News, guidelines and various community projects
Hello, In this article, I will talk about Veeam Direct Restore to Azure feature. What is Direct Restore to Azure? Included in Veeam Backup & Replication ™, Veeam Direct Restore to Microsoft Azure allows users to import and restore on-premises VMware and Hyper-V virtual machines, physical servers, and endpoints to Microsoft Azure. Restore Microsoft Windows and Linux-based virtual machines, physical servers, and endpoints with Restore to Microsoft Azure. Today's modern data center is not limited to the location of the physical data center. IT organizations can optimize resource allocation and further improve operational scalability and efficiency with the Microsoft Azure cloud. With Veeam Direct Restore to Microsoft Azure, administrators can restore and migrate physical (P2V) or virtual (V2V) workloads to Azure without the need for complex configurations or additional hardware investments, thereby minimizing operating expenses. Quickly restore workloads to Azure Quickly and efficient
I’m currently running the 30-day trial version of Office 365 backup (22.214.171.124) and everything has been running well for the last 10 days or so. I have the software set up to run every 8 hours for a whole organization backup. Out of the blue, last night, the backups started failing with “Access denied. The remote server returned an error: (403) Forbidden”The admin password is the same and Azure AD shows the login for the Veeam account as successful. I’ve checked our Office 365 Health panel and see nothing new that might impact the backups. I’m running a backup to a local repository and have rebooted the backup server and the proxy server. I have plenty (4.8+ TB’s) of storage available on the repository. I went into the Organization setup and reentered the credential info and all of the checkboxes came back as successful. Has anybody else encountered this issue or does anybody have any hints for how to alleviate it?
For those who don’t go to the VMware forums (another ‘communities’ based vendor website) often, there was finally a VMware employee who somewhat unofficially acknowledged the issue of running ESXi on SD cards, specifically with vSphere 7U2. I say U2 because v7 and v7U1c, of which I both have run on DELL IDSDMs, runs flawlessly; and has for the past year.To read a little more on the issue, you can review the VMware Communities post here. The issue, it seems, has to do with their newly formatted boot partitions. But honestly, I think the mishap (Hosts disconnecting/hanging) is mostly due to a new vmkusb driver. VMW is currently working on a fix, though they’re really recommending orgs to start using ‘high-performance’ storage (i.e. disks) for the boot device moving forward. All that to say is, if you haven’t upgrade to 7U2, I recommend not to. If you’re running your boot on disk, I think you’ll be fine. Otherwise, hold off. One of the Veeam Vanguards, Luciano Patrao, did a nice little p
Hi Veeam Community, Now it’s time to have a serious conversation, as they are BACKKK!VeeamON 2021 Update is your chance to step up your modern data protection AND your sneaker game. We’re giving away custom Veeam sneakers and YOU have a chance to win!Follow these simple rules: Register for VeeamON 2021 Update Share photo of you wearing your current kicks in the comments of this post Let us know WHY you need a veeamazing upgrade The nastiest sneakers you got the better. We need a SERIOUS reason for upgrade. Let us laugh together!Make sure to join us on Oct. 13 or Oct. 14 where we’ll announce the eight winners.The contest is open now through October 6th. For more details, visit: https://bddy.me/3D1wrVT
I started my first backup on the 9th. I have retention set to 12 days and Synthetic on Saturdays (default) . No files have yet been removed from my NAS. I have attached details 9kinow there are extra backups on some days) but its over 12 days now. When will deletion start ? Tony
When it comes to protecting your business against Ransomware, there are three critical components of a successful strategy. Any solution that you're going to rely upon must have all three of these attributes: Simple Immutable Fast The combo of Veeam Backup and Replication alongside SafeMode snapshots on Pure Storage FlashArray//C is uniquely capable of delivering on all three of these critical requirements. SimpleWhen it comes to data protection, it's easy to let your guard down. The best solutions are the ones that don't require constant care and feeding. They are simple to set up and simple to maintain. Veeam and Pure have each built a solid reputation on designing products that are intuitive and easy to use. Veeam backups made immutable by FlashArray SafeMode are "set and forget" simple. This simplicity comes in part due to the fact that you don't have to change a thing about your Veeam deployment to enable SafeMode protected backups. SafeMode protects the entire Veeam Backup Re
File does not exist. Failed to open storage for read access. Failed to restore file from local backups
Hi All, I trust everyone is doing well. Please assist one of our Backup Copy is not running due to the below error. File does not exist: [********.vib].Failed to open storage for read access[******.vib]. Failed to restore file from local backups. Agent failed to process method (DataTransfer.RestoreText). Thanks in advance. :)
Is there a way to test the encryption key on backups without having to run a restore? I ran into a situation recently where the encryption password did not work on restored data. I want to setup Enterprise Manager for everyone, but in the interim, I’d like to manually test each encryption key and reset it/run a new full backup if need be. Is there a way to recover an encryption key with Service Provider Console?
If you do no know much about Hardened Repository in Veeam VBR v11, read here to learn more about:I was asked, if a hardened repository can be a extent of a Scale Out Repository (SOBR). Good news: yes it can! But you have to take some facts into account.Hardened repositories can be Performance Tiers of SOBR. A SOBR can contain a mix of repositories: ReFS, XFS, Immutable and mutable. Even in mixed SOBR, Performance Placement Policy can be set. That leads to, for example, immutable increments and mutable fulls. When you mix, for example, ReFS with immutable extents, you can use Evacuate backups to free an extent. I would not recommend any points 1 - 3!In my opinion the point 4 is the most important. With evacuating an extent you can easily migrate from ReFS to XFS with immutability.Notice: If you evacuate an immutable repository, Veeam performs a copy, not a move operation! Which makes perfect sense! When backups are evacuated to a hardened repository, files will be immutable as long as
PetitPotam attack on Active Directory Certificate Services: How to mitigate NTLM Relay PetitPotam attacks on AD CS
Recently, Lionel Gilles, a French-based Offensive Computer Security researcher based in Paris, France published a PoC tool on NTLM Relay Attack known as PetitPotam that exploits the MS-EFSRPC (Encrypting File Services Remote Protocol). PetitPotam is a classic NTLM Relay Attack, and such attacks have been previously documented by Microsoft along with numerous mitigation options to protect users. Here is an example of such documents: NT LAN Manager: How to prevent NTLM credentials from being sent to remote servers. Below are some related guides: Active Directory Authentication methods: How do Kerberos and NTLM work? how does cached domain logon work?, and What is Pass the Hash Attack and how to mitigate the attack. PetitPotam takes advantage of servers where the Active Directory Certificate Services (AD CS) is not configured with protections for NTLM Relay Attacks. The mitigations below outline to customers how to protect their AD CS servers from such attacks and help in mitigating the W
Are you interested in the Veeam Legends program? Now’s your chance to become legendary! We will soon be selecting and announcing the second Veeam Legends intake, and there is still time for YOU to contribute!Ways to engage:Blogs and podcasts: Bring your knowledge and expertise to the Veeam community. Never blogged? No worries; you can still contribute. The Veeam Community Hub is open to everyone, whether you are a beginning or experienced writer. Discussion boards: Join discussions about Veeam community projects, Veeam events, the industry and technology news. Veeam User Groups: Connect with your local Veeam community, share experiences, learn from your peers and expand your network! Check out upcoming events and VUG meetings near you. R&D Forums: Join technical discussions about Veeam products with the Veeam R&D Team and submit feature requests! Make sure to add your R&D Forums nickname into your Community Hub profile so all your contributions will be scored.Before we anno
VMware vSphere 7.0 U3c is released today, this version can resolve some critical issues. Please check the followings.For Log4j issue on vCenter 7.0, vCenter 7.0 U3c can resolve this issue.https://www.vmware.com/security/advisories/VMSA-2021-0028.html vSphere 7.0 Update 3 Critical Known Issueshttps://kb.vmware.com/s/article/86287
I am testing some VM backups in a customer environment. We get the following warning when running the backup of a test VM:6/22/2021 8:18:11 AM :: SetVmCustomConfigOption failed, vmRef 'vm-117256', options ['SCSI0:0.ctkEnabled':'True','SCSI0:1.ctkEnabled':'True']Fault "NoPermissionFault", detail "<NoPermissionFault xmlns="urn:vim25" xsi:type="NoPermission" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><object type="VirtualMachine">vm-117256</object><privilegeId>VirtualMachine.Config.AdvancedConfig</privilegeId></NoPermissionFault>"Permission to perform this operation was denied.The backup appears to completed successfully with this warning on the VM. Any thoughts on the reason for this warning? Running Veeam 126.96.36.1997. Vcenter version is 7.0.2.00200
I wrote already a post about checking Microsoft ReFS space savings. Now I want to show some basics to check XFS savings too.To check space savings on repository layer go to the repository directory and run: ls -lhsYou can see the size of each file and the total size of all files. If there a way to much files, run ls -lhs | grep total Compare this to the size allocated on the volume. To show this, run df -h In this example you see space savings of: (86 - 35) = 51G Another way is the use the command xfs_bmap. It works on file-level and is very technical. I am still not sure to interpret all output correctly. At least it can show, reflink works!To show all extents of a file, this command can be used: xfs_bmap -e -l -p -v -v -v filename. Here also additional information like a legend is displayed.I made a small script to show the size of all shared extents of all *.vbk-files. But do not overstrain it, its experimental.#!/bin/bashfor f in *.vbkdo echo "File $f size of shared extends:" xf
Veeam Agent for Microsoft Windows is unable to open backup files created by Veeam Backup & Replication
Hello, I am getting this error message:Veeam Agent for Microsoft Windows is unable to open backup files created by Veeam Backup & Replication.I want to restore a physical machine. Backup and USB boot stick were created under Veeam Communtty edition 10.
In case you missed it, a while back @tsightler presented an amazing webinar Building SecureLinux Repositories.The main topics covered in the presentation are:Securing the host system Isolating Veeam processes Levaraging snapshots Automated deploymentBONUS! Tom also does a side-by-side comparison of Veeam fastcloning on XFS vs ReFS!While Tom presents top content, I think one of my favorite parts was coverage of the fail2ban tool (at 41:47 timestamp).
How to synchronise your Active Directory (On-Premise) with Azure Active Directory via the Azure AD Connect
Azure AD is a cloud-based multi-tenant directory and identity service that provides identity and access management capabilities in the cloud.Since choosing the correct authentication method is the first concern for organisations wanting to move their apps to the cloud. The following section helps you decide which authentication method is right for you by using a decision tree. It helps you determine whether to deploy cloud or federated authentication for your Azure AD hybrid identity solution.Scr: MicrosoftTo choose an authentication method, you need to consider the time, existing infrastructure, complexity, and cost of implementing your choice. These factors are different are different from Organisation to organisation. Because of this, I will be highlighting on the different authentication methods. They are as follow;Azure AD password hash synchronization: This is basically the simplest way to enable authentication for on-premises directory objects in Azure AD. Users can use the same
I ask this question which I think is very important starting from the thread in the forum veeam .There is a best practices in a small environment (<4TB) about using only synthetic full backup, active full backup or both togheter alternating?What do Veeam recommend, since synthetic is selected by default?Use only Synthetic full lead to risks in terms of reliability and consistency of backups?On the other hand, using active full requires a lot of space in repository.I ask you Veeam gurus.
Today, I’d like to talk about creating and scoping realistic and enforceable RPOs and RTOs for your Business Continuity (BC) and Disaster Recovery (DR) policies and Service Level Agreements (SLAs) within your organization. As every organization will have different requirements the focus of this blog post is on general considerations for shaping your policy.Additionally this blog post is focused around policy design as opposed to backup technologies and should be vendor agnostic for the most part, though where I am aware of features from my backup solution of choice (Veeam of course!!!) I have referenced improvements that solutions such as Veeam can bring to the process.The assumption is made that you’re already aware of the applications, operating systems and data within the organisation/environment you’re designing these policies for. Step One: Define Recovery Priority Before we start to consider recovery point objectives, we should consider the recovery time objectives of our workloa
Afternoon everyone! I just found out that Veeam have released the VMCA 2022 course and exam. We’ve had a few discussions around this exam within the community as originally Veeam were intending for everyone to take the VMCA 2022 course prior to sitting the exam, however between then and now they’ve changed it. I checked my portal this morning and it showed the “Step 1. Attend a training course” as ticked. I checked with my account manager that this was intentional and they confirmed it’s no longer mandatory to redo the course if you’ve already got a VMCA v1.To find out more simply go to: Get Veeam Certified Now! and then click on the “Veeam Certified Architect” tab. FAQs:I took the VMCA v1 training course but never took the exam, what should I do? The VMCA v1 is expected to retire on 31st December 2021, either sit the exam or take the VMCA 2022 training course and work on that instead. Should I take the training course? Of course, it’s not always cost-effective for some people to take
Today I’ve noticed that Veeam have released the full upcoming agenda for their premier data protection event: VeeamON 2022!I just want to talk through some of the personal highlights I spotted from the agenda.Hands on Labs (Virtual & In-person) Veeam Backup & Replication v12That is not a typo, Veeam must be feeling pretty confident about the shape of v12 by now as next month they’ll be allowing hands on labs of this unreleased product. Check out the description below:In this lab, you will be working with a Veeam Backup & Replication V12 environment where you will learn the basics of Veeam Backup & Replication, test out some of our upcoming new features, and perform typical Veeam backup operator tasks though an interactive step-by-step lab guide.I can only speculate as to what upcoming features will be available to test, but I’m looking forward to seeing what Veeam have been cooking up since v11 launched last year. Veeam Backup & Replication with Immutable Linux Hard
I’ve just seen VMware has announced a revision to their expected release date of vSphere & vSAN 8, and for the right reasons! The VMware vSphere 7.0 Legacy I won’t go on a bashing spree of VMware vSphere 7 release, but… it wasn’t good. The highlights of which include aggressive wear & tear, and subsequent killing of, SD cards and lower durability storage. Additionally, VMware had to temporarily pull some v7 U3 releases due to Quality Assurance (QA) issues.With the issues mentioned above being part of the story of the infamous v7 release history, I felt positive when my RSS reader pulled [UPDATE: Link has been pulled by VMware] this article [/UPDATE] from VMware this morning. In summary, General Availability (GA) of vSphere & vSAN 8.0 have both been pushed to the 11th October 2022, with VMware specifically calling out addition time wanted for QA. [UPDATE] As this link has been pulled, I can't confirm if this is still VMware's proposed date, or if it was a placeholder. [/UPDA
Good day everyone !In November 2020 I created a PowerCLI script which creates a vSphere role with cumulative permissions for Veeam Backup & Replication version 10.In the meantime VBR v11 was released and I needed to update that script and wanted to create “new awareness” of it. The fact that I see A LOT of Administrator@vsphere.local users being used with adding the vCenter to Veeam makes me nervous, that’s why I wanted to fight against this with a simple script so no one needs to manually go through the privileges. Now there is no excuse to use highly privileged user accounts !This PowerShell / PowerCLI script lets you create a new vCenter server role with all the cumulative privileges and permissions to use them with Veeam Backup & Replication V11.The privileges used are based on the recommendations out of the Veeam Help Center which you can find here: Cumulative Permission for VMware vSphere – Veeam Help CenterSimply execute the script and follow the steps to fill in the rel
Login to the community
Log in with your Veeam account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.