Blogs and Podcasts

A couple weeks ago I had the opportunity to attend and present at the Atlantic Security Conference (ATLSECCON) in Halifax, Nova Scotia. Established in 2011, this information security conference focuses on fostering innovation, strengthening collaboration and building resilience. The conference agenda centers on everything security related; challenges, complexity and emerging threats. This was not my first time attending ATLSECCON, I have had different working roles at the event throughout the years, meaning I’ve worked booth operations, I’ve presented at the event, and I probably have coordinated just the sponsorship opportunity in the past. I am unsure of the exact number of times I have attended, but I can say I look forward to this event every year, and it only gets better over time! After I got back, I was thinking about all the se

Migrating between sites is rarely straightforward, especially when you don't have access to the virtual infrastructure to create a replication job between sites. In this post I'll walk through a real-world migration from another provider to our own Virtual Private Cloud on VMware vCloud Director.  This will not be a build guide, but more of a high level overview of how it was accomplished and some of my findings, positive and negative. Project Background Our customer had expressed a desire to offboard from their previous service provider and onto our platform. They did not want to approach the provider before migrating, and suspected that the provider would not cooperate with setting up replication jobs to another service provider.They asked us to come up with a solution that had a low Recovery Point Objective to minimize interruption to public facing services. Key Constraints:The customer did not have access to the

Hi everyone,I am delighted to present my first blog post and my first contribution to the Veeam community today. I would be very grateful for any feedback 😊 When working with Veeam Recovery Orchestrator (VRO), you might occasionally run into situations where the system makes decisions that aren’t immediately intuitive. Recently, a partner approached us with a scenario that raised exactly that kind of question: How does VRO choose which backup copy to use when multiple copies exist? Let’s walk through the use case, the unexpected behavior, and what we learned from digging into it. The Scenario In this environment, VRO is running at the disaster recovery site and orchestrating a vSphere-to-vSphere restore plan. The plan uses the following steps:  A backup-to-disk job writes backups to a local backup repository.

Today marks a big milestone as my fourth book was published - Mastering Veeam Backup & Replication v13.  I wrote a blog about it when you can read in the link below, and I have put the links to Packt/Amazon where you can find it if interested. 😎This one was great to write, and I especially enjoyed the chapter on Veeam ONE that I put in this book.  I would truly like to thank ​@Rick Vanover for his chapter contribution about the Console (Chapter 4) and also ​@NikolaPejkova for her inspiring Foreword that she wrote, it was very touching, and I am grateful.Blog - Mastering Veeam Backup & Replication v13 - BlogBook LinksPackt - 

I recently deployed the Veeam Plug-in for HPE Morpheus VM Essentials version 13 (RTM) on my Veeam Backup lab server, which is running v13.0.1. Once tested, I'll have it available to demonstrate to my customers. Veeam has introduced a dedicated plug‑in that enables image‑level backup and restore for virtual machines running on HPE VM Essentials. This integration brings VM Essentials into the same unified protection workflow as VMware, Hyper‑V, and other supported hypervisors. The plug‑in is not bundled with the main Veeam Backup & Replication installer, so it must be added separately. What the Veeam Plug‑in for HPE VM Essentials DoesThe plug‑in extends Veeam Backup & Replication to understand and interact with HPE VM Essentials resources. Without it, Veeam cannot discover or protect VM Essentials servers or workers. Once installed, the plug‑in enables:Discovery of HPE VM Essentials hosts Ba

 You open the Add Server wizard in Veeam Backup and Replication. You pick Microsoft Hyper-V. The next screen gives you three choices. Microsoft System Center Virtual Machine Manager. Microsoft Hyper-V cluster. Microsoft Hyper-V server (standalone).Here is the part that catches people at times. SCVMM is the first option listed in the wizard. If you do not have SCVMM in your environment and you click Next without changing the selection, VBR throws this error: "Veeam Backup & Replication server does not have Virtual Machine Manager Administrator Console installed." That is KB4351. It is not a bug. You picked the wrong type.Each option changes how VBR discovers your VMs, tracks Live Migration, deploys components, and handles backup proxy behavior. This post covers what each option does, what it requires, and when to use it. It also covers how the same choice applies in Veeam ONE.What VBR Deploys on Every Hyper-V HostRegardless of which type you

I recently had an issue after updating both my VBR v12 Servers to the latest patch v12.3.2.4465. As most of you know, Veeam released a Vulnerability KB back on 12 March. See below:https://www.veeam.com/kb4830From this page, there is a link to direct you to VDP v12.3 Release information:https://www.veeam.com/kb4696 , which provides the download to the latest VDP v12 Patch. A few weeks ago, I downloaded the small patch and updated both my VBR servers. All good. But, with this patch, there is a bug. And let me be more specific here, a non-functional disruption bug. (i.e. more cosmetic than anything; Jobs are unaffected)IssueThe bug is on how VBR detects the latest update/release information. Even after I installed the P

Hi thereTime to update the Lab, this time, easy monitoring for VMs, Services and Webs.UPTIME - KUMAIm going to show you how to easily deploy an instance inside Proxmox, containerized, ready to go.First, go to this website and search the community script to deploy it:https://community-scripts.org/?q=uptimeCopy the command, as shown in the pictureGo to your Proxmox Host, open a terminal, and paste the commandHit EnterLets follow

How to change name and what to watch out for and what to consider if you have unmanaged plugins. My Name is „Bond“ – „Repository, Bond“ – Display-Name vs. FQDN – Licensed to Rename  Sometimes, in the backup universe, you simply want to bring order to chaos, fix a mistake, or the naming structure has just changed. So a repository is supposed to get a new, nicer name. Or the server behind it needs to be renamed because a domain migration is coming up, naming conventions have changed, or a rebranding is being rolled out. Basically: “We’re cleaning everything up now.” And this is exactly where you need to: “Change the name”. I know it sounds harmless at first — but it rarely is. Especially in IT, names often have… well… everything attached to them

 When you're standing up a Hyper-V cluster and adding it to Veeam Backup & Replication, the proxy placement question comes up. The documentation says you can use on-host or off-host backup mode, and both work. What it doesn't tell you is what the data path looks like. Or what infrastructure each mode requires. Or what happens when VBR makes a decision you didn't expect.This post covers what I've observed running on-host backup across a Hyper-V cluster and what the docs say about off-host mode.How Veeam Sees a Hyper-V ProxyVeeam's proxy for Hyper-V is not the same component as a VMware backup proxy. For Hyper-V, the role is fulfilled by the Veeam Data Mover. In on-host mode, every Hyper-V host you add to VBR gets the on-host proxy role automatically. You don't install it yourself. The VBR pushes the Data Mover to each host when you add it to the infrastructure.In off-host mode, the Data Mover runs on a separate machine outside the cluster. Tha

I have seen repeated conversations around leveraging SSO in Veeam v13, particularly concerns about joining the backup server to a production domain. This has also come up multiple times in my discussions with partners.Based on that, I put together this exercise to explore a few possible ways of addressing those concerns. It may be more than what some environments need, but sharing it here to get thoughts and opinions from the wider community.The challenge: Central identity Vs domain isolationVeeam Software Appliance v13 brings a SAML SSO experience into Veeam Backup & Replication. Organization want to integrate with Microsoft Entra ID forSingle Sign-on Unified Identity management Central auditingBased on my recent engagements with users, I have heard an interesting challenge: connecting Veeam to a production Entra domain. It has long been considered a best practice to avoid joining backup infrastructure to the pro

Hello Community,  There’s something every backup admin will relate to.You arrive, open the Veeam console, filter jobs by status, start clicking through failures, make a note of error codes, maybe open a browser tab to Google it or check the Veeam Community, cross-reference it, and slowly form a picture of what your morning actually looks like.By the time you know what needs fixing, it's already been half an hour. I’ve done this for years. We all have.  A few days back, I came across a post talking about Veeam introduced feature called Data Resilience Daily, also known as the Morning Coffee Report.The concept is straightforward. Before you open any console, the report lands in your inbox and tells you exactly what happened overnight, which jobs have issues, which workloads are affected, and what you should probably do about it.When I first heard about it, my reaction was simple. Another summary

Veeam 12In v12 is not so sensitive via WMI/DCOM connection Veeam 13Upgrade to v13 was successful.All services are runningPS C:\Users\user01> Get-Service | Where-Object { $_.Name -like "Veeam*" }Status Name DisplayName ------ ---- -----------Running VeeamAHVSvc Veeam AHV ServiceRunning VeeamAWSSvc Veeam AWS ServiceRunning VeeamAzureSvc Veeam Azure ServiceRunning VeeamBackupCdpSvc Veeam CDP Coordinator ServiceRunning VeeamBackupRESTSvc Veeam Backup Server RESTful API Ser…Running VeeamBackupSvc Veeam Backup ServiceRunning VeeamBackupUpda… Veeam Backup Update ServiceRunning VeeamBrokerSvc Veeam Broker ServiceRunning VeeamCatalogSvc Veeam Guest Catalog ServiceRunning VeeamCloudSvc Veeam Cloud Connect ServiceRunning VeeamDataAnalyz… Veeam Data Analyzer ServiceRunning VeeamDeploySvc Veeam Installer ServiceRunning VeeamDistributi… Veeam Distribut

Hi Folks,Next week we will be launching our new Fleet Manager and we have a true star joining us! See if you can guess who that is 😁! There will also be some other cool folks present. If you have time please join us. https://objectfirst.com/fleet-manager-launch-event/  

I am not sure if this has been posted somewhere before but I thought I would post my experience of setting up Linux proxies for our VMware backups and the one issue I ran into. I deployed a couple of Ubuntu 22.04 VMs, as I will be using hot-add for the VM backups. I added them to the VBR server and created a test backup of one VM. First backup attempt and I got this error:Error: Cannot get service content. Soap fault. Temporary failure in name resolution Detail: 'getaddrinfo failed in tcp_connect()', endpoint: 'https://vc.domain.local:443/sdk' SOAP connection is not available. Connection ID: [vc.domain.local]. Failed to create NFC download stream. NFC path: [nfc://conn:vc.domaint.local,nfchost:host-1310340,stg:datastore-1310378@TEST/TEST.vmx]. --tr:Unable to open source file [nfc://conn:vc.domain.local,nfchost:host-1310340,stg: So the key to the problem is “failure in name resolution”. Specifically name resolution from my new Linux pr

Ansible + Veeam + AI + Monitoring and Observability Tools = AIOps Everything starts with a signal.A sudden spike detected by Dynatrace.Suspicious behavior flagged by CrowdStrike.A failed backup showing up in Splunk.Before, this meant just another ticket.Someone had to notice it.Someone had to analyze it.Someone had to act.Time lost.Today, the flow is different.Observability detects.AI evaluates.The system decides.And that’s where everything changes.👉 Ansible Automation Platform executes automatically:isolates the workload adjusts the infrastructure triggers remediation workflowsMeanwhile…👉 Veeam ensures there is always a clean recovery point:immutable backups validated re

So Andy you did Magic tricks some time ago right? Can you tell me how security and ransomeware scanning is done by veeam with a card trick? Im a little rusty with it, but sure Challenge accepted, I will give it a try…   Can you tell me how security and ransomware scanning is done by veeam?SureSo lets do an abstraction. So we’ve got your files. Let’s think about 52 files inside a card deck.Each card in this deck, represents your workload, your database, your VMs, your server, your fileservers, your hardware servers.Each card is one of them and of course they all have a lot of data inside of them.Now one of your files,  one of your file servers is gettin

 Given the complexity and critical nature of this transition, I have created Part 2 of this guide to focus specifically on updating WinPE boot images to support the Windows UEFI CA 2023 Secure Boot certificates.The previous guide was published nine months ago and continues to generate significant traffic. This follow-up article addresses the missing component: updating WinPE boot images to ensure compatibility with Windows Deployment and the Windows UEFI CA 2023 Secure Boot trust chain.The complete Part 1 guide is available here, followed by Part 2 covering “

​It was a technical milestone last week for me in the lab after successfully migrating my Veeam v13.0.1 backup server from Windows to a Linux VSA. The purpose of this migration was to improve system efficiency and showcase the v13 product enhancements to my customers. This was a joint effort with Veeam support and the Partner team. Below are the steps I followed during the migration. The first step was obtaining approval from Veeam support and having a dedicated engineer available if any issues arose. All the migration steps are below Step 1 - engage Veeam support and open a migration ticketStep 2 - follow the pre-requisites from Veeam supportConfirm the latest P1 is installed Remove all the storage integrations from the Veeam server Remove the google plugin from the installation Collect and send the VMC log to support for verificationStep 3 - engage wit

TL,DRAfter upgrading to Veeam Backup and Replication v13, in one of our customer environments SAP HANA application backups started failing because the plug in tried to reach the repository on TCP 6162 first, timed out, and did not automatically fall back to the classic 2500 to 3300 range in our scenario as it should have done according to documentation.Opening 6162 fixed the connectivity requirement as confirmed by Veeam Support.  Our issueBackups that had been stable on v12 suddenly failed right after moving to v13, specifically SAP HANA application backups using the Veeam Enterprise plug in for SAP HANA. SymptomOur HANA jobs spent a long time “trying to connect” and then died with a timeout. In the logs it was obvious that the plug in was repeatedly attempting to connect to the

Hello, everyoneIn this article, we will explore Veeam Universal CDP (Continuous Data Protection), an advanced disaster recovery technology designed to provide critical levels of protection with minimal data loss.Unlike traditional backups, which run every few hours, Universal CDP operates continuously, enabling companies to protect their most critical applications with a Recovery Point Objective (RPO) of just a few seconds.What makes it “Universal” is its versatility. While Veeam's standard CDP is typically limited to virtual machines within VMware vSphere environments, Universal CDP extends this capability to protect a variety of workloads (such as physical servers or different platforms) and replicate them directly to a VMware vSphere infrastructure at a disaster recovery site. Backup infrastructure for Universal CDP The following backup infrastructure components are required to use Universal CDP:

Hi everyone,I’ve just published the February edition in the “Regkey of the Month series” This month’s focus is on the EnableSameHostHotaddMode registry setting in Veeam Backup & Replication.What it does ?Forces Veeam to preferentially use a proxy on the same ESXi host as the VM being backed up — helping to localize backup traffic and reduce performance issues like VM stun and cross-host data transfer.Why this can be interesting for you ?This can be especially useful in complex infrastructures (e.g., HCI or NFS-based storage) where network and snapshot performance matter.If you’re curious how this setting works and when to implement it, check out the full post here:👉

Many of my customers (luckily) are using Sure Backups. Some of the subnets are also quite small (i.e., smaller than /24). When configuring the network settings in the Virtual Lab wizard, there is a little problem which can easily be handled. Veeam automatically inserts the appropriate letters for masking in the masquerading network.For example, if you configure a /24 network, the wizard inserts a “D” in the fourth octet. This is correct and must be done this way. The situation is different if the subnet is smaller. For example, if you have a /25 network and enter it in the wizard, the fourth octet of the masquerading network no longer displays a letter, but the number of the subnet mask. 

ContextWe have been using the vCloud Director Self-Service Plugin to allow our tenants to initiate their own restores. Essentially how it works is to provide them with limited access to Enterprise Manager, scoped to just their vCloud Organization. The ProblemRecently however, all file restores and downloads started to fail for them, as well as files restores performed by me directly on the Enterprise Manager server. Those restore failed with the following error(s):Error occurred during the FLR job executionSerialization for transport spec is not implementedUpdating FLR session historyUnable to prepare files for download. TroubleshootingTo resolve this, I searched high and low for a resolution, including:Confirming that the r

 V13 upgrades cleanly when the VBR server is already cleaned up first. Most delays come from legacy backup-copy jobs, old agent deployments, nested repositories, removed job settings, or unsupported infrastructure that was still tolerated before the upgrade. Check the starting build first, clear blockers before mounting the ISO, and validate backup plus restore behavior afterward. 1. Supported starting pointDirect to v13.0.1 only from:v12.3.1 build 12.3.1.1139 or later v12.3.2If the server is on an earlier v12.3.x build:patch to v12.3.1 build 1139 firstIf the server is on v12.2.x or older:stage through v12.3.1 first2. Installer blockers to clear before the ISO is mountedThese stop the upgrade:backup metadata not upgraded to v12 format legacy backup-copy jobs