Blogs and podcasts
Bring your knowledge and expertise while creating blogs and podcasts
- 579 Topics
- 4,341 Comments
Veeam and Tape III - Restore of Backup Job Files from Tape which were backed up with a File-to-Tape Job
This is the description of an unusual scenario where Backup Job Files (.vbk and .vib Files) are backed up with a File-to-Tape Job instead a Backup-to-Tape Job. This has several disadvantages, e.g., you must know on which tape your files you want to restore are residing. You cannot find your tape backups under the backups section in the “Home” view of console and many more…OK, now have a look how we get these files back from tape.See the results of the File-to-Tape job and find the tape number the files reside on. If you don’t know the tape, read further, and use the search function ( Note: the warning in the screenshot can be ignored. The filesystem is too big for VSS Snapshots, I have forgotten to switch the VSS snapshots off for this test backup job.).Then go in the Veeam Console to the “Tape Infrastructure” section. Either go to the media pool where the affected tape is in or look for it in the Media section of your tape library.Right click on the tape and select “Restore Content”.
There are two critical CVEs that affect Veeam Backup & Replication and account for two of the three critical Veeam Backup & Replication CVEs, and the most serious of the products affected. The Critical Veeam Backup & Replication vulnerability notes include: CVE-2022-26500 | CVE-2022-26501CVE-2022-26500, CVE–2022-26501: These two CVEs relate to Veeam Backup & Replication allow executing malicious code remotely without authentication. This may lead to gaining control over the target system. This carries a CVSS rating of 9.8 and is classified as Critical.Cause? – The vulnerability is caused by the Veeam Distribution Service, running on TCP 9380 by default, allows unauthenticated users to access internal Veeam API functions. An attacker may send input to the Veeam API which may allow uploading and executing malicious code.It is worth nothing that patches are available for Veeam 11a and 10a as follow11a – Build 126.96.36.1991 P20220302: https://www.veeam.com/kb4245?ad=in-text-l
How do I skill up fast on Veeam Availability Suite?Maybe you are completely new to the product, or maybe you are trying to figure out what you don’t know? Regardless, you can find an easy path to get started on this topic.Step 1First of all, Veeam offers great free bite-size training at Veeam University. These videos will cover you from how to install, an overview of the console, creating your first backup jobs, and much more. My favorite part is that you get asked simple quiz style questions along the way to help you focus and validate you are learning.Step 2At this point, you might want to learn more about specific features such as restores and there is a large collection of how-to videos already provided right here.Step 3Now that you have seen a number of how-to videos and recordings, it is a great time to try out the product for yourself. Perhaps you still have concerns and want to ask questions live? Veeam has regular live product demos on the website and you can find the schedule
Account lockout help keep user accounts secure by preventing unauthorised users etc., from guessing the username and password. When your account is locked, you will have to wait for a specified amount of time before being able to log into your account again. Here is the link to the original blogpost. In the past, it was recommended to disable the local Administrator account due to several known vulnerabilities such as the built-in administrator account cannot be locked out no matter how many failed logins it accrues, making it a prime target for brute-force attacks that attempt to guess passwords. This is no longer true as beginning October 11, 2022, or later Windows cumulative updates, a local policy will be available to enable local administrator account lockouts. Brute force attacks are one of the prevalent ways Windows devices are attacked today. Previously, Windows devices did not allow local administrators to be locked out. This leads to scenarios where, without the proper netwo
"Mastering Veeam Backup & Replication 10" was released earlier this year in February 2021. The book can be seen at the following link and ordered:Version 10 Book is here - Mastering Veeam Backup & Replication 10I have since been approached to write an update to the book for Version 11 and have accepted the challenge. The current book will get updates, some things removed and definitely all the new goodies that are in the latest release of @Veeam. Mastering Veeam Backup & Replication v11 -- Coming Soon I will update my blog as my journey progresses with the new version. I hope to create an updated book that was as good as the first one which everyone enjoyed that gave me feedback. It will be fun writing about the newest features of Veeam v11 and updating existing stuff to make it current.Keep an eye out for further updates and other blog posts.
Most of you probably already know or have heard this statement: Snapshots are not backups! Just last week a German hosting provider did lose 1500 snapshots because of failing hardware. And who hasn’t experienced some horror stories about (forgotten) VMware snapshots. Because of that I wanted to highlight this with a dedicated blog post. What is a snapshot? In general a snapshot is a frozen point in time state of a certain system or data. While we're often referring to snapshots in case of virtual machines, there are other variations like storage or file snapshots. For virtual machines, snapshots set the virtual disks to read only state and redirect all changes to a different disk file(the details may differ depending on the hypervisor). They can be used for quick rollbacks or during VM backups. Normally those are only created temporarily(or at least the should). Storage or file snapshots can be used for versioning and can also be replicated to different systems; those tend to have a lo
I created this topic to put some order to @haslund 20 threads about his fantastic VMCA 2022 Official prep course, so we avoid dispersing information, questions and answers unnecessarily.@Kseniya hope this help our community.Remember to tag @haslund when you need an official answer and to thank him for all his amazing work, of course :) Sources of first topic:
Scenario:Very recently a customer asked me if Veeam could leverage Data Domain mtree replica for DR purposes.Of course, the answer is YES! While this idea is not new, I thought it would be a good reminder of Veeam’s backup import capabilities. Steps:You must use Data Domain repository on the source site. It most likely will be declared as a DDboost share. The mtree should be replicated to the DR site. Note that the mtree replica will be Read Only! The mtree replica needs to be exposed as a share over your protocol of choice (CIFS, DDboost), so it can be defined in the DR VBR server. In this example, I chose DDboost.Note again that this DDboost share is Read Only! The last step is to declare that DR DDboost share and import backups You should now be able to access these backups from the “Disk (Imported)” section. Remember that you will have to manually rescan that repository in order to refresh new “mtree replicated” restore points.
Veeam storage functionsIs Veeam the most significant storage company that no one knows about? One of the essential features of any Veeam Backup and Replication architecture is the storage hardware that the backup target or backup repository will sit on. The repository performance, features, and scalability are critical to ensuring that the Veeam deployment will meet customers' needs for quite a while. Unfortunately, this is the component that many customers tend to make bad decisions, usually due to VARs and storage vendors trying to make the backup decisions for the customer. This is easy for the partner and storage vendor community to do because, as we all know - we at Veeam pride ourselves on the fact that the Veeam Backup and Replication suite is a software-defined and hardware agnostic backup storage platform. The partners, storage vendors, and even customers don't realize that Veeam also has another tag ling used internally - "Veeam is the largest storage company that no one
Recently I had problems by upgrading Veeam from 9.5U4 to v10. Upgrade process failed after a while. We found out, directory C:\Program Files\Veeam\Backup and Replication\Backup lost its permissions. We had no change any more to enter this directory. Short answer: Antivirus software causes the problem. After disabling real-time scan, upgrade run without further issues. Antivirus software was configured according Veeam best practices.
Are all my virtual machines being backed up correctly and within the required RPO? Of course!I think..., or not 😉? Do I implement best practices in creating jobs?If using vSphere, do I use folders or tags or use whole clusters to add virtual machines to the job?If using HyperV, do I use whole clusters or hosts or in case of using SCVMM do I use tags? Yes, OK, that ’s fine, did I not forget a new VM giving the correct tag or putting in the correct vSphere folder?Yes it can happen to everyone to forget a VM putting correctly to the backup job (automatically or manually). Especially if you are working with colleagues (1 person is creating a new VM but is not aware about the backup and forgets to tell a colleague...). It happens.Everyone is very busy so can forget to add the new VM at the backup job or vSphere folder or tag or... To be sure we have several options to verify :Using Veeam ONE If you are using already Veeam ONE : perfect!You can schedule the report Protected VMs so you can v
Hi there! I would like to share with all of you this awesome tool called Apache GuacamoleApache Guacamole is a clientless remote desktop gateway. It supports standard protocols like VNC, RDP, and SSH.I use it a lot to connect to my HomeLab, instead of enabling a VPN and open few RDP and SSH, I use my Navigator to connect to my Servers, no matter where Im connecting from (Ipad, Macbook, Raspberry Pi, Windows, etc.)For me is very useful, you can add MFA, SSL Cert, etc. very flexible and friendly.Here you will find the Installation files, instructions and useful information.Just a few screenshots!These are from my home lab. In another post, I will share with you a basic deploy and configuration, over vsphere. Home access Connections list Windows Server 2016 RDP over HTML5!SSH over HTML5!Windows Server + other tabs on topenjoy!.
Hi all!!! I’m here to let you know that the Veeam Cookbook is here and available for all of you in https://veeamcookbook.com/. This cookbook is a collection of recipes to accomplish one task each, the idea is based on a recipe that you read for instructions not for explanations.This book is intended for many people: New to Veeam and just want a simple next, next, next, approach, not to learn about Veeam but how to do something. People who already know Veeam well but sometimes we only do tasks once on an odd occasion, we know the technology just cannot remeber the how! People who just want a quick refresh These recipes for now are based in Veeam Backup & Replication operations Version 11. The cookbook is the creation of the EMEA Veeam Solutions Architects, and we’d really appreciate your feedback for future releases. More to come soon!!!
Afternoon, Whilst not directly related to Veeam it’s worth reminding those of you using VMWare in your environments that if you’re using a version of vSphere that requires Flash, you have until the 12th January before Adobe trigger the kill switch preventing Flash from running, permanently. This could also cause you pains if you have plugins that either haven’t been upgraded to HTML5 yet or don’t have feature parity with their Flash counterparts. If you’re not on a version of vSphere that supports HTML5 or you haven’t got all the Flash client features you’re either running an unsupported version or you’re extremely out of date on your patching and haven’t got full feature parity yet. Full information here
During troubleshooting a backup environment, it’s common the necessity of test ports responsivity of our backup servers, like Veeam backup server, mount server, proxy or repositories.We normally do that with telnet. However, by default telnet client is not installed during Windows Server and the Veeam Backup Server often is our principal component our backup infrastructure.So, if you want to test some communication port without install telnet client, you can use PowerShell for it.Use the sintax below:Test-NetConnection -ComputerName <IP> -Port <port>Here is an example for the command:An interesting point is that if the communication port is not well succeeded, the utility make an aditional ping test:
Some weeks ago the backup monitoring team of my company had an issue with the backups of one of our customers…Where it started and where did it end...If you want to know, keep on reading The infrastructure of the customer : The customer was having a Hyper-V infrastructure with a couple of Hyper-V hosts and +/- 30 VMs running on shared storage (several CSV volumes) divided on those hostsThe customer is using backup-jobs in Veeam Backup & Replication and is using replication-jobs in Veeam Backup & Replication The backup issue : The backups were running fine, except for 1 VM.I don’t know anymore the exact error in Veeam…The engineers tried several things trying to resolve this issue, but nothing helped.At least they contacted me if I had an idea for this issue.I quickly noted the error and mentioned that the cause of this error is not related to the backup, but that there is a Hyper-V issue for this particular VM.I suggested two things : try at first a live migration of that part
Because this article caught my eye and the topic is still important.https://blocksandfiles.com/2020/12/04/the-terrible-tib-gib-and-pib-game/You probably know, there is difference in the way hardware and software vendors quote their capacities.Normally hardware vendors use KB, MB, GB, TB, … Here 1 KB means 10^3 byte (base 10) = 1000 bytes (k stands for kilo which means 1000)Software vendors instead use KiB, MiB, GiB, TiB, … Here 1 KiB means 2^10 byte (base 2) = 1024 bytes. As you can see, size-difference with KB vs. KiB is quite small: 24 byte (2,3 % less capacity with KB)When it comes to greater unites, difference is getting larger:1 GB = 10^9 vs 1GiB = 2^30 = 1 073 741 824 --> ~ 7 % less capacity with GB 1 TB = 10^12 vs 1 TiB = 2^40 = 1 099 511 627 776 --> ~ 9 % less capacity with TB (~90 GiB) The greater the unit, the greater the difference between base of 10 and 2.I (quickly and dirty) created a small graph to show percentage increase over units1=KB, 2=GB, 3=TB, ...Another out
Hello Community,Pretty much every week I have the same question, or comment, regarding how to create a Data Protection system that scales, it is flexible in terms of adding workloads, and dynamic so every business owner can add workloads without any difficulty.If we look at the diagram of what I just described, it could look like this, where a few Proxies are protecting an specific SLA, another three are protecting another a bit more aggressive SLA, and finally a physical Proxy is protecting the tier1 workloads using storage snapshots and SAN Backup Mode.We will make use of the flexibility and integration with VMware vSphere Tags, so we will need to create all of them under VMware, under one, or more categories, like this:On Veeam Backup & Replication they will look like this, so create a job with a name, then we add the desired tag:Selecting the Proxies we want, with the retention we want as well:And the schedule of course:Until you have something similar to this:Now, back to VMwa
Kasten not only backs up your Kubernetes workloads, but it also backs up itself!Kasten DR can leverage an NFS or S3 remote location to backup its components in the event of something unfortunate happening.In our case that unfortunate event happened. Junior Joe had just been hired the week before. Junior demanded full access to the Kubernetes cluster “or else” and since his father was best friends with the CEO he soon was given admin user access on the cluster.On his first day working remotely (which is now every day thanks to covid19) Junior Joe was completely unsupervised so he decided to play around with helm and typed the following on the CLI: and then:The result was this: and with that our Kasten backup setup was history!!! Luckily the KubeMaster Genius Geoff had previously setup the Kasten DR policy which was backing up Kasten and its settings to an offsite S3 location. After Junior Joe timidly confessed to his transgressions Genius Geoff went to work:First he re created the kaste
An attacker can not immediately delete or change backup files located on Hardened Repositories. But with more time the attacker can do some damage. So it is important to keep a regular eye on it. A efficient way is to monitor Hardened Repository with Veeam ONE v11a. In this version some enhancements have been added which we will now take a look at. Monitoring immutability enabledWhen Veeam hardened repository is setup correctly, immutability is enabled and a appropriate number of days is chosen. When an attacker has access to the backup server, he could try to disable immutability. After some time all backups would be free to delete or modify. Therefore it is important to keep it enabled.In Veeam ONE v11a there is a new alarm for checking the state of immutability: Immutability state. Alarm is assigned by default to whole Backup Infrastructure. When Immutability state becomes disabled, alarm will trigger. Use this to be notified by mail. If you prefer reports for notification, Backup O
In another Topic, I wrote about designing a Proxy In This Topic will see about the repository design.We need to consider The key recommendation is to follow the 3-2-1 rule. Calculate 1 core and 4GB RAM per repository task slot. The recommended minimum for a repository is 2 cores and 8GB RAM.Sizing The recommended amount of CPU for a repository is 1 core per concurrent configured task slot on a repository server. Configure at minimum a 2 core and 8GB RAM repository server to allow the operating system to be more responsive. When sizing task slots on a repository you have to understand when and how many task slots are consumed. Any write process will consume a task slot. So backing up 10 VMs in one job using per-job backup chains will only write one file (VBK/VIB) in the end - so it consumes one task slot. Running the same backup job with per-VM backup files will create one file per VM and thus can leverage up to 10 tasks slots (when available). Backup Copy Jobs, Agent Backups and
I thought it would be good to share this here, although this is already covered on many news sites.Yesterday VMware did publish a Security Advisory regarding multiple vulnerabilities in vCenter Server. The most critical one "CVE-2021-22005” did receive a CVSSv3 score of 9.8 (of 10) and an attacker could take over the control just be uploading a file via port 443. Although vCenter shouldn’t be reachable from the WAN/internet, the vulnerabilities should still be seen as very critical; an inside attacker could already be waiting.All together there were 19 CVEs published and fixed by VMware. All currently supported vCenter Server releases are more or less affected:vCenter 7: <7.0 U2c: affected by all vulnerabilities → Patch to 7.0 U2d 7.0 U2c: “only affected” by the minor vulnerabilities → Patch to 7.0 U2d vCenter 6.7: all 6.7 releases are affected → patch to 6.7 U3o vCenter 6.5: “only affected” by the minor vulnerabilities → Patch to 6.5 U3q → the minior vulnerabilities are still cr
Register here: https://go.veeam.com/veeamlive-enThe agenda looks amazing, but you definitely do not want to miss out on these sessions:Customer panel — Your Journey to the Cloud & Data Strategy (I personally love hearing real stories from real customers) Veeam v11: Top 11 hottest NEW features Can recommend signing up for v11 news here Some hints of what may be presented in this thread by @MicoolPaul Cybersecurity Strategies for the Modern Era (presented by the always amazing @Rick Vanover and Europes #1 ethical hacker: Jamie WoodruffDo note, at the top there are different languages available which contain some variances in which sessions are available. The languages available are : English, French, German, Italian, Spanish and Russian. One of the classic presentations by Jamie Woodruff:
Today’s topic will be regarding Cloud Native workloads within Azure & AWS and how best to adhere to Veeam’s 3-2-1-1-0 best practices and how concepts can differ from traditional on-premises data protection. Remember the 3-2-1-1-0 best practice is a minimum desired standard and going above and beyond these minimums will help your data availability and recoverability objectives.The public cloud has provided a huge transformation opportunity for organisations, the pay as you go model enables organisations to deploy quickly and without the overheads of infrastructure management. But these platforms are still part of a shared-responsibility model, with a key risk that you retain being, the protection of your data.3 - Copies of Your DataLets start with the easiest one. Three copies of your data, including your production data. Public cloud services such as Azure will inform you that they retain three synchronous copies of your data as a minimum via their “Locally Redundant Storage” offer
Login to the community
Log in with your Veeam account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.