Blogs and podcasts
Bring your knowledge and expertise while creating blogs and podcasts
- 570 Topics
- 4,291 Comments
PetitPotam attack on Active Directory Certificate Services: How to mitigate NTLM Relay PetitPotam attacks on AD CS
Recently, Lionel Gilles, a French-based Offensive Computer Security researcher based in Paris, France published a PoC tool on NTLM Relay Attack known as PetitPotam that exploits the MS-EFSRPC (Encrypting File Services Remote Protocol). PetitPotam is a classic NTLM Relay Attack, and such attacks have been previously documented by Microsoft along with numerous mitigation options to protect users. Here is an example of such documents: NT LAN Manager: How to prevent NTLM credentials from being sent to remote servers. Below are some related guides: Active Directory Authentication methods: How do Kerberos and NTLM work? how does cached domain logon work?, and What is Pass the Hash Attack and how to mitigate the attack. PetitPotam takes advantage of servers where the Active Directory Certificate Services (AD CS) is not configured with protections for NTLM Relay Attacks. The mitigations below outline to customers how to protect their AD CS servers from such attacks and help in mitigating the W
Hi all,a new 0Day vulnerability for Windows 10 clients has been released, the article also recommends deleting all the vss restore points and recreating themSecurity Update Guide - Loading - MicrosoftCheck Windows 10 for SeriousSAM and HiveNightmare Vulnerability Fix - Virtualization Howtohttps://github.com/GossiTheDog/HiveNightmarecommad check : icacls c:\windows\system32\config\samWorkaroundsRestrict access to the contents of %windir%\system32\configCommand Prompt (Run as administrator): icacls %windir%\system32\config\*.* /inheritance:eWindows PowerShell (Run as administrator): icacls $env:windir\system32\config\*.* /inheritance:eDelete Volume Shadow Copy Service (VSS) shadow copiesDelete any System Restore points and Shadow volumes that existed prior to restricting access to %windir%\system32\config. Create a new System Restore point (if desired).Impact of workaround Deleting shadow copies could impact restore operations, including the ability to restore data with third-party backu
More and more customers are aware of the fact that 1 copy of their backups is not longer enough . Yes!I always recommend to my customers and colleagues to implement the golden rule 3-2-1-1-0 (see my blog post : 3-2-1-1-0 Golden Backup Rule | Veeam Community Resource Hub).The thing I want to highlight is having 1 copy offsite and being airgapped - immutable at the same time! Veeam delivers here 2 important possibilities : using a copy job to a service provider offering VCC using object storage with the copy mode in the SOBR capacity tierIn this post the move mode in the SOBR capacity is being ignored.Also using an object storage appliance on-premises is being ignored. The purpose of this post is knowing the similarities and differences between the two possibilities I already mentioned. Why? Because customers and colleagues often ask me why they should choose a copy job to our VCC instead of using object storage at a public cloud provider like Azure or Amazon.I have a list of 10 simil
Much has been said about backup and data protection. However, little is said about Backup Policy. In today's post I decided to address what are the aspects that surround a backup policy and why it is important to have one. What is Backup Policy?The backup policy is nothing more than a document that gathers all aspects related to the workload that the backup exerts on an IT environment. On this document we can gather all the information that is considered useful during the backup process or even during a moment of disaster that involves the failure of one or more IT services to operate. So I decided to talk about some topics that I consider important to include in any backup policy. Forget TemplatesA backup policy is a document about your backup routine. So, forget about any kind of templates or pre-made documents about backup policy. You are responsible for the backup. So, no one better than you to understand the data protection environment and landscape. Write a document from scratch
Yes, it is no backup topic. But because we discussed a reason for my testing here already:I thought it could be interesting. In this post I investigate what happens when a VMware vSphere ESXi host loses its boot device. This device is meant to be a persistent device. For non-persistent devices like USB- and SD-card, behavior is quite clear: whole ESXi OS runs in memory, no mass-write operations should be directed to the device. When it breaks, ESXi isn’t missing it and keeps running.With a persistent device I was convinced that ESXi would die when it broke. BUT: ESXi survives. Not such a clean behavior like with non-persistent devices, but it survived. Reason for testingThere is a concrete reason for this testing. I want to answer the question, if it is safe to boot a ESXi host from a single disk. No Raid, just a single disk connected to a HBA. This would be an additional option for ESXi boot device. Why? Because VMware and other server vendors do not recommend to use non-persistent bo
Veeam ONE provides visibility into data protection and virtual environments. Alarms, reports, and dashboards provide real-time monitoring, documentation, and at-a-glance views of your environment. Veeam ONE is known for its proactive alarms and detailed reports, but there are also valuable dashboards that can be used by every business. Dashboards visualize various aspects of your environment, including resource utilization, performance issues and top trends. Dashboards can be viewed in a web browser, delivered to your email, or even integrated into web portals.There are pre-defined dashboards available immediately at your fingertips, but you can create your own dashboard views within Veeam ONE as well. The aim of this blog post is to walk-through the steps taken to create customized dashboard views. Getting startedThe first step is to decide what you want to see in your environment. Do you want to get granular and only see updates on certain machines? Or maybe only certain backup serve
The importance of Veeam Data Movers Veeam Data Mover performs data processing tasks on behalf of Veeam Backup & Replication, such as retrieving source machine data, performing data deduplication and compression, and storing backed-up data on the target storage.For Microsoft Windows servers, Veeam Data Movers are persistent, that is, Veeam Data Mover is uploaded and installed on a server only once. Veeam Backup & Replication automatically installs Veeam Data Mover when you add a Microsoft Windows server to the backup infrastructure.For Linux servers, Veeam Data Movers can be persistent or non-persistent. Non-persistent Veeam Data Mover is uploaded and removed each time Veeam Backup & Replication addresses a server.For Veeam Data Mover to be persistent, you must specify an account with root or equivalent to root permissions when adding a Linux server. Persistent Veeam Data Movers are required for the following backup infrastructure components:Hardened (immutable) repositorie
New Feature v11 Job FilterCreating Job Filters Editing and Deleting Job FiltersA job filter allows you to filter jobs by different parameters. For example, you can create a filter that will show only VM backup copy jobs.Creating Job FiltersTo create a filter, do the following:Open the Home view. In the inventory pane, select the Jobs node. At the top of the working area, click All jobs > Add new. Alternatively, right-click the Jobs node and select Add view. In the Add View window, specify a filter name. The name must be up to 200 characters long. If you want to show this filter as a subnode of the Jobs node in the inventory pane, select the Add this view to the job management tree check box. In the Workload section, select workloads which jobs must process:Application — Veeam Backup & Replication will show Veeam Plug-in jobs and jobs in which SQL transaction log backup or Oracle archive log backup is enabled. Cloud VM — Veeam Backup & Replication will show jobs that process
Hi,Today I’m excited to finally share my blog series that I’ve been working on for some time, a deep dive into the object storage solutions available from the “big three” public cloud hyperscalers (Azure/AWS/GCP). Part one is available now over at the Veeam Blog and I’ll be updating this post as the other sections become available over the coming days! I won’t spoil the reading but part one focuses on a review of these three services, where they are similar or differentiate so you can start to align yourself with a suitable cloud!UPDATE 25/08/2021: Part two is now available!UPDATE 04/10/2021: Part three is now available!Cloud Object Storage Deep Dive - Part One, ComparisonCloud Object Storage Deep Dive - Part Two, ImplementationCloud Object Storage Deep Dive - Part Three, Benchmarks Any questions? Did it help? Please feel free to give feedback!
In this quick quicktip I show how it is easily possible to show all jobs, a specific login account is used in. This can be very useful if you want to change the password or permissions of an account - to check involved jobs - or if you just want to clean up your configuration.To do so, open the Manage CredentialsTo show all jobs, just mouseover the account name. You see all jobs in popup: If account is used for no job, you see similar popup: There is also a popup, when mouseover the selected credentials in job:
Just read a post about Apple Time Capsule. According to a german data-rescue company there seems to be a design-fault of used HDDs. This fault may lead to mass extinction because of hardware damage. Affected devices Time Capsule devices of the 5th generation:2TB ME177Z / A with Seagate Grenada ST2000Dm001 3TB ME182Z / A with Seagate Grenada ST3000DM001Recommendation: Safe your Time Capsule data Maybe switch to Veeam Mac Agent Here is the translated article:https://translate.google.com/translate?hl=en&sl=de&tl=en&u=https%3A%2F%2Fwww.030-datenrettung.de%2Fapple-airport-time-capsule-aufall-droht.htmlHere is the original (in german) article. Here you also see good pictures for illustrating the possible damage:https://www.030-datenrettung.de/apple-airport-time-capsule-aufall-droht.html Hope this helps to avoid backup data loss!
Kasten not only backs up your Kubernetes workloads, but it also backs up itself!Kasten DR can leverage an NFS or S3 remote location to backup its components in the event of something unfortunate happening.In our case that unfortunate event happened. Junior Joe had just been hired the week before. Junior demanded full access to the Kubernetes cluster “or else” and since his father was best friends with the CEO he soon was given admin user access on the cluster.On his first day working remotely (which is now every day thanks to covid19) Junior Joe was completely unsupervised so he decided to play around with helm and typed the following on the CLI: and then:The result was this: and with that our Kasten backup setup was history!!! Luckily the KubeMaster Genius Geoff had previously setup the Kasten DR policy which was backing up Kasten and its settings to an offsite S3 location. After Junior Joe timidly confessed to his transgressions Genius Geoff went to work:First he re created the kaste
Hi all,We all love VEEAM .But why is it called like that?Originally Ratmir Timashev and Andrei Baronov founded Veeam in 2006.They called their company from the phonetic pronunciation of the letters VM (stands for Virtual Machine)!In the meanwhile everybody knows that the company is owned by US Insight Partners and has it’s headquarters in Baar (Switzerland) and in Columbus, Ohio (US). I think that this is too simple, the name V.E.E.A.M. stands for much more... VVirtual Machines / Virtualization. Yes correct, it all started at the beginning with monitoring and reporting for a virtual infrastructure.Virtual machines and virtualization is probably still the most used asset with the veeam products.Versatile. It’s more than clear that Veeam tries to have a solution for every demand, so it has definitely versatile products.Vision. Veeam has a great vision : To be the most trusted provider of Backup solutions that deliver Cloud Data Management! EEliminate Data Loss. VBR brings balance to you
As part of my virtual VMUG tour, I submitted a session to the VMUG call for papers covering the subject of Data Protection for Tanzu Kubernetes workloads. (Most of this will apply for any Kubernetes environments).This was picked up by Erik at the Belgium VMUG for their UserCon in June 2021. After the session the videos remain available on demand for a short time, but there were no plans to upload this for everyone. So thank you to Michael Cade, whom offered to host this session for all on the Cloud Native Data Management – YouTube Channel.In the below session I cover the following areas;What kind of data protection do you need? Velero The open source data protection project from VMware Tanzu Mission Control The Kubernetes fleet management platform that utilizes Velero from VMware. 3rd Party Options A nod to the 3rd party ecosystem that offer enterprise Data Protection and Management software such as; Kasten by Veeam There is even a quick technical demo in there, with a little
I had the pleasure of presenting this Kubernetes 101 session to the Veeam Community thanks to my work as part of their Veeam Vanguards program, and a special thank you to Michael Cade who co-presented with me!In this session we cover the following with technical details included:How have we got here? Kubernetes – The Building Blocks Policies Wrap-up I’ve also a number of Kubernetes related content on my blog. And I’m slowly completing 100 Days of Kubernetes tracked here on my GitHub.
If you missed the first part of this 3-part series, you can read it here. For the 2nd part, go here. This 3rd and final part in the Blog series will be a bit lengthier than the previous 2, but the extra content is worth the read. In this 3rd post, I’ll be discussing the Backup Copy Job Long-Term (or GFS) Retention Policy. For the remainder of this post, I’ll just refer to this as ‘GFS Policy’. Over the years, I’ve generally felt Veeam’s User Guides have been fantastic. The best out there, in my opinion, are the VMware User Guides, with Veeam a close 2nd. Since about Veeam v9, when Veeam really started gaining steam implementing some of their best features to date – Storage Integration, expanding their Veeam Agent offering, etc, their User Guides have seemed to start lacking some needed information. I think part of the reason is they were jamming everything into one Guide and possibly cutting some corners. They really needed to start separating some features out of the main User Guide t
This is a small-scale amateur emulation of a hacker’s website defacing followed by a Kasten restore.I have created a small static website with Nginx deployed in Kubernetes. The Geoff Burke Propaganda website is designed to boast a positive image of the individual, hard working and healthy living and to inspire Management to make the right decision at salary review time.A group of malicious hackers gained access to the website and replaced the content with completely false information and quite obviously fake photos. However, Kasten was backing up the Website so in no time at all and before company management had a chance to view, truth and integrity were restored.Here is my website: Malicious hackers however replaced the page and photos with this vicious slander: Luckily, I chose Kasten to backup my website so I was able to quickly restore from backup: My Policy backups every hour and exports to an Offsite S3 as well allowing me to abide by the 3-2-1 rule of backup. I will pick the l
If you missed the first part of this 3-part series, you can read it here. In this post, I’ll be discussing the Backup Copy Job Short-Term Retention Policy. The main purpose of Short-Term Retention is to create additional copies of your Backups, whether on- or off-site, meeting at least the “3” part of the “3-2-1 Rule”.In previous Veeam versions, the Short-Term Retention Policy was referred to as the Simple Retention Policy. As with previous Veeam versions, the Short-Term Policy will retain using the Forever Forward Incremental method to copy the data to target, as long as Long-Term Retention (GFS) Policy is not enabled. What this means is this: during the initial run of the Copy job, a Full backup restore point (.vbk ) will be created, either 1 file or multiple files. For per-VM, a Full file will be created of every VM copied. If not enabled, one Full is created containing all VM data in a single file. Subsequent Copy Job runs will consist of Incremental restore point files ( .vib ) co
One of the biggest mysteries of Veeam’s list of features in my opinion is the Backup Copy Job. On the surface, they’re easy to understand – you create a Copy Job, use some supported backup source, and copy this source VM data to a designated target to implement part of the 3-2-1(-1-0) Rule – have multiple copies of your data and/or at least 1 offsite copy of your data. Easy, right? Well, when you look under the hood of the technology behind the retention, scheduling, interval, etc. things start to get murky pretty quick, at least for me. The most difficult to understand about Copy Jobs in my opinion is how the retention algorithm works when using the GFS (grandfather-father-son) archive option. And with the changes brought to Copy Jobs with the release of Veeam v11, I believe things got worse instead of better. As such, I thought it would be beneficial to the Veeam Community for me to go through the Backup Copy process from a deep-dive perspective, and see if I can make a bit more clea
Hello!Melissa @vmiss33 and I have hijacked Veeam Community Podcast from @Rick Vanover and rebooted it!Now the two of us will be inviting people to talk about businesses and industries that everyone takes for granted, but nobody knows how they actually work.In the pilot episode Drew Como @dcomovanguard was telling us about his days at Take-Two Interactive and THQ. We discussed how videogames are created and what it takes to provide a seamless online experience for dozens of players simultaneously. Please let us know what you think of this format and reach out to us if you have a few stories to tell about your industry!
Hi all,As a Veeam partner I often get the question from customers and colleagues : why choose VBO365 and not one of the so many SaaS competitors?That question is not so easy to answer, but there are a lot of reasons.I’ll try to give some reasons why I find that VBO365 has advantages relative to other SaaS competitors. Flexible : You can install VBO365 on a VM or physical server on-premises.You can use regular storage or an object-storage appliance.Also you can install it on a VM in the public cloud and using object storage as the best choice (costs and quantity of storage). Proximity : Because you can install it on-premises or as a partner on your own hardware in a datacenter, you can deliver proximity instead of used storage of a competitor in a region far away from your location.In Belgium the proximity is an important reason for a lot of customers. Several flexible restore options : With VBO365 you have many, many restore options, not only to existing O365 resources (mailbox, onedri
As you may know, with vSphere 7 Update 1 VMware introduced the vSphere Clustering Service.The plan is to get more independent of vCenter Server for certain cluster features like for example DRS.Where you certainly notice the difference, compared to older releases, are the vCLS agent VMs shown in vCenter.https://blogs.vmware.com/vsphere/2020/09/vsphere-7-update-1-vsphere-clustering-service-vcls.htmlThere's no need to backup them and if you have a current Veeam version (v10a Patch 20201202 or higher), they're are automatically excluded from your jobs.The agent VMs are manged by vCenter and normally you should not need to look after them.Normally…yesterday we've had the case were some of the vCLS VMs were shown as disconnected; like in this screenshot:Checking the datastore we have noticed that those agents VM had been deployed to the Veeam vPower NFS datastore.As this datastore is managed by the Veeam server and can connect/disconnect at any time, it's a very bad location for the vCLS VM
Joining and contributing to Veeam User Groups can a daunting experience, and cause some apprehension in participants. This post attempts to alleviate that apprehension and address some of those unasked questions you may have, around contributing to this Community and/or Veeam User Groups I need to be a VMCE/VMCA/Veeam Employee etc to be able to contribute.Well if you insist, we’ll see you after you have gained your qualifications. Anyone with any* level of experience or qualifications can contribute. Remember it’s your story/experience you are sharing. Sure there might be existing blog posts or presentations about the same subject, but everyone will have a unique take on how they approached and resolved an issue. Now that* is worth sharing.I need to talk about cutting-edge products/featuresIf your day to day job involves working with the latest technologies, then sure go ahead, but not everyone is a Anthony Spiteri, Michael Cade or the content King..Jorge De La Cruz. Do try to remember
Backups of VMware vSphere VMs can be done with one of three transport modes. Each of these modes also provide the possibility to restore data. This post is about 3 reasons why direct SAN restore failover to NBD. Incorrect VMDK typeVeeam can only perform direct SAN restore with thick provisioned VMDKs. If any disk of a VM is thin provisioned, restore will not leverage SAN directly. Both, thick eager and lazy zeroed are supported. In my experience, eager zeroed is much faster from a restore point of view! So I recommend, to use this format.Note: you should not rely on the provisioning type you chose at VMDK creation: Thick provisioned disk can become thin if it is expanded.Fortunately, Veeam provides the possibility to change disk type in restore wizard. So you can be sure to use thick VMDKs when you enter this within the wizard. See here in Full VM Restore wizard:And in Virtual Disk Restore wizard: Disk is logically locked in Veeam proxyIf your Veeam proxy server is Windows based, it
Login to the community
Log in with your Veeam account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.