Blogs and podcasts
Bring your knowledge and expertise while creating blogs and podcasts
- 606 Topics
- 4,579 Comments
SPOILER Warning if you’re awaiting your swag, don’t watch the video!I was lucky enough to be selected as a Veeam Legend this year and luckier still to be one of the first to receive the swag by the amazing @Kseniya & @Rick Vanover (and of course Alfred).Check out my unboxing video below to see all the goodies If you’re still on the fence about the Veeam Legend programme, it’s been an amazing experience so far, I whole heartedly recommend it!
Did you know that there is a very useful Veeam tool to validate the integrity of your backups? In some cases, a backup can get corrupted due to accidental changes in the backup file data. For example, the file can be damaged after transfer over the network or from hardware failures on the backup storage side. With Veeam Backup Validator, you can quickly verify the integrity of any backup file, without extracting the VM data from the archive.Veeam Backup Validator is a command-prompt CRC check utility that tests a backup at the file level. For integrity validation, Veeam Backup Validator uses the checksum algorithm. When Veeam Backup & Replication creates a backup of a VM, it calculates a checksum for every data block in the backup file and attaches these checksums to the data blocks. Veeam Backup Validator re-calculates checksums for data blocks and compares them against the initial checksum values. If the results match, the backup file is viable. This works similarly to the backu
VBO Calculator Community Edition V2 First we want to thank you for the great feedback and your input for Version 1 of the Veeam Backup for Microsoft Office 365 Calculator Community Edition! We already added some new features and bugfixes which we want to share with you.Click here to download the new version:Download(If you missed the first post where you can find all instructions, please follow: https://www.backupbros.com/2020/09/22/veeam-backup-for-microsoft-office-365-calculator/)To keep this short let me introduce the new features:Price ComparisonWe are now able to do a price comparision with on-premise-storage (where the compression is a bit lower) and your preferred object storage. As well as a second object storage vendor.You can enter your on-premise-storage costs (local object storage and local direct storage) in the input sheet:If you want to compare your preferred cloud object storage vendor with another one, just select the second vendor in the dropdown above the chart.VM eg
Veeam launched the veeamazing new v11 last week and with it, some amazing new features. In this blog post I’ll be highlighting the licensing requirements for these new features and a few other pre-requisites to use them. Veeam Continuous Data Protection (CDP)Veeam CDP enables organisations to achieve aggressively low RPO whilst still retaining the flexibility required by organisations for their retention needs. To utilise Veeam CDP your environment needs to be:VMware Environment using vSphere 6.5 or newer. Veeam needs to have either a Veeam Universal License or Enterprise Plus when using a socket-based license. Replication target can’t be a Veeam Cloud Connect Replica. Veeam Hardened RepositoryThe Veeam hardened repository is designed to help keep backups safe and data integrity assured. It’s great to see this feature requires no specific licensing from Veeam, however there are some pre-requisites to be considered:Only Linux repositories currently provide immutability Only certain task
As probably everyone at this awesome community knows : instant recovery of Veeam is great!!! This is one of the many reasons why Veeam has to be chosen over the competitors : you can read this in a previous sticky post of mine : Recap : 15 reasons to choose Veeam over competitors | Veeam Community Resource Hub Well I have a true time story showing that this functionality can save a company big time!!! At the service-desk of my company (an MSP), a priority 1 incident case came in of one of our customers, so SD First Line created an P1 incident case.By chance that day I was planned at third line of SD and was not planned for projects at customers...Regarding the urgency and the fact that our companies Veeam backup-expert was present that day at SD, the case came directly to me...Who is the customer : the customer is a secondary school Used infrastructure : they are using standalone Hyper-V hosts with local storage (don’t ask me why they are not using shared storage, but that’s another
The virtual machines I use for the deployment are generated from a Template (Golden Image) through a configuration file unattend.xml Answer files (unattend.xml)https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/update-windows-settings-and-scripts-create-your-own-answer-file-sxs What is Windows System Image Manager?https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-vista/cc766347(v=ws.10) Useful links for sizingVeeam Architects Site https://www.veeambp.com/ Veeam Size Estimation Tool (VSE)https://vse.veeambp.com/#/ The Restore Point Simulatorhttp://rps.dewin.me/ Veeam Ports Calculatorhttps://www.veeambp.com/ports/ REFS Calculatorhttp://dewin.me/calculator/ Bandwidth Calculatorhttp://rps.dewin.me/bandwidth/ Pricing calculator for small businesshttps://www.veeam.com/pricing-calculator NAS Calculatorhttps://cloudoasis.com.au/nas-calculator/ Veeam Clikable Demoshttps://veeamclick.be/ Prerequisite: System Requirements - Veeam Backup Guide for vSphere
BR v.11 - Step by step Install & Configure (Best Practice) | Veeam Community Resource Hub######################################################### CREATE NEW JOB add multiple VM 15 restore point Incr Weekly sinth full Saturday ######################################################### #Create new Job:$test2 = Find-VBRViEntity -Name "spc*"$repository = Get-VBRBackupRepository -ScaleOut -Name *****-SOBRAdd-VBRViBackupJob -Name "D002-TEST2" -Entity $test2 -BackupRepository $repository #Set 15 restore point:$retention = New-VBRJobOptions -ForBackupJob$retention.BackupStorageOptions.RetainCycles = 15$job = Get-VBRJob -Name "D002-TEST2"Set-VBRJobOptions -Job $job -Options $retention#Configure job schedule and enable it:Get-VBRJob -Name "D002-TEST2" | Set-VBRJobSchedule -Daily -At "23:30" -DailyKind Everyday | Enable-VBRJobSchedule#Set Forever Incremental:Get-VBRJob -Name "D002-TEST2" | Set-VBRJobAdvancedBackupOptions -Algorithm Incremental -TransformFullToSyntethic $true -TransformIn
I see one more change in VBR V11 Beta - the handling of exported backups and of backups with no associated backup job. Exported Backups:Up to V10 exported (disk) backups were put in the section “Disk (imported)”In V11 the exported backups are put in another section - “Disk (VeeamZIP)”. Up to V10 I have seen this section when creating a VeeamZip archive intentionally only. Backups from deleted backup jobs:Backups which were created from deleted backup jobs were put in the section “Disk (Imported)”, too. In V11 there is a new section: “Disk (Orphaned)” I think this describes the status of these backups much better than before.
Everyday is a school day, and today I found out something really cool that Veeam was doing, that I never knew about because “It Just Works”.I had an alert generated from a customer system today that I had never seen before. Now I’ve seen plenty of alerts for different backup issues, whether they’re caused by networks, BSODs, disk space constraints etc, but I got surprised by this completely new one. A Tape Drive Alert, but of an unexpected variety Warning: “TapeDrive alert: The voltage supply to the tape drive is outside the specified range.”As I said above, I’d never seen this warning before! I didn’t know that Veeam was tracking such attributes of the tape drives it uses. So I set about looking up the root cause of the problem and busted out some “Google-Fu” to find who else had these issues in the past and I found this page of Veeam Documentation:Tape Drive Alerts – Veeam Backup Guide for vSphereThis web page has all of the alert codes, the severity of the issue, a description about
Because backup of a vSphere VM almost always involves taking a vSphere snapshot, this VMware blog post will be interesting for every backup administrator. https://blogs.vmware.com/performance/2021/06/performance-best-practices-for-vmware-snapshots.htmlVMware has tested the performance impact of snapshots. Baseline performance is a VM without a snapshot. After that, performance testing is done with 1, 2 and more snapshots. Tested was default IO-tests and java application performance (SPECjbb). Tests included: vVOL, VMFS and vSAN.Test Results:Impact on vVOL depends on the storage system, because snapshots are taken there. VMs on VMFS have a huge performance penalty even with one snapshot. To be more exact: the first snapshot has the greatest impact! vSAN does not suffer much from snapshot with sequential workload. To be honest I think this is interesting to know but has no meaning in reality. SPECjbb does not show worse performance at all.Recommendations:Let snapshots exist as short as p
Each time I talk to customers at installation dates or health-checks, I spend some time talking about vSphere transport modes. These are: Direct Storage Access, Storage Integration (I take this as a separate mode), Virtual Appliance and Network mode. This is a topic with a lot of facets still not widely known. Here I will try to compare these transport modes on the basis of some characteristics. Direct Storage AccessSecurity Honestly rather bad. Since production volumes are presented to a Veeam proxy host, a local admin/root can easily delete all volumes within seconds. Much better if the storage system is able to present volumes in read-only mode. Network As the name suggests, backup traffic is kept in storage network. Configuration Effort It is more complex to configure than other modes. This is also because you need to configure different layers like storage switches and arrays. You may have to configure the array with each new volumes for backup too. It could be more tricky to
It is being found that the official app used in installing SteelSeries devices on Windows 10 can be exploited to grant Admin rights as discovered by some security research “Lawrence Amer“. As stated by BleepingComputers, the bug can be leveraged during the device startup process using a link in the License Agreement screen that is opened with SYSTEM privileges. A real SteelSeries device is not necessary to exploit the bug. Also, a bug was discovered in the Razer Synapse software that granted unauthorised admin access. Now, a similar bug was found in SteelSeries software that gives anyone who plugs in a device complete control over a Windows 10 PC with admin rights. Emulating a device also works: This discovery became known after news broke out about the Razer Synapse software as it was able to grant administrative privileges when connecting a Razer mouse or keyboard. This motivated the research from Jorhat, offensive security researcher Lawrence Amer (research team leader at 0xsp) foun
Another video from the quick and nerdy series. This video is half how-to half showcase of the true flexibility of Veeam and cloud data protection. It starts with taking a backup of an EC2 instance with VBAWS, using a VBR server to backup copy job to a SOBR with Wasabi and finally using that Wasabi bucket to Natively restore to Azure. This one had a lot of moving parts so it went a little over the 10-15 minute structure but it’s worth a watch!
Greetings Community,I have been working for a few weeks on parsing all things Veeam Logs, deep stuff that is for sure. On this specific Post I want to cover the Monitoring of the Capacity Tier Jobs and Tasks.This is work in progress, so I am writing this post seeking help from you, to try it on your lab, or on your environments (always remembering it is Community Stuff and not supported)System RequirementsYou should have Telegraf+InfluxDB+Grafana installed Grafana should be the version 8.0.2 - In case you have an inferior version, or superior, please just run this sudo apt-get install grafana=8.0.2 You should have telegraf installed on the VBR, I hope properly configured sending metrics to your InfluxDB. Ping me if need anything. But it is really simple. The telegraf.conf at the end should contain this at the end of the file (this is the fairy dust that makes us fly :))# Offload Job - ID and final status[[inputs.tail]] files = ["C:\\ProgramData\\Veeam\\Backup\\*\\Offload*.log"] from_
Do you actively use Veeam Replication?If so, how long has it been since you’ve implemented it? For me, I don’t currently use it, but am in the process of getting it going again after about an 8yr hiatus. Not too much has changed since then, but there has been some enhancements you might not’ve known about, or some behavior you either didn’t know about or forgot. Below, I will be sharing some tidbits & behaviors I feel you should be aware of when making design decisions when implementing Veeam Replication.Before getting into the “Don’t Know/Forgot” items, let me briefly review how Replication works from a high-level. First, they are a job-driven task. You’ll need to set up a job and configure various settings. Next, depending on the source data you’re wanting to replicate, you can either replicate data directly from your production environment, or from other locations. I’ll touch more on this later. Lastly, the first run of Replication creates a fully functional VM on the target, an
Yet another Windows print spooler zero-day Vulnerability: Mitigate Windows Print Spooler Remote Code Execution – CVE-2021-36958
Microsoft has issued an advisory for another zero-day Windows print spooler vulnerability tracked as CVE-2021-36958 that allows local attackers to gain SYSTEM privileges on a computer. As stated by Microsoft, an attacker who successfully exploits this vulnerability could run arbitrary code with SYSTEM privileges.I you wish to have more detailed information on the development of this vulnerability, when it was first discovered, its workaround and patches released so far, please visit the following links.Unlike the previous exploits, this vulnerability affects for the Windows print spooler, Windows print drivers, and Windows Point and Print. For a detailed guide, please refer to this link. Here is a link to the video (Twitter trend) as discovered by Benjamin Delpy. How do you mitigate this issue? There isn’t a patch (update) as at the time of this writing. The good thing is, there is always a workaround.– You can disable the Print Spooler service or allow your device to install printers
Big News compliance Junkies have taken over NKGG’s and JuniorJoe’s company!!NKGG’s and JuniorJoe’s company was grabbed in a hostile takeover. A group of venture compliance junkies are now at the helm. The firm is now call Drdisasters.com. They specialize in taking DR testing to the limit so that it conforms completely with a compliance junkie’s dream, that is, Drdisasters.com will test your DR Plan by creating real life DR situations for your company. The next time an auditor asks, “how sure are you that the DR plan will work?” you can answer well we burned down our server room and implemented our DR plan and it worked wonderfully!!Now more than ever NKGG had to finalize his Kasten authorization setup. Come audit time the compliance gang would surely drill him on every aspect and he needed full control. Time to ditch the external authentication service and create his own.After some research he decided on using keycloak and the bitnami helm chart: https://bitnami.com/stack/keycloak/helm
Good day everyone !In November 2020 I created a PowerCLI script which creates a vSphere role with cumulative permissions for Veeam Backup & Replication version 10.In the meantime VBR v11 was released and I needed to update that script and wanted to create “new awareness” of it. The fact that I see A LOT of Administrator@vsphere.local users being used with adding the vCenter to Veeam makes me nervous, that’s why I wanted to fight against this with a simple script so no one needs to manually go through the privileges. Now there is no excuse to use highly privileged user accounts !This PowerShell / PowerCLI script lets you create a new vCenter server role with all the cumulative privileges and permissions to use them with Veeam Backup & Replication V11.The privileges used are based on the recommendations out of the Veeam Help Center which you can find here: Cumulative Permission for VMware vSphere – Veeam Help CenterSimply execute the script and follow the steps to fill in the rel
This is a short story I recently experienced with a customer of mine…Some months ago we got a request from Veeam 😉 with an opportunity for a new customer. This customer was using a lot of standalone Hyper-V hosts in combination with Oracle databases and was using a competitor software as their backup solution.They were not happy about the stability of the product and neither about the delivered support of the backup-vendor. Therefore they were searching for other backup-vendors and of course they ended up at Veeam.They contacted Veeam because they wanted more information about the product and if Veeam could deliver a design that perfectly matches the requirements of the customer. Veeam transferred this opportunity to my company (being a gold MSP).The accountmanager of my company and myself had a meeting with this customer to know what their requirements were. Afterwards I created a design that perfectly matched all their requirements and even more 😉. The customer was very happy with
Recently on July 21st, there was a new storage plugin release by @Veeam for the Hitachi storage arrays. It can be found here - Veeam - Hitachi Plugin. This plugin allows you to connect Veeam to your Hitachi storage arrays to leverage the SAN-based snapshots for your backups. Hitachi has also released documentation which can be found here - Hitachi - Veeam Plugin.Hitachi Plug-In for Veeam Backup & Replication supports integration with the following storage systems:VSP E590, E790, E990 (93-03-01-60/00 or later), VSP F350, F370, F700, F900 (88-07-01-x0/00 or later), VSP G350, G370, G700, G900 (88-07-01-x0/00 or later), VSP 5000 series (90-05-01-00/00 or later)Today I am going to walk through the installation and configuration of the plugin within the Veeam software. This will show how easy the plugin is to install and configure within the Veeam environment. One thing to note is that you need to take a look at the Hitachi documentation so that you can configure the access for the
A few days ago @Link State posted how to migrate MS AD-controllers using Veeam Replication. Therefore I thought it would be interesting to get to know the new vSphere Advanced Cross vCenter Server vMotion (XVM).What is Cross vMotion about?First, there is a difference between Cross vCenter Server vMotion (xvMotion) and Advanced xvMotion. xvMotion was already introduced (and supported) for migration of VMs between vCenters within the same Single-SignOn (SSO) Domain in vSphere 6.0. With Advanced xvMotion it is possible to migrate VMs between vCenters in different SSO Domains!Advanced xvMotion is not completely new. Actually it exists for about 5 years as a fling. Now it is introduced in the latest version of vSphere: 7.0 U1c (notice the "c"!) How does it work?For demo I use a vCenter 6.7 U3 as source and a 7.0 U1c vCenter as destination.To start the wizard, right click the resource, you want to move VM(s) to and select Import VMs. Provide data of source vCenter. And press Login. When cre
This is a recent research by security specialists of the Dolos Group to determine if an attacker can access the organisation network from a stolen device and also perform lateral network movement.They were handed a Levovo Laptop preconfigured with the standard security stack for this organization. No prior information about the laptop, test credentials, configuration details, etc were given. They stated it was a 100% blackbox test.Once the got hold of the device, they headed straight to work and performed some reconnaissance of the laptop (BIOS settings, normal boot operation, hardware details, etc) and noted a lot of best practices were being followed, negating many common attacks. For example:Pcileech/DMA attacks were blocked because Intel’s VT-d BIOS setting was enabled. All BIOS settings were locked with a password. The BIOS boot order was locked to prevent booting from USB or CD. Secureboot was fully enabled and prevented any non-signed operating systems. Kon-boot auth bypass did
The Notorious Kube Genius Geoff had a problem.After saving the company's Kasten setup by doing a DR restore he was told that Junior Joe’s full access to the cluster would be removed but he still needed access to Kasten to perform his duties which involved only certain functions with policies. NKGG referenced the Kasten documentation concerning Authentication and decided it was time to leverage Open ID connect to do this and in that manner limit Junior Joe’s access.https://docs.kasten.io/latest/access/authentication.html#openid-connect-authenticationThis was going to be no walk in the park. NKGG had never ventured into this area of IT before so he decided to read up on the protocol itself and found a great free resource:https://auth0.com/resources/ebooks/the-openid-connect-handbookThe handbook was offered by Auth0 and they had a free plan to start out with so NKGG decided to give their service a try. You can sign up for free here:http://Auth0: Secure access for everyone. But not just a
Login to the community
Log in with your Veeam account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.