News, guidelines and various community projects
With Microsoft releasing Windows Server 2022, Veeam have delivered support for this in Veeam B&R and Veeam ONE v11a. This includes support not just for protecting Hyper-V VMs on the OS, or guest OS support, but also running all the relevant Veeam Components and services on Windows Server 2022. This is truly a great milestone that Veeam have achieved so promptly after the release of this operating system.There’s more to this story however, Veeam currently ships with SQL Server 2016 Express edition as its default database if you don’t choose to install your own first. This will leave you in an unsupported state with Microsoft as only SQL Server editions still within mainstream support are supported for Windows Server 2022, for SQL Server 2016, mainstream support ended in July 2021.Now we know the danger, we’ve got two topics to discuss up again, firstly, how do we install a supported version of SQL Server for Veeam? And secondly, what do I do if I’m running SQL Server 2016 on Windows
Reading through the What’s new document, I discovered an new feature/option which hasn’t been mentioned here before: “NBD multi-threading”As the performance of NBD (network) in VMware backups is often not as good as virtual appliance or direct storage access storage mode, it sounded quite interesting to try. Perhaps this way we can get over some limitations of NBD mode and better utilize the network capacity of our proxies.NBD multi-threading — The backup engine is now capable of establishing multiple NBD connections per VMDK for better performance of network transport mode. At the same time, due to the low limit of max NBD connections per ESXi host, there are reliability concerns associated with increasing the number of such connections. While our resource scheduler tracks NBD tasks per host to ensure they remain within the limit, we decided that a marginal performance benefit is not worth the risk of enabling this new behavior for our entire customer base right away, as there might b
I want to share my experience of an Active directory migration through the VB Replication software related to an Active directory environment 2012 R2 - forest and domain functional level 2012 R2.The customer asked me to migrate 3 Domain controllers from an old VMware 5.5 to the new VMware 6.5 infrastructure for a technological refresh.Given that the best solution from Microsoft is to create new VMs and promote them Domain Controllers and transfer FSMO roles.That said, there are scenarios like mine, where this type of approach was not possible as it was mandatory to maintain the same FQDN and IP address due to application configuration problems.Microsoft advised against demoting and promoting a DC with a different OS but with the same FQDN and IP, even if my environment was relatively small 3 DC one forest \ domain and not complex it could be done with the metadata cleanup procedure but the customer did not give the approval. So I have adopted the solution of VM replica. Scenario -----
Hello, I have been asked by one of Veeam partners about my take if it comes to Veeam support for VMware Horizon VDI platform, despite the choice of taking the POC option I also chose to take your input on this. Considering that VMware Horizon VDI is based on ESXi, do we still consider the desktops(Instances) or sockets as unit of licensing? If so, is there any operational implication or/and limitation if it comes to operations and protection of the VMware Horizon components? Just to mention I was able to get this old article (posted 2011) but with many Veeam versions since then I decided not to fully reference ithttps://forums.veeam.com/vmware-vsphere-f24/vmware-view-best-practices-backing-up-vdi-server-clients-t6517.html
Just a quick info:It looks like there’s currently an issue with the mailbox backup in Veeam Backup for Office 365, which could randomly happen for a small amount of mailboxes.Processing mailbox XYZ failed with error: Failed to synchronize item changes in folder: TeamsMessagesData.. An internal server error occurred. The operation failed., ICS synchronization failed.The backup for most of the mailboxes is successful, but some can fail with the error message above.Veeam is aware of this problem; they’re already working on it and are also in contact with Microsoft. For further information you can also monitor this R&D forums post: https://forums.veeam.com/veeam-backup-for-office-365-f47/failed-to-synchronize-item-changes-in-folder-teamsmessagesdata-t77925.htmlI will update this post as soon as there’s something new.Update:Veeam has implemented a workaround for this issue with the following patch: https://www.veeam.com/kb4235
The importance of Veeam Data Movers Veeam Data Mover performs data processing tasks on behalf of Veeam Backup & Replication, such as retrieving source machine data, performing data deduplication and compression, and storing backed-up data on the target storage.For Microsoft Windows servers, Veeam Data Movers are persistent, that is, Veeam Data Mover is uploaded and installed on a server only once. Veeam Backup & Replication automatically installs Veeam Data Mover when you add a Microsoft Windows server to the backup infrastructure.For Linux servers, Veeam Data Movers can be persistent or non-persistent. Non-persistent Veeam Data Mover is uploaded and removed each time Veeam Backup & Replication addresses a server.For Veeam Data Mover to be persistent, you must specify an account with root or equivalent to root permissions when adding a Linux server. Persistent Veeam Data Movers are required for the following backup infrastructure components:Hardened (immutable) repositorie
Afternoon everyone! I just found out that Veeam have released the VMCA 2022 course and exam. We’ve had a few discussions around this exam within the community as originally Veeam were intending for everyone to take the VMCA 2022 course prior to sitting the exam, however between then and now they’ve changed it. I checked my portal this morning and it showed the “Step 1. Attend a training course” as ticked. I checked with my account manager that this was intentional and they confirmed it’s no longer mandatory to redo the course if you’ve already got a VMCA v1.To find out more simply go to: Get Veeam Certified Now! and then click on the “Veeam Certified Architect” tab. FAQs:I took the VMCA v1 training course but never took the exam, what should I do? The VMCA v1 is expected to retire on 31st December 2021, either sit the exam or take the VMCA 2022 training course and work on that instead. Should I take the training course? Of course, it’s not always cost-effective for some people to take
We are proud to announce the release of our first joint Legends project: Veeam Backup & Replication Pocketbook v1.It is a collection of best practices from the field.The following topics are covered:Backup Basics Security Hardened Repository and Immutability Performance SOBR Capacity Tier Offload SureBackupWe are discussing each recommendation with benefits, disadvantages and links to more information. Currently the Pocketbook can be downloaded here as a pdf-file. We are looking forward to your feedback!Enjoy reading! Contributors (in alphabetic order): @falkob, @Geoff Burke, @JMeixner, @Link State, @MicoolPaul, @regnor, @vNote42, @wolff.mateus
This document provides step by step instructions to configure Azure Active Directory for SAML authentication in Veeam Enterprise Manager. There are four editions of Azure AD (AAD): Free, Office 365 (which comes together with O365), and two Premium editions P1 and P2. Comparison for all of them can be found at https://azure.microsoft.com/en-us/pricing/details/active-directory/Below you can find steps to setup Veeam Enterprise Manager and Azure AD integration based on AAD from Office 365.Let’s start with the Azure side. Go to Azure portal then go to Azure Active Directory. Go to Enterprise applications → New application → → “Create your own application” → then provide a name for our application i.e. Veeam EM, and select “Integrate any other application you don’t find in the gallery” → Create Within a few moments’ applications will be created and visible under Enterprise Application view. Open it. Now let’s add some users (Step 1). In this version of AAD, only users can be added. In Pre
If you do no know much about Hardened Repository in Veeam VBR v11, read here to learn more about:I was asked, if a hardened repository can be a extent of a Scale Out Repository (SOBR). Good news: yes it can! But you have to take some facts into account.Hardened repositories can be Performance Tiers of SOBR. A SOBR can contain a mix of repositories: ReFS, XFS, Immutable and mutable. Even in mixed SOBR, Performance Placement Policy can be set. That leads to, for example, immutable increments and mutable fulls. When you mix, for example, ReFS with immutable extents, you can use Evacuate backups to free an extent. I would not recommend any points 1 - 3!In my opinion the point 4 is the most important. With evacuating an extent you can easily migrate from ReFS to XFS with immutability.Notice: If you evacuate an immutable repository, Veeam performs a copy, not a move operation! Which makes perfect sense! When backups are evacuated to a hardened repository, files will be immutable as long as
PetitPotam attack on Active Directory Certificate Services: How to mitigate NTLM Relay PetitPotam attacks on AD CS
Recently, Lionel Gilles, a French-based Offensive Computer Security researcher based in Paris, France published a PoC tool on NTLM Relay Attack known as PetitPotam that exploits the MS-EFSRPC (Encrypting File Services Remote Protocol). PetitPotam is a classic NTLM Relay Attack, and such attacks have been previously documented by Microsoft along with numerous mitigation options to protect users. Here is an example of such documents: NT LAN Manager: How to prevent NTLM credentials from being sent to remote servers. Below are some related guides: Active Directory Authentication methods: How do Kerberos and NTLM work? how does cached domain logon work?, and What is Pass the Hash Attack and how to mitigate the attack. PetitPotam takes advantage of servers where the Active Directory Certificate Services (AD CS) is not configured with protections for NTLM Relay Attacks. The mitigations below outline to customers how to protect their AD CS servers from such attacks and help in mitigating the W
We’ll be announcing the first intake of 2022 Veeam Legends soon, so get excited! Veeam Legends is a Veeam community program, for data protection industry experts who are passionate about technology, innovation and eager to further develop their career, while sharing their experiences with the community.As avid Veeam users, they participate in various community projects:Blogs and podcasts: Bring your knowledge and expertise to the Veeam community. Never blogged? No worries; you can still contribute. The Veeam Community Hub is open to everyone, whether you are a beginning or experienced writer. Veeam University: Get the knowledge you need to stay current and on top, whether its basic features or advanced functionality. Start FREE on-demand training now! Discussion boards: Join discussions about Veeam community projects, Veeam events, the industry and technology news. Veeam User Groups: Connect with your local Veeam community, share experiences, learn from your peers and expand your netwo
In case you missed it, a while back @tsightler presented an amazing webinar Building SecureLinux Repositories.The main topics covered in the presentation are:Securing the host system Isolating Veeam processes Levaraging snapshots Automated deploymentBONUS! Tom also does a side-by-side comparison of Veeam fastcloning on XFS vs ReFS!While Tom presents top content, I think one of my favorite parts was coverage of the fail2ban tool (at 41:47 timestamp).
Morning all, For anyone that missed the news story, Kaseya have been the latest victim in the increasingly dangerous threat of supply chain attacks.Who are Kaseya? Kaseya offer a remote management system primarily aimed at Managed Service Providers (MSPs). MSPs use tools like this to automate patching and monitoring of systems and can automate deployments via reusable scripts that can be targeted at one or more devices.By the very nature of this software it is designed to run with elevated privileges.Cyber Criminals found a vulnerability with the Kaseya VSA platform and have used it to deploy ransomware to systems.Full details can be found here: https://helpdesk.kaseya.com/hc/en-gb/articles/4403440684689The ransomware used is a variant of REvil and has been known to target backup systemsWith this background information out the way, many in the infosec community have been debating the best defence against these kinds of threats and one suggestion posed had me interested. These platforms
Hi Folks, Just wanted to share my opinion on this. I was around when Cloud Connect was introduced and remember the struggle with customers when explaining backup copy job copy intervals. Often I would hear.. “can we not just have our legacy, backup job done then offsite?”. Veeam brought in the immediate copy not to long ago and I have already noticed some issues. When you leveraged periodic BC jobs you could set the copy interval differently for tenants with different quality bandwidth. I could be wrong but with Immediate copy if it gets behind it will copy one day, then right away try the next in order to catch up. If you have many backup copy jobs and only so many concurrent connections available this then becomes an issue. I prefer periodic copy, I can say to the tenant, yes we will get your backup copy jobs over the wire but with your current bandwidth we need 3 days… then it is up to them to increase bandwidth.
I’m currently running the 30-day trial version of Office 365 backup (220.127.116.11) and everything has been running well for the last 10 days or so. I have the software set up to run every 8 hours for a whole organization backup. Out of the blue, last night, the backups started failing with “Access denied. The remote server returned an error: (403) Forbidden”The admin password is the same and Azure AD shows the login for the Veeam account as successful. I’ve checked our Office 365 Health panel and see nothing new that might impact the backups. I’m running a backup to a local repository and have rebooted the backup server and the proxy server. I have plenty (4.8+ TB’s) of storage available on the repository. I went into the Organization setup and reentered the credential info and all of the checkboxes came back as successful. Has anybody else encountered this issue or does anybody have any hints for how to alleviate it?
Hello, In this article, I will talk about Veeam Direct Restore to Azure feature. What is Direct Restore to Azure? Included in Veeam Backup & Replication ™, Veeam Direct Restore to Microsoft Azure allows users to import and restore on-premises VMware and Hyper-V virtual machines, physical servers, and endpoints to Microsoft Azure. Restore Microsoft Windows and Linux-based virtual machines, physical servers, and endpoints with Restore to Microsoft Azure. Today's modern data center is not limited to the location of the physical data center. IT organizations can optimize resource allocation and further improve operational scalability and efficiency with the Microsoft Azure cloud. With Veeam Direct Restore to Microsoft Azure, administrators can restore and migrate physical (P2V) or virtual (V2V) workloads to Azure without the need for complex configurations or additional hardware investments, thereby minimizing operating expenses. Quickly restore workloads to Azure Quickly and efficient
VMware just release vCenter 7.0 U3d this week. Just list out some key resolved issues for reference:Deploying a virtual machine by using an OVF template might fail on a cluster with VMware NSX-T Data Center Incremental patches of vCenter Server 7.x fail with Exception occured in postInstallHook error When you try to log in to the vSphere Client, you get an error that you cannot connect to the vCenter Single Sign-On server https://docs.vmware.com/en/VMware-vSphere/7.0/rn/vsphere-vcenter-server-70u3d-release-notes.html
Hi, I don’t know if anyone else was aware but @haslund highlighted to me today that the new VMCE 2021 exam is now available for everyone looking to take/upgrade! Information on the training course is available hereInformation on the certification is available here FAQs:Do I need to attend the training course before taking the exam?If you don’t hold a valid VMCE 2020 certification, it is mandatory.If you do have a VMCE 2020 certification, it is recommended but not required.The one exception is if you took the VMCE 2020 class within the last year but have not passed the exam, you can take the VMCE 2021 exam until your class was sat one year ago. Can I still take the VMCE 2020 exam?Whilst Veeam continue to offer it, but it will be discontinued. Do I need to take the VMCE to do the VMCA?No, but it is recommended!Full FAQs from Veeam available here Planning on doing your VMCE/VMCA, or already taken it? Let me know your thoughts!
ReFS (Resilient File System) is a file system by Microsoft that provides - since Windows Server 2016 - a feature named Block cloning. Basically it uses pointers to already existing blocks instead of copying or re-creating them. This saves time and disk space. Veeam uses this feature for synthetic operations like merging incremental backups with full or synthetic full.In my opinion Microsoft does not offer a proper utility to analyse ReFS space savings with Block cloning. I think there are at least three ways to show the space benefit of Block cloning:Windows explorer Application that makes use of Block cloning Timothy Dewin's blockstat.exeWindows explorerThe native way to calculate saved space is to simply compare the sum of all files in a partition to the used space of the same partition. Because the partition view includes the space savings and file view does not, the difference shows saved space.As you can see, there are about 44,4 GB space savings. Keep in mind, the properties of t
When it comes to protecting your business against Ransomware, there are three critical components of a successful strategy. Any solution that you're going to rely upon must have all three of these attributes: Simple Immutable Fast The combo of Veeam Backup and Replication alongside SafeMode snapshots on Pure Storage FlashArray//C is uniquely capable of delivering on all three of these critical requirements. SimpleWhen it comes to data protection, it's easy to let your guard down. The best solutions are the ones that don't require constant care and feeding. They are simple to set up and simple to maintain. Veeam and Pure have each built a solid reputation on designing products that are intuitive and easy to use. Veeam backups made immutable by FlashArray SafeMode are "set and forget" simple. This simplicity comes in part due to the fact that you don't have to change a thing about your Veeam deployment to enable SafeMode protected backups. SafeMode protects the entire Veeam Backup Re
Veeam Backup and Replication is comprehensive data protection and disaster recovery solution which is capable of creating image-level backups of virtual, physical servers, cloud machines, and restoration as well. The technology used in the product optimizes data transfer and resource consumption, which helps to minimize storage costs and the recovery time in case of a disaster. Veeam Backup and Replication provides a centralized console for administering backup, restore, and replication operations in all supported platforms (virtual, physical, and cloud environments). The prerequisite requires you to have a SQL Server already running in your environment. Please see "how to download and install Microsoft SQL Server 2019 Express Edition and Microsoft Management Studio on Windows Server", how to install Microsoft SQL Server 2019 and MsSQL Command line tools on Ubuntu Linux, and how to install MSSQL Server 2019 Developer Edition and SQL Server Management Studio on Windows. With Veeam Back
A new feature in vSphere 7 is the ability to configure a VMkernel port used for backups in NBD (Network Block Device) respectively Network mode. This can be used to isolate backup traffic from other traffic types. Up to this release, there was no direct option to select VMkernel port for backup. In this post I show how to isolate NBD backup traffic in vSphere.ConfigurationIt is quite simple to configure backup traffic isolation. With vSphere 7 there is a new service tag for Backup: vSphere Backup NFC. NFC stands for Network File Copy. By selecting this, vSphere will return the IP address of this port when the backup software asks for ESXi hosts address.So all you need to do is to add a new VMkernel port, enable Backup service and set IP and VLAN ID. Host does not need to be rebooted. Now NBD backup traffic will be routed through this port. How does it look likeFor verification there are a few options. You can check log file or monitor ESXi network throughput. On my demo ESXi host, I
Hello, We have Veeam O365 5b (18.104.22.168). By mistake we enabled the backup job for the entire organization, so that means it includes Sharepoint, OneDrive, Teams, etc. and now our Repository disk is full.We need to do a clean-up of the repository disk, in order to leave just emails (users, groups, shared mailboxes, archives, etc.) and delete all data of Sharepoint, OneDrive, Teams, etc. Finally create a job only for emails (users, groups, shared mailboxes, archives, etc.)How can I do that?Thanks for your help, Omar De Souza.
hi all,anybody know is it possible converted physical server to virtual VM using Veeam just like veritas backup exce. I am going to physical to virtual migration using vmware conversion tool. But when I converted my Linux server it showing booting error. if you have any other good solutions please suggest. Thanks in advanced