Blogs and podcasts
Bring your knowledge and expertise while creating blogs and podcasts
- 537 Topics
- 4,039 Comments
It's been almost a month since the release of Veeam Backup for Microsoft 365 v6. If you're looking for all the details of v6, then check out @MicoolPaul’s post: Until now no bigger problems were discovered or reported. There's only a known issue, that the CPU load in idle is higher then usual; no big issue, but if you want to solve that, there's a hotfix available: https://www.veeam.com/kb4294 One change, which didn’t get much attention so far, is the newly designed setup: I really like the new fresh look, compared to the old setup. It’s clean, modern and good looking. And it also updates the Veeam Explorers during the setup/upgrade process; in previous versions, those had to be manually installed. Want a comparison to the old setup? Here’s how it looked in v5. What do you think? Which setup is the better one?
Hello to share a new vulnerabilitySpringShell attacks target about one in six vulnerable orgs (bleepingcomputer.com)(1) New Messages! (checkpoint.com)Spring4Shell: Detect and mitigate vulnerabilities in Java Spring | Dynatrace | Dynatrace newsWhat is Spring4Shell?Spring4Shell is a critical vulnerability in the Spring Framework, an open source platform for Java-based application development. Because 60% of developers use Spring for their main Java applications, many applications are potentially affected.Spring is popular because it enables software engineers to more easily write and test code to maintain modular applications. Other libraries enable developers to become less dependent on enterprise web servers and, therefore, reduce configuration complexity and cost.Spring4Shell is one of three vulnerabilities published on March 30:Spring Core RCE (critical): CVE-2022-22965 a.k.a. Spring4Shell or SpringShell Affected library: org.springframework:spring-bean Information exposure in Spring
With the release of Veeam Backup for Microsoft 365 v6 the Self Service Portal was also unleashed. In this video we run through a scenario where a new tenant is being onboarded from the Service Provider point of view as well as what steps need to be actioned by the tenants.
Veeam Backup & Replication supports and understands vSphere tags allowing the creation of Backup and Replication Jobs by selecting VMs to backup based on Tags.Tags concept was introduced in vSphere 5.5 and basically it is a label you can assign to any object (VMs, storage and so on...) in the vSphere inventory. You can assign a tag to a specific category to better identify a VM type or simply the installed OS.The use of Tags during Jobs configuration is pretty easy to configure. In the configuration wizard click Add button to add objects to backup. Click the tag icon to display VMs and Tags, select the item you want to include in the job then click Add.Using Tags you no longer need to edit a specific Backup or Replication Job to add or remove a VM. A simple click in the Tags panel of the particular VM in vSphere Client does the trick.No Backup tag?... why you should use it? Well, the No Backup Tag can be used to specify which VMs are not included in any backup on purpose. In big en
Sometimes you just want to do a quick test which requires S3.You can in seconds flat setup a Minio instance on your laptop for this purpose.Go to Minio’s download page: Run the Powershell command as shown in the instructions: Minio will be downloaded: The instructions on the Minio page say to set a username and password. I did this below but when I brought up Minio it still had the default password. Create a directory where your test buckets will reside: Now run the server: As you can see the root user was still the default minioadmin and password minioadmin but for testing purposes we can leave that, or you can login and make the change. Go to your browser and type your laptop ip address in the url and port 9000 http://your ip:9000 Login and create a bucket by pressing the circled button in the lower right: Bucket created you are ready to go!! Keep in mind this is an http S3 setup. For testing VBR capacity tier offload you would need to use https or use a registry key in Veeam
After my last post highlighting the Veeam software that reaches end of support in 2022, I wanted to expand this further and discuss software that Veeam works with that will be approaching end of life in 2022. Why does this matter when I’m just trying to protect the data?Times change, and software changes with them, until it’s no longer supported. At any point, a patch to an operating system, a .NET framework update, or anything else really, could end up with the software no longer being backed up properly, or not working at all in production. Without valid support there’s no process to get a fix, and whilst your backup software may still be in support with Veeam, if the vendor won’t fix the problem, it’s time to start panicking.With this in mind, lets explore the software & operating systems being declared end of life in 2022 so we can start planning our upgrades/migrations if necessary. MicrosoftWe may as well start with one of, or potentially the largest software vendor in the wo
The following disclosure vulnerability (CVE-2022-22948) was reported to VMware by Yuval Lazar (@Ul7raVi0l3t) of Pentera. To remediate this vulnerability, apply the patch in the response matrix below as it applies to you. The vCenter Server contains an information disclosure vulnerability due to improper permission of files. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.5.Below are the affected productsVMware vCenter Server (vCenter Server) VMware Cloud Foundation (Cloud Foundation)An information disclosure vulnerability in VMware vCenter Server was privately reported to VMware. Updates are available to remediate this vulnerability in affected VMware products.Known Attack VectorsA malicious actor with non-administrative access to the vCenter Server may exploit this issue to gain access to sensitive information.ResolutionTo remediate CVE-2022-22948 apply the patches listed in the 'Fixed Version' column of the 'R
Just a quick reminder to everyone that all good things must end at some point. The following products will no longer be supported by Veeam from the 1st January 2022.Veeam Backup & Replication 9.x Veeam ONE 9.x Veeam Disaster Recovery Orchestrator 2.0 (Formerly known as Veeam Availability Orchestrator) Veeam Agent for Microsoft Windows v3 Veeam Agent for Linux v3Also in the near future is the end of support for the following products:Veeam Service Provider Console v3 (March 2022) Veeam Backup for Microsoft Office 365 v3 (April 2022) Veeam Backup for Microsoft Office 365 v4 (November 2022)You may be thinking “I haven’t seen an update for a long time for these products, I thought it was end of life anyway”. That’s because Veeam have a two-stage sunset policy for support. Stage One: End of FixWhen a Veeam product reaches end of fix, no further updates/patches or hotfixes are created for this as the general rule. In extreme case-by-case circumstances, an exception may be made. But you c
Veeam recently released Veeam Backup for Microsoft 365 v6, as part of getting up to speed with the release, I’ve been reviewing the help center documentation. Today I came across an interesting note within the backup applications section, something that was completely missing from the release notes. It said:Using multiple applications may impact the performance of your production SharePoint environment. This functionality will be deprecated in future versions of Veeam Backup for Microsoft 365.https://helpcenter.veeam.com/docs/vbo365/guide/backup_applications.html?ver=60 For a while, the advice to leverage the best backup performance from SharePoint Online and SharePoint Online derived services, such as OneDrive for Business, has been to leverage multiple backup applications. This note indicates a change in stance that may indicate changes behind the scenes. I try not to speculate too much on this blog, so whether this is due to additional testing, a change in guidance or requirement fr
It is always interesting, when thinking of special situations, to ask: What happens, when …Here are the answers to at least a few of these questions - for immutable backups in VBR v11:What happens, when…… removing immutable restore points?Task starts and ends up with errors. No restore point is removed.Warning when trying to remove immutable files… hacker changes date/time on Veeam server to remove files with next backup run?Excellent question! But it will not work! Configured period of time is checked at Linux server, not at Veeam B&R Server! So a job running one year in the future will create new files, it cannot delete old ones.… enabling feature at existing repository, not compatible with hardened repository?Veeam checks if there are backup jobs configured with an incompatible backup chain. If found, error is shown:Error with not compatible backups… changing a backup job writing to immutable repository?When backup chain is changed to an incompatible one, error is shown:… days
IntroductionVeeam Capacity Tier allows the addition of an object storage-based extent to a Veeam Scale-Out Backup Repository (SOBR). This object storage could be on-premises or could be hosted by a cloud provider. Regardless of your chosen platform, Capacity Tier provides a cost-effective way to tier backup data from on-prem 'Performance' extents to Object for longer-term storage.We encourage you to read and understand the Product documentation on Capacity Tier at https://helpcenter.veeam.comThere are a number of reasons why switching Capacity Tier vendor might make sense to you. Perhaps there was a change in your corporate strategic alliances, or perhaps a simple cost analysis has revealed that deeper savings could be found elsewhere.Switching object vendor comes with a few challenges:You need to keep your old Capacity tier around until its retention expires and you want to be able to restore from it as well. You don't have "spare" performance tier storage available and thus creating
There are two critical CVEs that affect Veeam Backup & Replication and account for two of the three critical Veeam Backup & Replication CVEs, and the most serious of the products affected. The Critical Veeam Backup & Replication vulnerability notes include: CVE-2022-26500 | CVE-2022-26501CVE-2022-26500, CVE–2022-26501: These two CVEs relate to Veeam Backup & Replication allow executing malicious code remotely without authentication. This may lead to gaining control over the target system. This carries a CVSS rating of 9.8 and is classified as Critical.Cause? – The vulnerability is caused by the Veeam Distribution Service, running on TCP 9380 by default, allows unauthenticated users to access internal Veeam API functions. An attacker may send input to the Veeam API which may allow uploading and executing malicious code.It is worth nothing that patches are available for Veeam 11a and 10a as follow11a – Build 220.127.116.111 P20220302: https://www.veeam.com/kb4245?ad=in-text-l
Here I am talking about backup encryption, which is performed by Veeam. Not by a hacker. It is a good idea to enable this feature.Why to monitor this? A attacker could enable backup encryption or change existing encryption key without being noticed. If so, backup jobs continue to run without any problem. But you are not able to use them for restore because you simple cannot decrypt them! For monitoring encryption password changes reports Backup Objects Change Tracking and Backup Infrastructure Audit can be used. With this reports you see when encryption password was created or modified.To control if somebody selected another encryption password from the list, use the report Job Configuration Change Tracking. For more information see my full feature blog post here: https://vnote42.net/2022/02/09/monitor-hardened-repository-with-veeam-one-v11a/
This week I had the opportunity to do a presentation at a nice executive briefing with a number of our key partners and customers. I love hearing from the field and it is nice to have those authentic conversations.I also like to know what is the latest from other brands in the industry. I live and breathe backup, but like all technology. One of the presentations today was around networking hardware solutions. The first 15 minutes of the presentation were focused on explaining the delays in confirming part availability, lead times with products, supply chain challenges with various materials and components. I’m sure some of these challenges exist across the board in enterprise and consumer IT devices.Right at that moment it dawned on my how awesome Veeam is in this current conditions. Software-Defined, Hardware Agnostic and Cloud-Ready. This is more valuable than ever as it dawned on me that Veeam has from the start taken Data Portability very seriously. Consider some of these capabilit
I know, this topic does not fit that well here, but today is Pi day! As I once studied mathematics, I am still very interested in these topics. Because this day is celebrated all over the world with funny activities and jokes, I hope some of you can get some fun out of it. At least it is a interesting topic at some cocktail parties See some jokes here:https://www.goodhousekeeping.com/life/entertainment/g35447831/pi-day-jokes/?slide=1Direct examples:What did pi say when someone asked if it could explain what Pi Day was again? "I don't want to repeat myself." Did you know that 3.14% of sailors are Pi-rates?
Hello,In this article I will tell you about the Veeam Instant VM Recovery feature.We follow our backup processes, we send our backups to different locations, we take backups to tape cassettes, right?We must apply the 3-2-1 rule in our infrastructure. We can return our backups; Well, can we provide service with performance and working as soon as possible in times of crisis?What is Instant VM Recovery?Instant VM Recovery restores your virtualization platform by running the virtual machine directly from backed up files rather than keeping users waiting for hours. Thus;Short recovery times (RTOs) are achieved.Downtime is minimized.Downtime of critical virtual machines is minimized.How does it work?Instant VM Recovery uses vPower technology to directly place a VM image from a compressed and deduplicated backup file to a vSphere or Hyper-V host.Since there is no need to export the entire VM from the backup and then copy it to the backup device, you can restart the virtual machine from backup
"Mastering Veeam Backup & Replication 11" is now in publication (since February 2022) and is ready to order either the book or e-book/kindle.Well, since writing my first book on v10, I debated to myself about writing the update of the book to v11. It took me some time to process and think about if I wanted to do it, which I then took the plunge. This time, the process was much smoother as I had already done the first book and understood the templates, formatting, etc. The team at Packt worked with me again and my busy schedule to create something I think that everyone will enjoy reading. Whether you are a newbie with Veeam or a seasoned expert, you can learn something I think from this book.Protect your cloud, virtual, and on-premises environments by implementing Veeam's powerful backup and replication technologyKey FeaturesGain in-depth knowledge of CDP and Hardened Repositories to use in your virtual environment Explore Veeam's monitoring and reporting utility - Veeam ONE - a
Cloud adoption continues to increase as organisations are either taking their first steps into the cloud, or progressing their IT strategies, whether it’s a full cloud migration, multi-cloud or delivering a hybrid architecture.A great workload to leverage the cloud has been as a backup repository. By using the cloud, we can meet multiple improvements to our 3-2-1-1-0 minimum strategy for backups. In case you aren’t familiar with the 3-2-1-1-0 strategy, it is:3 copies of data, across 2 different backup media types, 1 of which must be off-site to the production environment, 1 backup at least must be offline or “immutable”, with 0 backup validation errors. Security BoundariesOne threat that the 3-2-1-1-0 strategy doesn’t cover explicitly is the concept of security boundaries. It is entirely possible to achieve all 3-2-1-1-0 objectives purely within your own environment, or exclusively within a single cloud, but there are problems with either approach, as we’ll look into now. Internally Ma
A Veeam storage plugin needs to control your storage device in a way. Therefore you need a user account inside your storage system. The same of course is true for the DataCore plugin.From a security standpoint one always wants to have only the least amount of permissions to be allowed to the user. Avoid using a global admin here to minimize your attack surface!Here I will describe how to achieve that with the Veeam storage plugin for DataCore:First create a new role inside your DataCore console. In the screenshot the permissions to attach to the role are shown:Veeam storage plugin for DataCore - Role permissionsOnce the role is setup, you can create the user inside DataCore and select the role to assign it to:Veeam storage plugin for DataCore - Create the user for Veeam accessFinally you will have to create a local user of the exact same name inside all Windows servers involved in your DataCore cluster. Usually one has two nodes in a mirrored cluster. As the nodes are not supposed to b
Recently, I had to create a Disaster Recovery (DR) Plan for my organization. It’s actually quite surprising none had ever been created. Part of that is on me since I’ve been here long enough to have done so, and am responsible for most of the systems we would need to recover in the event of a disaster. But let’s be honest, creating DR Plans isn’t one of those “exotic” tasks a Systems Architect likes to do. Working with and playing with the tech we manage is what we get excited about! Regardless, it still *needs* to be done. One may ask why does creating a DR Plan need to be done? It may seem obvious to most, but some it may not. I thought I’d answer that question here, as well as provide a “skeleton” list of items to consider when building out your own DR Plan.First, having a DR Plan brings a sense of “calm” for the IT staff. In the event of a disaster of any sort - site outage; mal-intent via ransomware, disgruntled employee, or major hardware outage; etc - chaos can surely take over.
An attacker can not immediately delete or change backup files located on Hardened Repositories. But with more time the attacker can do some damage. So it is important to keep a regular eye on it. A efficient way is to monitor Hardened Repository with Veeam ONE v11a. In this version some enhancements have been added which we will now take a look at. Monitoring immutability enabledWhen Veeam hardened repository is setup correctly, immutability is enabled and a appropriate number of days is chosen. When an attacker has access to the backup server, he could try to disable immutability. After some time all backups would be free to delete or modify. Therefore it is important to keep it enabled.In Veeam ONE v11a there is a new alarm for checking the state of immutability: Immutability state. Alarm is assigned by default to whole Backup Infrastructure. When Immutability state becomes disabled, alarm will trigger. Use this to be notified by mail. If you prefer reports for notification, Backup O
Are you backing up your Office 365? And… why not?I’m not going into the lengthy and exhausting discussion of why you should take care of your data, even if it’s stored in something unbreakable like “the cloud”, at least not in this post. I would like to focus on one of the features of the new Veeam Backup for Office 365 v4, which was released just the other day. This feature is “object storage support“, as you may have guessed it already from the title of this fine post!So, this means that you can take Amazon S3, Microsoft Azure Blob Storage or even IBM Cloud Object Storage and use it for your Veeam Backup for Office 365. And even better – you can use any S3-compatible storage to do the same! How cool is that?!To test this, I decided to use the Exoscale SOS (also S3-compatible) storage for backups of my personal Office 365 via Veeam Backup for Office 365.I’ve created a small environment to support this test (and later production, if it works as it should) and basically done the followi
Error 1064 - An exception occurred in the service when handling the control request : No connection can be made because the active machine rejected it
For some reason and to come to speed with all the Veeam components, I decided to revive my Veeam Lab and during the process, I encountered the following error “Error 1064 - An exception occurred in the service when handling the control request : No connection can be made because the active machine rejected it “. Before I proceed to fix this issue, I would love to discuss the capabilities of Veeam for anyone that may stumble on this article. Veeam Backup & Replication is comprehensive data protection and disaster recovery solution that provides a centralized console for administering backup, restore, replication operations in all supported platforms (virtual, physical, cloud). Regardless of what your needs are ranging from flexible hybrid cloud capabilities from AWS, Azure, and Google Cloud, or the most robust ransomware protection and recovery options. Veeam brings hardened immutable storage options, dependable cloud-native backup options, Continuous Data Protection, and much more
Just had to troubleshoot a not-working Agent backup job. Up to now, everything worked fine. Since last night, job fails. Error shown: [Task failed. Error: Failed to connect to servername:11731]Even in logs this error is shown: The problem seems to be communication with port 11731. This port is used for agent-deployment. No changes were made to the firewalls in this particular environment. So this could not be the cause of the problem.After a short phone call it turned out that the account used to communicate with the agent had been added to the Protected Users Security Group. But this group is not intended for adding service accounts. After removing the user, backup worked fine again.I hope this post saves some time in troubleshooting
Login to the community
Log in with your Veeam account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.