The virtual machines I use for the deployment are generated from a Template (Golden Image) through a configuration file unattend.xml
Answer files (unattend.xml)
What is Windows System Image Manager?
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-vista/cc766347(v=ws.10)
Useful links for sizing
Veeam Architects Site
Veeam Size Estimation Tool (VSE)
The Restore Point Simulator
Veeam Ports Calculator
https://www.veeambp.com/ports/
REFS Calculator
Bandwidth Calculator
http://rps.dewin.me/bandwidth/
Pricing calculator for small business
https://www.veeam.com/pricing-calculator
NAS Calculator
https://cloudoasis.com.au/nas-calculator/
Veeam Clikable Demos
https://veeamclick.be/
Prerequisite:
System Requirements - Veeam Backup Guide for vSphere
Create Active Directory service account for Veeam Backup Active Directory Aware
YourDomain.local\Svc_veeam
INSTALLATION
Veeam Backup & Replication support for VMware vSphere
KB2443: Veeam Backup & Replication support for VMware vSphere
- vSphere Version 5.5 Minimum Veeam Backup & Replication version 7.0 R2 (build 7.0.0.771)
- vSphere Version 7.0 U2 11 P20210525 Minimum Veeam Backup & Replication version (build 11.0.0.837 P20210507)
Veeam Backup & Replication support for MS HyperV
Platform Support - Veeam Backup Guide for Hyper-V
STORAGE SETUP & CONFIURE ISCSI ON Vmware
VMWARE ESXi setup ISCSI + SCV3000 storage DELL set up
Configure ISCSI vSphere Side:
Added the IPs of Dell Storage Svc3000 controllers dedicated to ESXi side backup
STORAGE create object cluster & server Vmware
Repeat for each host ESXi
Map Volume sotrage side to host ESXi
Open your VCSA-VMWARE and MAP RDM to VM VEEAM PROXY\Repository
Binding RDM on Veeam Repor server:
SCv3000-VeeamPRY-01 E:\
SCv3000-VeeamPRY-02 F:\
SCv3000-VeeamPRY-03 G:\
SCv3000-VeeamPRY-04 H:\
Repeat this task for each Volume Backup Repositoru
SCv3000-VeeamPRY-01 E:\ SCSI 1:0
RDM = GPT - Formattato REFS 64K
SCv3000-VeeamPRY-02 F:\ SCSI 1:1
RDM = GPT - Formattato REFS 64K
SCv3000-VeeamPRY-03 G:\ SCSI 2:0
RDM = GPT - Formattato REFS 64K
SCv3000-VeeamPRY-04 H:\ SCSI 3:0
RDM = GPT - Formattato REFS 64K
WINDOWS O.S. CONFIGURATION
If you are using SCSI Controllers in paraVirtual mode, add the following registry key on the server where you are mounting the LUn RDMs as a backup repository
- PVSCSI CONTROLLER QUEUE DEPTH: modify queue depth
Using the PVSCSI virtual storage controller, Windows Server is not aware of the
increased I/O capabilities supported. The queue depth can be adjusted for PVSCSI in
Windows Server to 254 for maximum performance. This is achieved by adding the
following key in the Windows Server registry:
Reg add “HKLM\SYSTEM\CurrentControlSet\services\pvscsi\Parameters\Device /v DriverParameter /t REG_SZ /d “RequestRingPages=32,MaxQueueDepth
NOTE: While increasing the default queue depth of a virtual SCSI controller can be
beneficial to an SQL Server-based VM, the configuration can also introduce
unintended adverse effects in overall performance if not done properly102. VMware
highly recommends that customers consult and work with the appropriate storage
vendor’s support personnel to evaluate the impact of such changes and obtain
recommendations or other adjustments that may be required to support the increase
in queue depth of a virtual SCSI controller.
https://kb.vmware.com/s/article/2053145
- Disable IPV6 (to be evaluated based on your infrastructure)
reg add HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6\Parameters\ /v DisabledComponents /t REG_DWORD /d 0xFF /f
- Disable UAC (to be evaluated based on your infrastructure)
Check this: Hardening Backup Repository - Windows - Veeam Backup & Replication Best Practice Guide
reg add HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system /v EnableLUA /t REG_DWORD /d 0 /f- FIREWALL Disabled (to be evaluated based on your infrastructure)
Set-NetFirewallProfile -Profile Domain,Public,Private -Enabled False- Fix Proxy Roles:
- diskpart
- automount disable
- automount scrub
DISABLE TASK SCHED Automatic Reboot Windows USO CLINT WU
- Only for O.S. Windows 2016 Disable auto reboot after Windows update
SCHTASKS /Change /TN "Microsoft\Windows\UpdateOrchestrator\Reboot" /DISABLE
SCHTASKS /Change /TN "Microsoft\Windows\UpdateOrchestrator\Schedule Scan" /DISABLE
icacls "%WINDIR%\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot" /inheritance:r /deny "Everyone:F" /deny "SYSTEM:F" /deny "Local Service:F" /deny "Administrators:F"
icacls "%WINDIR%\System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Schedule Scan" /inheritance:r /deny "Everyone:F" /deny "SYSTEM:F" /deny "Local Service:F" /deny "Administrators:F"
Rollback
SCHTASKS /Change /TN "Microsoft\Windows\UpdateOrchestrator\Reboot" /enable
SCHTASKS /Change /TN "Microsoft\Windows\UpdateOrchestrator\Schedule Scan" /enable
Disable all unnecessary services example:
MAPS Broker service
Set-Service MapsBroker -startuptype "disabled"
Proxy role setup vCPU 2x2 or 1x4 vCPU
INSTALL
Veeam Install 11.0.0.837 (FIPS) 2021032019
Latest build: 11.0.0.837 P20210525 (May 28, 2021) > KB4126
cALL VERSIONS] Current build is 11.0.0.837 P20210525 (May 28, 2021) (veeam.com)
Install Veeam Enterprise Manager
You can bind your cert here ( first import your pub or private CA cert on mmc Certification on Computer):
CONFIGURATION
- Veeam General Options
- I\O Control
- Security
- E-Mail Settings
I disable Success notify!
- Notifications
Add VCSA – Add Proxy – Setup RDM LUN on VM (Vmware) - Conf Bck Repo + SOBR
Define vmware user account
Creating a new vCenter server role with cumulative privileges and permissions to use with Veeam Backup & Replication V10
- Automatically create vSphere roles to use with Veeam Backup & Replication | Veeam Community Resource Hub
- https://www.virtualhome.blog/2020/04/22/creating-a-vcenter-role-for-veeam-with-powercli/
- The script is online at github: https://github.com/falkobanaszak/vCenter-role-for-Veeam
- Cumulative Permissions - Required Permissions for VMware vSphere (veeam.com) V.10
- Cumulative Permissions - Required Permissions for VMware vSphere (veeam.com) V.11
Configure Proxy ( this configuration is all in One)
I use Automatic or Virtual Appliance “Hot Add”, depend of your VmWare Infrastructure
- Configure dedicated Proxy
Setup RDM LUN on VM (Vmware)( view Storage setup in this exemple FC)
Generally i used a proxy role in combo with the backup Repository role on the same server to minimize windows licenses.
Create the necessary LUNs on the storage to be configured on our side Veeam backup Repository \ Proxy on the Vmware side.
Note the WWNs of the LUNs Present the LUNs to the Vmware Cluster and scan Vmware Storage Add RDM
Match WWN to Storage Volume Labels
LUN 11 ***************************8cad ***-Backup-Veeam-01
LUN 12 ***************************8caf ***-Backup-Veeam-02
Rescan Vmware sotrage Vmware
Edit you Veeam proxy VM:
Add first RDM :
Add 2 SCSI Controller
Save SCSI Controller, re-edit and ADD RDM
Logon on Windows Proxy\Backup repository and configure RDM:
Open Disk Manager
Repeat this task for all your RDM\LUN\RAW volume backup repo.
How to confirm we have an ReFS partition
fsutil fsinfo volumeinfo E:
fsutil fsinfo refsinfo E:
Here is an example we don’t want – ReFS but the wrong block size
How to tell a synthetic full using block clone?
So aside from a faster backup, how do we tell if a ReFS operation happened. Which is often on Saturday. Below is the Advanced Settings from a job.
- Configure Backup Repository + SOBR
This is All in One Installation
- VBR Application server
- Proxy Role
- Backup Repository Role
You can change default port!
- Setup SOBR
SCHEDULE JOBS
- Job Template – how to create a template job:
- Create new backup job
- Need one dummy machine
WARNING the "disk to process" setting or select only the necessary disk "is not saved in the template but it is necessary to re-set the controller
- Setting up you job type
- Addition options
-
It is possible to personalize an additional and targeted mailing
- Configure "Application Aware" if you have Domain Controller - Exchange - MSSQL – Oracle - SharePoint servers
Application-Aware Processing - Veeam Backup Guide for vSphere
Create service account for backup Active Directory (Domain Admin ) No interaction logon:
Assigning the backup service user "svc_veeam@yourdomain.local" (preferred UPN format) "Domain Admin" and deny "interactive logon" and other restricition Deny "Logon as a Batch" 'or' "Deny Logon as a service" etc depends on your needs.
- Active Directory Enviroment:
Remember that from the Windows 2012 R2 version it is possible to clone a DC through the official MS procedure.
https://www.interfacett.com/videos/clone-windows-server-2012-2012-r2-domain-controller/
- Disable new job
- Manual clone from GUI the job template e rename it and insert your VM manually
- Remove VM from job:
Get-VBRJob -Name "D001-test" | Get-VBRJobObject -Name “Your-VM-Name" | Remove-VBRJobObject
#########################################################
# CREATE NEW JOB 15 restore point Forecver Incremental #
#########################################################
#Create new Job:
$test1 = Find-VBRViEntity -Name "*****-db01"
$repository = Get-VBRBackupRepository -ScaleOut -Name Your-SOBR
Add-VBRViBackupJob -Name "D001-TEST1" -Entity $test1 -BackupRepository $repository
#Set 15 restore point:
$retention = New-VBRJobOptions -ForBackupJob
$retention.BackupStorageOptions.RetainCycles = 15
$job = Get-VBRJob -Name "D001-TEST1"
Set-VBRJobOptions -Job $job -Options $retention
#Configure job schedule and enable it:
Get-VBRJob -Name "D001-TEST1" | Set-VBRJobSchedule -Daily -At "23:45" -DailyKind Everyday | Enable-VBRJobSchedule
#Set Forever Incremental:
Get-VBRJob -Name "D001-TEST1" | Set-VBRJobAdvancedBackupOptions -Algorithm Incremental -TransformFullToSyntethic $False -TransformIncrementsToSyntethic $False -EnableFullBackup $False
VBR v.11 - Step by step Install & Configure (Best Practice) part.02 | Veeam Community Resource Hub
Great piece of work!
