bare Metal Export Backups to a
Volumes
Entire Computer virtual disk (.vmdk,
Files
System Volumes .vhd, .vhdx)
Folders
Manual
A brief overview of recovery capabilities of the Veeam Agent for Windows. See the user guide for full details.
223
Recovery using the Backup Server 8.1.10
These capabilities do not apply to the Veeam Agent for Mac
Instant recovery to To Public Cloud

Hyper-V AWS
Application Items vSphere Azure
Active Directory
Exchange
Oracle
SharePoint
MS SQL
Bare metal
Guest Files
Volume Restores
A brief overview of recovery capabilities of the Veeam Agents when performed from the Veeam Backup Server/Console.
See the user guide for full details.
224
From / to vSphere Hyper-V AHV Azure AWS GCP
vSphere
Hyper-V
AHV
Windows Agent
Linux Agent
Azure VMs
AWS EC2
GCP VM
Other clouds
(agent based)
Supported Supported via Backup Copy
Overview of restore capabilities across different sources and targets.

Note: Not all restore features support all targets.
For a comprehensive understanding, please review the Veeam user guide.
225
8.2 Staged restore
226
Staged restore example 8.2.1
Offers the capability to provide data management before restored data

goes (back) into production.
John Smith
exercises his right
to be forgotten In isolated
John environment a
Smith’s script injected to
details are remove John
registered Smith’s details
into the Backup of Backup Production before return to
database production repository database production
database crashes
Staged restore example
John Smith is interested in buying a house in October 2017, so he registers his details into the construction
company database.
The construction company takes a backup of this database which includes John’s contact information as well as other
data.
John Smith exercises his right to be forgotten
The construction company's database server in production crashes and requires backup recovery.
They power on the machine in an isolated data lab and inject a script to remove John Smith's data, as his data cannot be
restored back into production.
227
Staged restore 8.2.2
Launch deduplicated/compressed/
encrypted backup file inside virtual lab
Execute script on VM altering data on that

server
After script execution, VM is gracefully

shutdown and then transported to
production (quick migration)
Storage vMotion is not leveraged as part

of the quick migration
Staged restore
Instead of restoring a VM straight to it’s original or new location, a VM is mounted from a

deduplicated/compressed/encrypted backup file inside a Virtual Lab.
Once mounted, a script is executed on the VM altering the data on that server.
After successful script execution, the VM is transported to production using quick migration.
Example:
Windows PowerShell script that removes active directory users

Script to remove personal user data from a database (shown on next slide)
Apply patches for compliancy and security before migrating to production
228
Staged restore process 8.2.3
How does staged restore work?

VMs started directly from compressed
1 and deduplicated backup repository files
Backup
Script is copied from the backup server to
2
server
VMs that are being restored 1 2-3
3 Copied script is run on every restored VM Script

6
5 VM delta
file VMware
VMware
VM changes during script execution are
4 written to VM delta files Virtual lab Backup
repository
After the script execution is complete,

5 VMs are safely shutdown in the virtual lab
Host
with virtual lab
4 Target host
VMs are restored/migrated in a changed

6 state to the production environment
Staged restore
For staged restore, Veeam Backup & Replication uses a preconfigured virtual lab, an executable script located on the
backup server, and credentials to connect to VMs and run the script. Veeam Backup & Replication performs staged
restore in the following way:
In the virtual lab, Veeam Backup & Replication starts VMs directly from compressed and deduplicated backup files that
reside on the backup repository.
Veeam Backup & Replication copies the script from the backup server to VMs that you plan to restore.
Veeam Backup & Replication runs the copied script on every VM.
All VM changes that take place during script execution are written to VM delta files.
After the script execution is complete, Veeam Backup & Replication powers off VMs in the virtual lab.
Veeam Backup & Replication restores VMs in a changed state to the production environment.
229
8.3 NAS recovery and restore
230
NAS Restore example scenarios 8.3.1
NAS/File share device is broken/out of order

Use entire file share
Attacked by ransomware
Roll back to point in time
Older version of file(s)/folder(s) needed

Specific files and folders
Overview of the example restore scenarios for NAS/file shares.
231
Instant file share recovery TIPS
Why?
Allow users to access
files fast after disaster
What
Publish SMB shares
instantly
Limitations
• SMB only (no NFS and file servers)
• Published share is read-only
• No migration to production
232
Instant file share recovery for SMB TIPS
V11
Clients
\\NAS\share\folder1
SMB protocol
Read-only
\\mountserver\share\folder1 Backup
repository
You can use the instant file share recovery feature to publish a point-in-time file share state as a read-only SMB file share
to enable users to instantly access all protected files.
Before you perform instant file share recovery, check prerequisites. Then use the Instant File Share Recovery wizard.
233
Practical use case with DFS TIPS
Deactivated
Switch transparently for production
users (read-only access)
Failed
share Published
from backup
Video - https://www.youtube.com/watch?app=desktop&v=lcdC_LAh2U0&feature=youtu.be
Script example - https://github.com/VeeamHub/powershell/tree/master/BR-NASInstantDFSRecovery
234
File ACL handling when file ACL TIPS
missing
\\NAS\Share01
Inherit from parent folder
Folder 1 Folder2
Folder 3 File A File B
File C File D
Please refer to the link for more information.

https://helpcenter.veeam.com/docs/backup/vsphere/instant_nas_recovery_access_permissions.html?ver=110
235
File ACL handling when file ACL TIPS
missing \\NAS\Share01
Ask for permissions in wizard if no

parent folder to inherit from File A Folder2
File B
Please refer to the link for more information.

https://helpcenter.veeam.com/docs/backup/vsphere/instant_nas_recovery_access_permissions.html?ver=110
236
Lab 6:
1. Perform an Instant VM Recovery from
Microsoft Hyper-V to VMware vSphere
2. Perform an Entire VM restore with quick roll
back
3. Delete a folder from the file share
4. Restore the deleted folder back to the file
share
5. Perform a bare metal restore
237
Introduction
Object Second backup location

Recovery Protecting data in the cloud
9.1 Veeam Explorers Object recovery

9.2 Database instant recovery Testing backup and replication
9.3 Guest file recovery Veeam Backup Enterprise Manager
In this section:
Veeam Explorers
Database Instant Recovery
Guest File Recovery
238
9.1 Veeam Explorers
239
Application-item recovery 9.1.1
Veeam® Explorer™ applications are available for:
Microsoft Exchange View
Microsoft SharePoint
Browse and search
Microsoft Active directory
Microsoft SQL Server Restore
Oracle Server Export
Application-item recovery
There are Veeam Explorer applications available for Exchange, SharePoint, Active Directory, SQL and Oracle.
Each explorer shares the ability to view, browse, search, restore and export items (GUI and PS) for each of the
applications shown.
240
Veeam Explorer for 9.1.2
Microsoft Exchange
Recovery of mailbox items
Compare to production server
Recover from hard deleted items

(that were both created and deleted
since last backup)
Recover from litigation and in-place

hold items
Support for browsing and restoring

items in the versions subfolder of the
recoverable items mailbox folder
Recovery of mailbox Items
Veeam Backup & Replication integrates with Veeam Explorer for Microsoft Exchange. Veeam Explorer for Microsoft
Exchange lets you browse Microsoft Exchange mailbox stores in VMs located on storage snapshots and restore Microsoft
Exchange items that you need.
Before you start working with Veeam Explorer for Microsoft Exchange, you need to extract a Microsoft Exchange
database (an EDB file) from the storage snapshot. You can do it in two ways:
You can use the Microsoft Exchange Item Level Restore wizard. In this case, Veeam Backup & Replication will
automatically extract a Microsoft Exchange database from the storage snapshot and open it in Veeam Explorer for
Microsoft Exchange.
You can restore VM guest OS files from a backup of a virtualized Microsoft Exchange server, manually locate a Microsoft
Exchange database and open it in Veeam Explorer for Microsoft Exchange.
241
Microsoft Active Directory

Recovery of Active Directory items
Compare the backup state with
the current Active Directory
partition to quickly find changes
Restores original password for

account objects
Restore support for DNS records,

Group Policy Objects (GPO),
configuration partition objects,
Microsoft System Objects, CA
certificate information and AD
sites subnet items
Recovery of Active Directory items
When you run the Microsoft Active Directory Object Restore wizard, Veeam Backup & Replication automatically extracts
the Microsoft Active Directory database from the storage snapshot and opens it in Veeam Explorer for Microsoft Active
Directory.
As part of this procedure, Veeam Backup & Replication performs the following actions:
Veeam Backup & Replication creates a clone/virtual copy of the storage snapshot and mounts the clone/virtual copy to
an ESXi host.
Veeam Backup & Replication accesses the configuration file of the virtualized Microsoft Active Directory server (VMX) on
the snapshot clone/virtual copy and uses this configuration file to register a temporary VM on the ESXi host.
Veeam Backup & Replication mounts disks of the Microsoft Active Directory server to the temporary VM.
Veeam Backup & Replication locates the Microsoft Active Directory database and opens it in Veeam Explorer for
Microsoft Active Directory.
242
Microsoft SharePoint
Recovery of SharePoint items
Full-site and site collection restores for
SharePoint
Home pages restore functionality
Site/list experience setting restore functionality
SharePoint views restore functionality
Support for restoring SharePoint lists and

libraries that use custom templates
Local or remote staging server
Report on-site restore results
Recovery of SharePoint items
Veeam Backup & Replication integrates with Veeam Explorer for Microsoft SharePoint. Veeam Explorer for Microsoft
SharePoint lets you browse Microsoft SharePoint content databases in VMs located on storage snapshots and restore
documents, items and document libraries that you need.
Before you start working with Veeam Explorer for Microsoft SharePoint, you need to extract a Microsoft SharePoint
content database (an MDF file) from the storage snapshot. To do this, you need to restore VM guest OS files from a
backup of the virtualized Microsoft SharePoint server, manually locate the content database and open it in Veeam
Explorer for Microsoft SharePoint.
To restore application items from Microsoft SharePoint:
Restore VM guest OS files from a backup of a virtualized Microsoft SharePoint server. For more information, see restoring
VM guest OS files (Microsoft Windows).
In the Veeam backup browser, locate the MDF file and double-click it or select the file and click application Items >
Microsoft SharePoint on the ribbon.
Veeam Backup & Replication will attach the content database to the Microsoft SQL Server on which the Veeam Backup &
Replication configuration database is deployed and open the database in Veeam Explorer for Microsoft SharePoint. After
that, you can browse the database and restore items that you need.
243
Microsoft SQL Server

Recovery of SQL databases
Browse and restore SQL databases to a specific
point in time via transaction log replay
Table-level restore
Local or remote staging server
Instant SQL database publish
Export to .bak file
Recovery of SQL databases
SQL restore service: In most scenarios, Veeam installs a runtime component named Veeam SQL restore service to the VM
guest OS (target or staging server, depending on selected restore or export scenario) — to support restore activities on
the SQL server VM guest —https://helpcenter.veeam.com/docs/backup/explorers/vesql_restore_service.html?ver=110
244
Veeam Explorer for Oracle 9.1.6
Recovery of Oracle databases

Restore Oracle databases to a specific point in
time via ARCHIVELOG
Support for Oracle automatic storage
management, dynamic database parameters
restore and Oracle data guard
Oracle redo logs backup retention policy will now
analyze the logs being removed in order to
preserve Guaranteed Restore Points
Export as database or as RMAN backup
Recovery of Oracle databases
Veeam Explorer for Oracle delivers the following capabilities:

Transaction-level recovery
Transaction log backup and replay
245
9.2 Database instant
recovery
246
Database instant recovery TIPS
Recovery of Microsoft SQL or Oracle databases
Select database and

be online after
seconds
Choose time to
switch (small
downtime)
Why?
Be online with your database again in seconds
What?
Physical and virtual servers
Instant recovery for production databases
Keep in mind
Small downtime on switch-over
247
Reliability of instant recovery TIPS
Veeam Explorers recovery service

Ensures reliable publishing
Veeam Explorer can be closed
Reboots are no problem
Switch database to production
storage
Instant recovery session is resilient to network disruption, backup server or mount server crash. If anything disrupts the
restore process, the restore process stays in the waiting mode and performs 10 automatic retries every five minutes. If
the retries fail, you can launch retry after the server or network is up.
248
Switch database to production storage TIPS
The switchover option becomes available after all the database files are copied to the target server and all database files
are synchronized. During switchover, the published mount is detached from the target SQL server instance and the
copied database is attached to this instance. Note that if you have selected to restore to the original server, the restored
database will replace the original database.
249
9.3 Guest file recovery
250
Guest OS file recovery 9.3.1
Using Instant File-Level Restore (IFLR) to recover individual VM

guest OS files and folders from VM backups and replicas.
FAT, NTFS or Linux, Unix and other Unsupported file

File system
ReFS supported file systems systems
Solution File-level restore Multi-OS file-level restore Instant VM Recovery®
Additional information File-level restore from Linux,

Solaris, BSD, Novell Storage
Services, Unix, Mac and other
file systems.
Recovery of files and folders

only.
Guest OS file recovery
You can use IFLR (Instant File-Level Restore) to recover individual VM guest OS files and folders from VM backups and
replicas. IFLR does not require you to extract the VM image to a staging location or start the VM prior to restore. You can
restore files and folders directly from a regular image-level backup or replica to the necessary point in time.
IFLR works with any VM guest OS file system. Veeam Backup & Replication offers different tools and methods for
different file systems:
Restore from FAT, NTFS or ReFS: for file-level restore from Microsoft Windows VMs with NTFS, FAT and ReFS file systems,
you can use the file-level restore wizard.
Restore from Linux, Unix and other file systems: for file-level restore from Linux, Solaris, BSD, Novell Storage Services,
Unix, Mac and other file systems, you can use the multi-OS file-level restore wizard.
Note that multi-OS file-level restore supports recovery of files and folders only. Recovery of other file system objects such
as pipes is not supported.
Restore from other file systems: for file-level restore from file systems not supported by file-level restore wizards, you
can leverage the Instant VM Recovery functionality.
251
File-level restore 9.3.2
Backup server/backup
C:\
and replication console
E:\
C:\
E:\
Backup repository
Source host
Mount server
Guest OS file recovery – file-level restore
Veeam Backup & Replication mounts disks of the VM from the backup file to the machine where the restore process is
launched. This can be the backup server or machine on which the Veeam Backup & Replication console is installed. This
mount point allows you to browse the VM file system.
If you restore files to the original location, Veeam Backup & Replication creates an additional mount point on the mount
server associated with the backup repository on which the backup file resides. The second mount lets you keep the VM
traffic in one site and reduce load on the network.
252
Multi-OS file-level restore 9.3.3
Backup server
Helper appliance deployed
by backup server
(optional)
\Disk0
\Disk1
Disks
Disks displayed
mounted from
in Veeam
Backup
repository
Explorer
server
and can
be restored
Windows Repository
Source host
server
Guest OS file recovery – Multi-OS file-level restore
When you perform file-level restore, Veeam Backup & Replication performs the following operations:
Veeam Backup & Replication deploys a helper appliance on the ESXi host in the virtual infrastructure.
Veeam Backup & Replication mounts disks of the VM from the backup or replica to the helper appliance. The backup
file or VM replica itself remains in the read-only state on the backup repository or datastore.
Veeam Backup & Replication launches the Veeam Backup browser where mounted VM disks are displayed. You can
browse the VM guest file system in the Veeam Backup Browser and restore files or folders to the original VM or to
another location. Alternatively, you can enable an FTP server on the virtual appliance and allow VM owners to restore
files themselves.
When the restore process is finished or the Veeam backup browser is closed by
timeout, Veeam Backup & Replication unmounts the content of the backup file or replica from the helper appliance and
unregisters the helper appliance on the ESXi host.
(Optional) H.A. are no longer required when restoring Linux Guest OS files
253
Lab 7:
Object recovery
1. Delete an active directory user
2. Perform the restore using the Veeam Explorer
for Active Directory
3. Perform the restore using the Veeam Explorer
for Microsoft SQL Server
4. Delete contents of the Important Files folder
5. Perform the restore using the File-level Restore
Wizard for Microsoft Windows
6. Perform the restore using the File-level Restore
Wizard for Linux
254
Introduction
Recovery from Second backup location

Replica Protecting data in the cloud
10.1 Recovery from replica Object recovery
255
10.1 Recovery from replica
256
Recovery from a replica 10.1.1
Re-IP on failover and real

failback with delta sync
1-click failover with defined

startup order for VMs
WAN
acceleration
Can be either snapshot or CDP
Delayed start
Recovery from a replica
Veeam Backup & Replication provides VM-level HA and DR host-based replication using various optimizations with
multiple restore points. In case of software or hardware malfunction, you can quickly recover a corrupted VM by failing
over to its replica.
When VM malfunctions, a replica VM takes over the role of the original VM (failover). Failover is an intermediate step
that should be further finalized. The options are:
Switch back to the original VM and discard changes at the replica (undo failover).
VM replica permanently takes on the role of the original VM (permanent failover).
Switch back to the original VM and transfer changes from the replica
to the original VM (failback to original location).
Switch to a new location by transferring all replica files or committing changes
to an original VM restored from backup (failback to new location).
You can also proceed in the following ways when failing back to production VM:
Undo failback switches the replica back to the failover state.
Commit failback finalizes recovery of the original VM.
Note: re-IP is Windows only, for Linux use of scripts is needed.
257
Replica failover 10.1.2
When there is a problem with production VM it’s possible to restore services by failing over to its
replica
The VM replica takes over the role of the original VM
The VM is up and running within a couple of minutes
A1
A B C
Original state
D E F1
F Undo
failover
G H I
Failover
Original VM
Replica A B C Permanent Failback

failover
D E F E1 F2
G H I
Commit failback
Snapshot
This video explains this process with the inclusion of a simple whiteboard. -
https://veeam.wistia.com/medias/p98na40e6q
Replica failover
Failover is a process of switching from the original VM on the source host to its VM replica on the target host.
When there is a problem with production VM it’s possible to restore services by failing over to its replica
The VM replica takes over the role of the original VM
The VM is up and running within a couple of minutes
258
Undo failover 10.1.3
Operations switch back to the original VM and normal operation mode continues
All changes made to the VM replica are discarded
A1 B C
Original state
D E F1
G H I
Failover
A B C
D E F E1 F2
G H I
Undo failover
To revert a VM replica to its pre-failover state, you can undo failover.
Operations switch back to the original VM and normal operation

mode continues
All changes made to the VM replica are discarded
259
Permanent failover 10.1.4
Switch from the original VM to a VM replica is made permanent and this replica is used
as the original VM
A1 B C
D E F1
G H I
Failover
A B C Permanent
failover
D E1
E F2
F E1 F2
G H I
Permanent failover
To finalize the failover process, you can permanently fail over to the VM replica.
Switch from the original VM to a VM replica is made permanent and this replica is used as the original VM.
260
Failback 10.1.5
Operations are moved back to the production site from a VM replica after the problem
in the production site is eliminated
The original VM is synchronized with the VM replica and then powered on; all
replication activities are put on hold
A1
A B1
B C A B1
D E F1
E1 F2 E1 F2
G H I
Failover
A B C B1
B Failback
D E F E1 F2
G H I
Failback to production
If you want to resume operation of a production VM, you can fail back to it from a VM replica. When you perform
failback, you go back from the VM replica to the original VM, shift your I/O and processes from the target host to the
production host and return to the normal operation mode.
If you want to resume operation of a production VM, you can fail back to it from a VM replica. When you perform
failback, you go back from the VM replica to the original VM, shift your I/O and processes from the target host to the
production host and return to the normal operation mode.
261
Undo failback 10.1.6
If the production VM is not working as expected, failback can be undone and

operations are moved back to the VM replica
The VM replica returns to the failover state
A1
A B1
B C
D E F1
E1 F2
G H I
Failover
A B C B1
B Failback
D E F E1 F2
G H I
Undo failback
If the original VM is not working as expected after the failback operation, you can undo failback and get back to the VM
replica.
If the production VM is not working as expected, failback can be undone and operations are moved back to the VM
replica
The VM replica returns to the failover state
262
Commit failback 10.1.7
Recovery of the original VM is finalized at the production site

The original VM in the production site or at a new location performs the role of the
primary VM
A VM replica is returned to the ready state and replication activities are resumed
A1 B1
B C
D E1
E F2
F1
G1
G H I
Failover
A B C B1
B Failback
D E F E1 F2
G H I
Commit failback
To confirm failback and finalize recovery of the original VM, you need to commit failback.
When you commit failback, you confirm that you want to get back to the original
VM. Veeam Backup & Replication gets back to the normal operation mode and resumes replication activities for the
original VM to which you failed back.
The commit failback operation is performed in the following way:

Veeam Backup & Replication changes the state of the replica from failback to normal.
Further operations depend on the location to which the VM is failed back:
If the VM replica is failed back to a new location, Veeam Backup & Replication additionally reconfigures the
replication job and adds the former original VM to the list of exclusions. The VM restored in the new location takes
the role of the original VM and is included into the replication job instead of the excluded VM. When the replication
job starts, Veeam Backup & Replication will process the newly restored VM instead of the former original VM.
If the VM replica is failed back to the original location, the replication job is not reconfigured. When the replication
job starts, Veeam Backup & Replication will process the original VM in the normal operation mode.
During failback commit, the failback protective snapshot that saves the pre-failback state of a VM replica is not
deleted. Veeam Backup & Replication uses this snapshot as an additional restore point for VM replica. With the pre-
failback snapshot, Veeam Backup & Replication needs to transfer fewer changes and therefore puts less load on the
network when replication activities are resumed.
Recovery of the original VM is finalized at the production site
The original VM in the production site or at a new location performs the role of the primary VM
A VM replica is returned to the ready state and replication activities are resumed
263
Failover plan 10.1.8
When?
Primary group of interdependent VMs is out of service for any reason
Failover plan must be prepared in advance
What?
A preset scenario for one-click failover for a group of interdependent VMs
You can set order for the VMs in the plan, and the delay intervals to make sure
that some VMs are already running at the moment the dependent VMs start
What’s next?
If necessary, you can undo failover to switch the workload back to source VMs discarding
the changes that were made to the replicas during failover
Failover plan
If you decide to commit failover or failback, you need to process every VM individually. Although you can undo failover
for the whole group using the undo failover plan option.
Note: The maximum number of VMs that you can start simultaneously when you run a failover plan is 10.
264
Planned failover 10.1.9
When?
If you know that your primary VMs are going to go offline
Maintenance or software upgrade of the primary VMs
Advance notice of a disaster approaching that will require taking the primary servers offline
What?
Smooth manual switching from a primary virtual machine to its replica with minimum
interrupting in operation
What’s next?
The finalizing options for a planned failover are similar to those of an unplanned failover:
undoing failover, permanent failover or failback and commit failback
Planned failover
A planned failover is switching operations from a running VM to its replica.
You can use the planned failover, for example, if you plan to perform datacenter migration, maintenance or software
upgrade of the primary VMs. You can also perform planned failover if you have an advance notice of a disaster
approaching that will require taking the primary servers offline.
265
Planned failover process 10.1.10
Veeam® Backup Server
Original VM VM
Incremental
replication run
Replica
VM replica in
failover state
VM
Snapshot Source host Target host
Planned failover
Smooth manual switching from a primary virtual machine to its replica with minimum interruption in operation
Everything is transferred from production VM to replica VM, no data is lost
During planned failover, Veeam Backup & Replication always retrieves VM data from the production infrastructure, even
if the replication job uses the backup as a data source. This approach helps Veeam Backup & Replication synchronize the
VM replica to the latest state of the production VM.
If you start planned failover for several VMs that are replicated with one replication job, these VMs will be processed one
by one, not in parallel.
Each planned failover task for each VM is processed as a separate replica job session. If a backup proxy is not available
and the session has to wait for resources, job sessions for other VMs in the same task cannot be started before the
current session is finished.”
Note: A planned failover cannot be performed if the replication job is running for the VM replica in question or the VM
replica is in the failover state.
266
Perform a failover (snapshot) 10.1.11
To perform a failover simply select failover now.

Click the “Point…” button and select point in time to recover to.
267
Perform a failover (CDP) 10.1.12
To perform a failover simply select failover now.

Click the “Point…” button and select point in time to recover to.
268
Replica recovery example scenarios 10.1.13
Failover of a multi-tier application

Use a failover plan that only includes VMs of that application
Power utility advises power will be cut this afternoon and outage will last longer than backup power
Perform planned failover
Data center destroyed due to natural disaster

Execute failover plan(s)
Mission-critical application offline after storage failure

Perform failover for affected virtual machines in parallel
269
Perform a failback (snapshot or CDP) 10.1.14
Possible destinations:
Failback to the original VM
Failback to the original VM restored in a different location
Failback to the specified location (original VM is lost)
Consider using Quick rollback
270
Failback example scenarios 10.1.15
Switch automatically as soon as the original/production VM is synchronized with replica

Use auto mode
Switch at a scheduled time (can be adjusted later)

Use scheduled mode
Manually switch when you are ready (can be changed to a schedule later)
Use manual mode
At the Failback Mode step of the wizard, specify when switch from replicas to production VMs must be performed:
• Select Auto if you want Veeam Backup & Replication to perform the switch automatically right after the state of
the production VMs is synchronized with the state of their replicas.
• Select Scheduled if you want Veeam Backup & Replication to perform the switch at a specific time.
• Select Manual if you want to perform the switch manually.
If you select the Scheduled or Manual option, you can further reset/set the scheduled time or switch to the
production VM manually.
271
Feature comparison snapshot and CDP 10.1.16
Feature Snapshot CDP

Failover and failback + +
Planned failover + -
Failover plan + +
Automated recovery testing (SureBackup) + -
File level recovery + -
Network throttling + +
Preferred networks + +
Automation (PS, REST) + +
Cloud Connect + -
Snapshot = Traditional snapshot-based replicas

CDP = CDP replicas
272
Introduction
Testing Backup Second backup location

and Replication Protecting data in the cloud
11.1 SureBackup overview Object recovery

11.2 Sandbox Testing backup and replication
273
11.1 SureBackup overview
274
SureBackup: Key benefits 11.1.1
With Veeam® SureBackup® technology you can automatically verify the recoverability
of every backup and replica.
Detect corrupted backups/replicas

Test virtual machines can boot
Test applications and their dependencies
Ensure regular consistent testing
Leverage your existing hardware – no need to buy additional servers
Operational risk
If a company cannot recover from a system failure, it may not be able to serve its customers causing a loss of revenue and
client’s loyalty.
The risk increases by not responding in time to the needs of users like business applications, developers, and business
users which leads to a delay of a response to key customers needs and wants.
Risk to fall out of compliance

If a customers backups are corrupt, they could potentially be fined or get bad press by falling out of compliance within
their industry.
The risk of losing speed & agility

This can lead to a decreae in a customer’s ability to successfully compete, as well as a negative impact on business in
terms of creating exceptional user experience.
Use SureBackup to avoid manual testing once or twice a year and instead start automatically testing every day or as
frequent as the business demands.
275
SureBackup: How does it work 11.1.2
Virtual lab Verification
ESXi / Hyper-V
vPower®
Windows backup
repository
Create Create Schedule Receive

Specify tests
Create virtual lab application SureBackup SureBackup verification
within the jobs
groups Job(s) jobs report
Backup recovery verification
When a SureBackup job runs:
Veeam Backup & Replication starts the Virtual Lab.
In the virtual lab, it starts VMs from the application group in the required order. VMs from the application group remain
running until the verified VMs are booted from backups and tested.
Once the virtual lab is ready, Veeam Backup & Replication starts verified VMs from the necessary restore point, tests and
verifies them one by one or, depending on the specified settings, creates several streams and tests a number of VMs
simultaneously.
Once the verification process is complete, VMs from the application group
are powered off. Optionally, you can leave the VMs from the application group running
to perform manual testing or enable user-directed application item-level recovery.
276
Backup recovery verification 11.1.3
Virtual lab
Application Heartbeat
group Linked job(s)
Ping
Proxy
appliance App
Production
vSwitch Report
Isolated network
Hypervisor
vPower
Production storage Windows backup

repository
Backup recovery verification
When a SureBackup job runs:
Veeam Backup & Replication starts the virtual lab.
In the virtual lab, it starts VMs from the application group in the required order. VMs from the application group remain
running until the verified VMs are booted from backups and tested.
Once the virtual lab is ready, Veeam Backup & Replication starts verified VMs from the necessary restore point, tests and
verifies them one by one or, depending on the specified settings, creates several streams and tests a number of VMs
simultaneously.
Once the verification process is complete, VMs from the application group
are powered off. Optionally, you can leave the VMs from the application group running
to perform manual testing or enable user-directed application item-level recovery.
277
Veeam Virtual Lab Networking 11.1.4
192.168.1.X Masquerade network: 192.168.255.X
192.168.1.X
10 20 30 10 20
100 1
Prod
Proxy Appliance Default
Gateway
Address
Standard vSwitch vLab Standard vSwitch
Isolated network
(No Uplink to Prod)
Physical NIC
Production Network
278
Optional additional checks 11.1.5
The backups can also be tested for corruption (any file system) as well as scanned for
potential virus/malware threats (Windows only)
Backup file validation Secure Restore
1 Uncompressing the backup file 1 Virtual disk is mounted
Re-calculating checksums for data

2 blocks in the uncompressed backup file
2 File system is scanned for virus/malware
Optionally scan the remaining files if a

3 Comparing with initial checksum values 3 threat is detected
Optional backup file validation
After the Ping, Heartbeat and Application test are executed. The SureBackup job can do both a backup file integrity check
and/or scan the restore point or snapshot for potential virus threats.
In addition to recovery verification tests, Veeam Backup & Replication allows you to perform backup file validation — a
CRC check that runs for backup files of VMs verified by the SureBackup job.
279
Replica recovery verification 11.1.6
Application
Virtual lab
group Linked job(s)
Heartbeat
Ping
Proxy
appliance App
DR
vSwitch Report
Isolated network
VMware ESXi
Production storage
Replica recovery verification - How it works
To guarantee recoverability of your data, Veeam Backup & Replication provides the usage of SureBackup recovery
verification technology with replicas.
It lets you validate your DR environment without impacting the production infrastructure. You can automatically verify
every created restore point of every VM replica and ensure that they are functioning as expected.
The SureBackup technology is not limited only to VM replica verification. It also provides the following capabilities:
Automated VM replica verification

On-Demand Sandbox: an isolated environment for testing VM replicas, training and troubleshooting
U-AIR: recovery of individual items from applications running on VM replicas
280
11.2 Sandbox
281
On-Demand Sandbox 11.2.1
Utilize the On-Demand Sandbox™ to test, troubleshoot and train with.
VMs can be added to application group from:
VM backups
VM replicas
Storage snapshots
Primary storage Storage Isolated
snapshot sandbox
On-Demand Sandbox
Using the virtual lab feature to create an isolated environment for testing, troubleshooting or training.
From the technical standpoint — leave the application group running after the VM restore point verification completes.
282
Lab 8:
1. Create a basic single-host virtual lab for automated testing
of backups
2. Create a SureBackup job for automated testing of backups
3. Create an advanced single-host virtual lab for automated

testing of replicas
4. Create an application group for the dependent DC02 server
5. Create a SureBackup job for automated testing of replicas
283
Introduction
Veeam Backup Second backup location

Enterprise Manager Protecting data in the cloud
12.1 Veeam Backup Object recovery
Enterprise Manager Recovery from replica
284
12.1 Veeam Backup
Enterprise Manager
285
Enterprise Manager (overview) 12.1.1
Federates several Veeam® Backup & Replication™ servers: view statistics, reports
Centralized license management
Start, stop, clone and edit jobs.
Enables 1-click restore for files, VMs and application-items
Provides granular rights delegation for administration and restore
Password loss protection
Veeam Backup & Replication helps your organization optimize performance in remote office/branch office (ROBO) and
large-scale deployments while maintaining a view of your entire virtual environment through Veeam Backup Enterprise
Manager. This is a management and reporting component that allows you to manage multiple Veeam Backup &
Replication installations from a single web console.
Note: Veeam Backup Enterprise Manager keys help you to restore encrypted data in case of lost or forgotten
password used for encryption. If the Veeam Backup Server on which you encrypt data is added to Veeam Backup
Enterprise Manager, Veeam Backup & Replication employs the public Enterprise Manager key in the encryption
process. To decrypt backups or tapes encrypted with the public Enterprise Manager key, you can apply a matching
private Enterprise Manager key, instead of a password. The private Enterprise Manager key unlocks the underlying
storage keys and lets you access the content of an encrypted file.
286
Enterprise Manager (file indexing) 12.1.2
To be able to later perform search within a VM backup using

Veeam Backup Enterprise Manager, you need to enable guest OS
file system indexing, available for both Windows and Linux.
When you run a backup job with the file indexing option enabled, Veeam Backup & Replication indexes the VM file
system, collects indexing data and saves it in the Veeam Backup Catalog folder on the Veeam backup server.
During the next catalog replication session started on Veeam Backup Enterprise Manager, indexing data from the Veeam
Backup server is replicated to the Veeam Backup Catalog on Veeam Backup Enterprise Manager server. By federating
indexing data from all connected Veeam Backup Servers, the Veeam backup catalog service on Veeam Backup Enterprise
Manager creates a global catalog for the whole backup infrastructure.
287
Enterprise Manager 12.1.3
(granular delegation of rights)

Add in a user, or group and apply an
Enterprise Manager role to it.
Portal admin
Portal user
Restore operator
Veeam Backup Enterprise Manager – (granular) delegation of rights
Veeam Backup & Replication helps your organization optimize performance in remote office/branch office (ROBO) and
large-scale deployments while maintaining a view of your entire virtual environment through Veeam Backup Enterprise
Manager. This is a management and reporting component that allows you to manage multiple Veeam Backup &
Replication installations from a single web console.
Note: Veeam Backup Enterprise Manager keys help you to restore encrypted data in case of lost or forgotten
password used for encryption. If the Veeam Backup Server on which you encrypt data is added to Veeam Backup
Enterprise Manager, Veeam Backup & Replication employs the public Enterprise Manager key in the encryption
process. To decrypt backups or tapes encrypted with the public Enterprise Manager key, you can apply a matching
private Enterprise Manager key, instead of a password. The private Enterprise Manager key unlocks the underlying
storage keys and lets you access the content of an encrypted file.
288
Course feedback
Before we continue with the final module, please visit the link
shown to give feedback on the course.
https://www.surveymonkey.com/r/VMCE11
Please send a confirmation to your trainer when you completed

the survey.
Veeam will use the feedback you provide in order to develop the
course and ensure that future course participants get the best
possible experience.
289
Introduction
Veeam ONE Second backup location

Overview Protecting data in the cloud
13.1 Veeam ONE Object recovery
Veeam backup enterprise manager
290
13.1 Veeam ONE
291
Veeam ONE overview 13.1.1
Why?
Enables real-time monitoring, business documentation and management reporting
What can be connected/monitored?
vSphere servers vCloud Director servers Hyper-V servers Veeam® Backup

& Replication™ servers
vCenter servers SCVMM server Standalone servers

Standalone ESXi hosts Failover clusters Servers federated
Standalone Hyper-V hosts under VBEM
What can be connected?
To collect information about the managed virtual infrastructure and track the efficiency of data protection, you must
configure connections to VMware vSphere, vCloud Director, Microsoft Hyper-V virtual management servers and Veeam
Backup & Replication servers in Veeam ONE client. Configured connection settings are automatically propagated to
all Veeam ONE components.
292
Veeam ONE components (Server) 13.1.2
Server side:
Veeam ONE Web Services
Veeam ONE Server
Primarily used to render reports.
Collects data from connected sources
Server-side component of the Veeam
and stores it to the database.
ONE Web Client
Services installed: Monitoring service,
Can be deployed to the same server as
Reporting service, Error reporting
the Veeam ONE Server or a different
service, Web API
server
Veeam ONE Database Veeam ONE Agent

Always Microsoft SQL Server. Can be Analyzes log data and performs
remote or co-installed with other signature updates for intelligent
Veeam ONE components diagnostics
Veeam ONE Server

Responsible for collecting data from virtual and Veeam Backup & Replication servers, and storing this data into the
database. As part of Veeam ONE Server, the following components are installed: Veeam ONE Monitoring Service, Veeam
ONE Reporting Service, Veeam ONE Error Reporting Service, and Veeam ONE Web API.
Services installed:
Veeam ONE Monitoring Service, Veeam ONE Reporting Service, Veeam ONE Error Reporting Service, and Veeam
ONE Web API.
Veeam ONE can be installed on either a physical or virtual machine; however, it must be running Microsoft Windows.
293
Veeam ONE components (Client) 13.1.3
Client side (admin/user):

Veeam ONE Client
Installed on the Veeam ONE server; however, suggested to install on admin workstations as well.
Veeam ONE Web Client

Designed for documenting and reporting on connected infrastructure
Client side (Veeam Backup Server):

Veeam ONE Agent Client
Collects logs and submits them to the Veeam ONE Agent Server for processing
Executes remediation actions on the Veeam Backup Server
By default, Veeam ONE agent client is deployed on Veeam Backup & Replication servers when you connect these servers
to Veeam ONE.
294
Veeam ONE Client 13.1.4
Monitor alarms
View VM/Agent/file
backup job status and
statistics
Manage/configure
intelligent diagnostics
Backup infrastructure
The backup infrastructure summary dashboard shows the latest state of data protection operations in the virtual
environment and indicates the most intensively used resources in the backup infrastructure.
The dashboard is available for the following nodes:

Veeam Backup & Replication server
VM jobs status, agent jobs and policies status, file backup jobs status
The charts reflect the latest status of VM protection jobs, agent protection jobs and policies, and file protection jobs for
the selected level of the backup infrastructure hierarchy.
Every chart segment shows how many jobs ended with a specific status — failed jobs (red), jobs that ended with warnings
(yellow), successfully performed jobs (green), and jobs that are currently running (blue).
295
Veeam ONE Client: alarms 13.1.5
Alarms include:
VMware vSphere and vCloud Director alarms
Microsoft Hyper-V alarms
Veeam Backup & Replication alarms
Internal alarms for monitoring issues with Veeam ONE
And many more…
Veeam ONE – alarms
Veeam ONE includes a set of alarms monitor the efficiency of Veeam Backup & Replication data protection in the virtual
environment.
Predefined data protection alarms are configured to warn you about events or issues that can cause loss of data or
prevent Veeam Backup & Replication infrastructure from functioning properly:
Connectivity issues and inability of backup infrastructure components to communicate with each other
State of Veeam Backup & Replication software installed on backup infrastructure components
Failing jobs or jobs finished with warnings
Configuration issues, such as fast decreasing space on backup repositories or cloud repositories
Long-running jobs that exceed the backup window
Product license and prepaid support contract
On the alarms dashboard, you can view triggered alarms, track alarm history, resolve and acknowledge alarms and
perform other actions. For more information on working with triggered alarms
296
Veeam ONE Web Client: dashboard 13.1.6
Veeam ONE reporter
Veeam ONE Web Client analyzes data collected from VMware vSphere, Microsoft Hyper-V and Veeam Backup &
Replication servers. Web Client provide structured information to help you examine historical data for the managed
backup infrastructure and virtual environment. You can view reports in the web browser, export them to various
formats, or schedule automatic report delivery by email, to disk or a network share.
Veeam ONE Web Client includes three working areas — dashboards, workspace and configuration.
Dashboards
In the dashboards section, you can work with predefined and custom dashboards. Veeam ONE dashboards provide
at-a-glance view on the state of the Veeam Backup & Replication infrastructure and virtual environment, and
present information on the health state, performance, configuration and other aspects of the managed
environment.
Workspace
In the workspace section, you can work with reports and deployment projects.
Reports provide an insight into performance, health state, configuration and efficiency aspects of the Veeam Backup
& Replication infrastructure and virtual environment.
Deployment projects allow you to predict future resource utilization and plan resource reservations in the virtual
environment
Configuration
In the configuration section, you can configure Veeam ONE settings and perform administrative tasks, such as
scheduling data collection for reports and dashboards.
297
Veeam ONE Web Client: reports 13.1.7
Veeam ONE Web Client: reports
Dashboards are composed of widgets that display various aspects of the managed environment. Every widget is located
in a separate cell, or entry, in the dashboard.
Shown are dashboards for:
Backup infrastructure inventory

Backup window
Job status
Protected VM overview
Top jobs by duration
Top repositories by used space
298
Generating reports 13.1.8
Generating reports
To obtain a point-in-time view of your virtual infrastructure and data protection operations, you can create reports from
the Veeam ONE Client console.
299
Business View monitoring 13.1.9
Business View allows you categorize virtual

and backup infrastructure objects according to constructs
of your business automatically or manually.
VMs
Hosts
Clusters
Datastores
Computers protected with Veeam Agent
You can categorize virtual infrastructure objects by

such criteria as business unit, department, purpose, SLA
and others.
Categorization data is continuously synchronized with

Veeam ONE Client and Veeam ONE Web Client
Business view monitoring
Veeam ONE Client can present your virtual infrastructure from the technical perspective (in terms of VMware
vSphere or Microsoft Hyper-V inventory), and from the business perspective (based on your company needs and
priorities). Veeam ONE Client presents infrastructure objects from the business perspective using categorization
capabilities provided by the embedded business view component.
Business view allows you categorize virtual and backup infrastructure objects — VMs, hosts, clusters, datastores and
computers protected with Veeam Backup Agent for Microsoft Windows and Veeam Backup Agent for Linux — according
to constructs of your business. You can categorize virtual infrastructure objects by such criteria as business unit,
department, purpose, SLA and others. Categorization data is continuously synchronized with Veeam ONE
Client and Veeam ONE Web Client, and enables you to monitor, troubleshoot, resolve issues and report on business
groups of infrastructure objects.
300
Lab 9:
Configuring Veeam ONE
1. Add the Microsoft Hyper-V server to the Veeam ONE server
2. Add the VMware vCenter server to the Veeam ONE server
3. Add the Veeam Backup server to the Veeam ONE server
4. Configure the Veeam ONE retention policy period
5. Configure the Veeam ONE data collection mode
6. Configure the Veeam ONE SMTP server settings
7. Configure the Veeam ONE Guest OS credentials
301
Introduction
Configuration Second backup location

Backup Protecting data in the cloud
14.1 Configuration backup Object recovery
In this section:

Simple deployment
3-2-1 rule
RTO/RPO
302
14.1 Configuration backup
303
Performing configuration backup 14.1.1
and restore
Exports configuration data for all Veeam® Backup & Replication™
objects:
Backups Sessions Tapes
components and objects
Hosts, servers, backup proxies,
Backups, replicas Job sessions Tape libraries
repositories, WAN accelerators
and backup copies performed on the connected to the
and jobs, global settings
created on the backup server. backup server.
configured on the backup
backup server.
server and so on.
Performing configuration backup and restore
You can back up and restore a Veeam Backup & Replication configuration database.
If the backup server fails for some reason, you can reinstall the backup server and quickly restore its configuration from
the configuration backup file (.bco). You can also use configuration backups to apply the configuration of one backup
server to another backup server in your backup infrastructure.
304
Creating configuration backups 14.1.2
Exports configuration data for all Veeam Backup & Replication objects:
Creating configuration backups
How?
Veeam Backup & Replication retrieves configuration data for the Veeam Backup Server from the SQL database, writes this
data into a set of .xml files and archives these .xml files to a .bco file.
Why?
You can reinstall the Veeam Backup Server and then quickly restore its configuration from the backup file.
When?
It is recommended that you regularly create a configuration backup for every Veeam Backup Server in your backup
infrastructure.
305
Restoring configuration data 14.1.3
There are two restore modes available:
Important! Before you start the restore process, stop all jobs that are currently running. During restore
of configuration, Veeam Backup & Replication temporary stops the Veeam backup services and jobs.
Restoring configuration data
To restore data from the configuration backup, you can use one of two methods: data restore and data migration.
Select restore if you want to restore data from the configuration backup on the same Veeam Backup Server where this
backup was created
Select migrate if you want to restore data from the configuration backup on a new Veeam Backup Server
Important! Before you start the restore process, stop all jobs that are currently running. During restore of configuration,
Veeam Backup & Replication temporary stops the Veeam backup services and jobs.
306
Veeam Availability Suite v11:
307

VMCE11 - Student Guide

Uploaded by

Copyright:

Available Formats

VMCE11 - Student Guide

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

VMCE11 - Student Guide

Uploaded by

Copyright:

Available Formats

Veeam Availability Suite™ v11:

Configuration and Management

Document Revision: 20211124

Printing the Facilitator Guide

Creating additional space for notes:

Building replication capabilities

Second backup location

Protecting data in the cloud

Restoring from backup

Veeam® Backup Enterprise Manager

Veeam ONE™ overview

vSphere (vCenter, ESXi)

Hyper-V (SCVMM. Server)

Nutanix Acropolis Hypervisor (Prism)

NAS (SMB, NFS, Windows or Linux managed file server share)

Agents (Windows, Linux, UNIX, Mac)

Overview of what can be protected

vSphere (vCenter, ESXi)

RPO (Recovery Point Objective) RTO (Recovery Time Objective)

Cost – we are essentially balancing business risk and cost.

Backup specialists agree that in order to ensure recoverability you need:

Three different copies of data:

Use the answers to this question to generate discussion.

Veeam Backup Primary Primary Primary

Primary backup Tape

Building backup capabilities

MODULE 2: Building replication capabilities

Environmental Second backup location

Advanced repository functionality

Restoring from backup

2.1 Veeam components Object recovery

Recovery from replica

2.4 Data location tagging Veeam ONE™ overview

Coordinates backup, replication, recovery

Controls job scheduling and resource allocation

Is used to set up and manage backup

Coordinating backup, replication, recovery verification and restore tasks

Retrieving VM data from the production storage

Sending data to the backup repository or another

Basic backup proxy tasks include the following:

"Bridges" the backup server and backup

It is required for any shared folder backup

Direct attached storage

Network attached storage

Deduplicating storage appliances

Backup repository server

Backup proxy Backup Veeam Backup

Located in the main menu, key

Global Network Traffic Rules

Storage Latency Control

E-mail/SMTP server settings

Storage Latency Control

Add filtered view directly

A list of locations (tags) in Veeam

Data location tagging

Virtual infrastructure objects: vCenter Servers, datacenters, clusters and hosts.

Defining virtual objects

Defining backup objects

Data location tagging