Ready, Set, Virtual!

Tag: backup

  • Veeam 365 – Missing Application Permissions

    Veeam 365 – Missing Application Permissions

    With technology ever-changing, and businesses continuously facing security challenges, services such as Azure and AWS need to keep on adapting and improving their security posture to ensure that they continue to protect their customers and services. While this is certainly the correct thing to do, it does sometime create issues for the end users or other applications that are making use of those services.

    If you are a Veeam Backup for M365 customer or user, you may come across the below warning messages when running a backup job. This is because Microsoft have made some additional security changes with different graph API access permissions. This isn’t really all that bad, minus the bits that have been skipped during that backup window, but it is extremely easy to resolve.

    12/02/2025 9:07:25 PM :: Missing application permissions: Exchange.ManageAsApp. Missing application roles: Global Reader. Public folder and discovery search mailboxes will be skipped from processing, and a shared mailbox type will not be identified.

    12/02/2025 9:07:25 PM :: Missing application permissions: ChannelMember.Read.All. Private and shared team channels will be skipped from processing

     

    To resolve this, all you need to do is run through editing your organization once again, and allowing to. update the application registration.

    You do need to make sure you still have the certificate in the cert store for which you used to create the application or recently updated with

    1. Right click on the organization and select Edit Organization


    2. Click Next until you get to the “Microsoft 365 Connection Settings” – Here you can select Use an existing Azure AD Application


    3. Your Username and Application ID will appear in the boxes. Here you will need to then select Install and select your certificate that you used to connect to the application when you either created or last updated.

      Ensure to check the  Grant this application required permissions and register its certificate in Azure AD box. Click Next

    4.  You will then be request to copy the code and go to https://microsoft.com/devicelogin and log in with a GA account to authorize the change

    5. Once Authorized you will then see the progress of the update.

    6. Once all updated click Finish. You can then go ahead and start the job and wait for it to complete.

    7. Once the job has completed, confirm that all was successful and no further warnings.

    This should be resolve any issues Veeam Backup for Microsoft had for backing up using the Graph API.

     

     

  • How to automate certificate update in Veeam Backup for M365

    How to automate certificate update in Veeam Backup for M365

    One of the most tedious operational tasks you can do in IT is manage domains and certificates – these chores can become quite tiresome when replacing many over a year and then starting again as most certificates only have a 1 year (13 month) life cycle. 

    But then… you have certificate providers like Let’s Encrypt and ZeroSSL who provide 3 month free certificates (some with additional costs for repeated use) that with the help with additional toolsets can become automated certificate renewals. 

    in this article I want to cover how to set up and use Let’s Encrypt with Certify the Web to automate the renewal of the certificates for Veeam Backup for M365. 

    As Let’s encrypt needs to use either DNS or HTML to check the legitimacy of the domain to be ale to provide a valid certificate, it is helpful to use an application like CertifyTheWeb to automate the process to update the DNS record when required. CertifyTheWeb has the ability to update a number of DNS providers using the APIs provided along with the API token. 
    Use the attached link here for Setting up CloudFlare API Token for your required DNS zone – this will then allow CertifyTheWeb to make those changes on the fly. 

    To set up CertifyTheWeb to just generate certificate: 

    1. Download and install CertifyTheWeb’s application (Best on the server you require the certificates on) 
    2. Create a new Certificate
    3. Set the Challenge type to DNS and select your DNS Update Method /Manage

    4. Add your credentials/API Token for the DNS manager and put in your DNS Zone ID
    5. Run a Test and confirm that the challenge is working and that the certificate is ready to be deployed. 

    While certify the web will handle applying the certificate to a number of web host systems, for applications like VB365, you need to utilise the APIs/PowerShell commands to install the certificates. 

    This will be applied to the Tasks section of CertifyTheWeb where you can run post-scripts to your recently registered certificates. 

     

    When a certificate is downloaded, it is added to the default folder of C:\ProgramData\certify\assets\<_.domainName>\  – Here you will find the .pfx files. 

     

    The below script will install the certificate to the below parts of Veeam Backup for M365. It will also enable the features.

    • RestAPI
    • Tenant and Operator Authentication
    • VBO Restore Portal

    In a nutshell the script will perform the below actions: 

    1. Import required modules from Veeam Backup for M365
    2. Create archive folder for certificate if it doesn’t already exist
    3. Set Certificate path
    4. Enable RestAPI setting and install certificate 
    5. Enable Operator Authentication setting and install certificate
    6. Enable Tenant Authentication setting and install certificate
    7. Enable Restore Portal Setting and install Certificate while setting Region, AppID and PortalURI
    8. Move certificate to the archive folder

    Save the below script as a .ps1 and map it through the Tasks in CertifyTheWeb – this will then call during deployment. 

    # Import VB365 PowerShell Modules

Import-Module "C:\Program Files\Veeam\Backup365\Veeam.Archiver.PowerShell\Veeam.Archiver.PowerShell.psd1"
Import-Module "C:\Program Files\Veeam\Backup and Replication\Explorers\Exchange\Veeam.Exchange.PowerShell\Veeam.Exchange.PowerShell.psd1"
Import-Module "C:\Program Files\Veeam\Backup and Replication\Explorers\SharePoint\Veeam.SharePoint.PowerShell\Veeam.SharePoint.PowerShell.psd1"
Import-Module "C:\Program Files\Veeam\Backup and Replication\Explorers\Teams\Veeam.Teams.PowerShell\Veeam.Teams.PowerShell.psd1"

$Region = #Default is = Worldwide
$AppID = #AppID
$PortalURI = #RestorePortal URI

# Set the archive folder path

$archive = "C:\ProgramData\certify\archive\"
# Check if folder not exists, and create it
if (-not(Test-Path $archive -PathType Container)) {
    New-Item -path $archive -ItemType Directory
}

# Grab new certificate
# -Path must be set to the assets folder domain with the wilcard for the .pfx 

$Certificate = Get-ChildItem -Path "C:\ProgramData\certify\assets\_.readysetvirtual.com\*.pfx"

# Install RestAPI certificate and enable service

write-host -foreground Yellow "Setting VBO365 Certificate"
Set-VBORestAPISettings -EnableService -AuthTokenLifeTime 4800 -CertificateFilePath $Certificate

# Install Tenant and Operator Authentication Certificate

Set-VBOOperatorAuthenticationSettings -EnableAuthentication -CertificateFilePath $Certificate
Set-VBOTenantAuthenticationSettings -EnableAuthentication -CertificateFilePath $Certificate

# Install Restore Portal Certificate

Set-VBORestorePortalSettings -EnableService -ApplicationId $ApplicationId -CertificateFilePath $Certificate -Region Worldwide -PortalUri $PortalURI

sleep 5

# Move Certificate to Archive C:\ProgramData\certify\archive\

write-host -foreground yellow "Moving certificate to C:\certs\certify_archive\"
Move-Item -Path $Certificate -Destination C:\ProgramData\certify\archive\


write-host -foreground green "Certificate Sucessfully Applied"

    Just like that, the certificates are updated, and in the final few weeks CertifyTheWeb will run and generate a new set of certificates and apply as required when the existing are about to expire.

  • VMCE Notes: Explain Backup Data Platform Components – Part 1

    VMCE Notes: Explain Backup Data Platform Components – Part 1

    Backup Server:

    The backup server contains several components that the backup operator can interact with through the console.
    The console is just one of the components that can be installed on the Backup Server, this is where you can create, run and manage backup jobs, as well as configure backup infrastructure.

    The backup Server allows for coordination of backup, replication and restore jobs as well as running backup and SureBackup verification tasks.

    The backup server coordinates the resource scheduling for attaching disks to proxies and managing the streams to the repository, honouring the configuration for how mange tasks can be ran against certain infrastructure.

    When first deployed, the backup server is also preconfigured as a VMware Proxy as well as the default repository. The first repository is configured as C drive by default

    Backup and Replication Console:

    The backup and replication console can operate from any windows computer that has access to the Backup server. By default, the console is installed alongside the backup services on the backup server, however, a separate installation can be made.

    The console use Simplified and Protected GSS-API Negotiation Mechenism (SPNEGO) that is the Windows Built-in authentication mechanism.

    The console can only access the backup infrastructure to interact with it via credential login. When the console is first opened, a login prompt is displayed to create the connect to the server – You can also point the login to any of the servers you may have deployed – Allowing you to have a dedicated console server and backup server.

    The Console can be deployed to multiple machines or opened several times on the same machine and connecting to the same server as this can help with opening different windows.

    You CANNOT use the same console version to connect to different versions of Veeam BR. You need to use the matching version. If you are using 2 different installations of Veeam Server, you will need to run 2 different versions of the console to connect.

    If the console connects to a server that is updated, the console will check and then update accordingly. This is only supported on the GA version, and not Preview, Beta or RTM.

    ** Downgrade of the console is not possible.

    When installed the remote console, multiple components are installed alongside.

    • Veeam Backup PowerShell Module
    • Veeam Explorers for;
      • Microsoft Active Directory
      • Exchange
      • Onedrive for Business
      • Sharepoint
      • SQL Server
      • Teams
      • Oracle
      • PostgreSQL
      • SAP HANA
    • Data Mover Servive
      • Used to run data processing tasks for VBR
    • Recovery Service
      • Used to perform recovery tasks
    • Veeam Installer Service
      • Used to install agents, transport services and other components on remote servers (Repositories, Proxies, etc.)
    • Veeam mount Service.
      • Used to mount backups during the restore process.

     

    Things to keep in mind:

    If you are deploying the console remotely, you can deloy it behind a NAT, but the Backup Server MUST be outside of the NAT. You also cannot remotely install the console out of the NAT while the backup server is in behind it.

     

    Veeam Backup and Configuration Database

    There are two options for running the Veeam BR configuration database that holds data for the Backup Infrastructure, Jobs, sessions and other Config data.

    You can install Veeam with either Microsoft SQL or PostgreSQL database. Each can be install remotely on a dedicated SQL server, however by default it will be installed locally.  Veeam includes either Microsoft SQL Express or PostgreSQL installers as per of the installation process. Be aware that using Microsoft SQL Express will bring in limitations with how much data can be installed and how that data can be accessed.

    *Some other Veeam software still support Microsoft SQL only – Keep this in mind when designing you backup infrastructure.

    Once a week and when the VBR Service is restarted, Veeam will run a database clean up and maintenance tasks for the database internal statistics. The maintenance task will also defragment indexes and clear unused data.

    The maintenance task will log any changes and tasks performed in %ProgramData%\Veeam\Backup\Job.DatabaseMaintenance.log. file.

     

    Veeam Backup Powershell Module

    Powershell has become almost the default command line tool for interacting with Windows applications. Veeam Backup and Replication includes a PowerShell module that is extending the native Windows Powershell.

    The Powershell snap-in adds a new set of cmdlets that are specifically built to interact with the Veeam Backup Service. This allows the ability to create customer scripts to pull reports or to automate management of backups jobs and restores.

    There is a full Powershell reference guide available.

    Virtualization Servers and Hosts

    There are 4 different types of servers that can been added to the backup infrastructure of Veeam Backup and Replication. Each carry a different role in which they play within the entire infrastructure.

    • VMware vSphere Server
      • Can be a source host or a target host for backups and restores.
    • VMware Cloud Director
      • Source Host and Target (when using Cloud Director Replication and CDP).
    • Microsoft Windows Server
      • Can be used as a Backup Proxy or Backup Repository (Using NTFS or ReFS format)
    • Linux Server
      • Can be used as a Backup Proxy or Backup Repository (Using XFS Format)

    It is ideal to only have 1 instance of the server in the backup infrastructure – Add it via Hostname or IP only, not both.

    Physical servers can also been added into the infrastructure as well as cloud servers.

    Additional server types that can be added, however some require additional plug-ins. :

     

    VMware Backup Proxies

    The VMware Proxy works just like a proxy, it sits between the backup server and the backup infrastructure components, but it is also the connection point for attaching and processing host items (e.g. Using Hot-Add to backup data from a VMware VM Disk)

    The general tasks a VMware Backup Proxy:

    • Retrieving VM data from the Production Storage
    • Compressing
    • Deduplicating
    • Encrypting
    • Passing to another Repository like running a replication job. 

    Usage Scenarios 

    • Backup
    • Replication
    • Quick Migration

    VMware Backup Proxy Transport Modes

    There are a couple of different ways that a proxy can be configured in order to backup if certain techniques are unavailable.

    • Direct Storage Access (Use of Hot Add from VMs – Proxy must be virtual)
    • Virtual Appliance
    • Network (Connect through the VMware hosts to backup)

    When the VM disks are running on a storage system with access to the Backup infrastructure, your proxy can also use the backup from Storage Snapshot mode.

    In most cases, Letting VBR automatically select the proxy mode is perfectly fine – If one method is not available due to communication issues or other limitations, then the next viable mode will be selected.  Failing over to a different method does not remove CBT.  You can also manually select the preferred option for your infrastructure.

     

    VMware Backup proxy Deployment:

     In most cases, you will need to deploy a dedicated proxy server that will be able to handle the load, but by default the VBR server will be preconfigured as the proxy until another is deployed. Deploying multiple backup proxies will allow Veeam to distribute the load across the proxies to provider better backup performance and greater redundancy.

    Proxies are now supported on both Windows and Linux, there are some requirements around configuring for Linux.

    VMware Backup Proxy Services and Components:

    There are 2 services that are required to be installed on the VMware Backup Proxy to operate the required tasks.
    Veeam Installer Service: This service is used to analyse the system and install and upgrades necessary components for the server, this is installed on Windows Servers.

    Veeam Data Mover:  This service does most of the heavy lifting by performing such tasks from the Veeam Backup and Replication Server – Retrieving Source VM Data, Data Deduplication and Compression and moving the data to the target storage as the backup location.

     

    VMware CDP Proxies

    The VMware CDP Proxy performs tasks of moving data between source and target hosts. There are a number of tasks that the Data Mover performs differently to just a regular proxy.

    • Receives VM data from the production Storage
    • Aggregates Changed Data
    • Prepares data for a short-term restore point
    • Compresses and deuplicates data
    • Encrypts and decrypts data
    • Sends data to the storage in the DR site or to another VMware CDP Proxy

    The VMware CDP Proxy Is required for use with the CDP component of Veeam Backup and Replication. This a different use case to the standard VMware proxies.

    VMware CDP Proxy

    The CDP Proxy can be installed on either Windows or Linux based servers that have been add to the the Veeam Backup and Replication infrastructure section. In order for the CDP service to operate correctly, there must be a source and target proxy configured.

    To optimise the performance of the CDP jobs, the VBR server will take into account the load across all proxies that are pooled together and assigning each tasks as required.

    As a design choice for better performance, having a set of proxies (source and target) for one direction is recommended. One source proxy to a target proxy from site A to B, and another set of proxies for going from site B to A.

    The CDP Proxy services are fairly similar to those used on the VMware Backup Proxy, however there is an additional service in use.

    Veeam CDP Proxy Service: Manages all CDP activities such as data aggregation, data compression and decompression, data transfer and other tasks.

    Veeam Installer Service: <Same as VMware Backup proxy>

    Veeam Data Mover: Handles traffic sent during failback

     

    VMware CDP proxy RAM and cache.

     

    CDP proxies use intelligence to allocate RAM to ensure data is processed as efficiently as possible. If the RAM is configured as 16GB or LESS then CDP will split the resource usage 50% each way – this means that 50% is used for the OS and 50% is used for data processing. If there is more than 16GB allocated to the proxy server, then 8GB will be assigned to the OS and the remaining will utilised by the CDP data processes to ensure the most efficient processing available. When a disk has been processed, CDP will allocate 1MB of RAM to ensure data processing will not stop even if some disks cause issues or process too much data.

    As a fail safe, Data is only removed from the cache or memory on the source once the proxy receives notice that the target proxy has successfully received the data.

    Requirements

    • A CDP Proxy must be Windows or Linux – Can be Physical or Virtual.
    • CDP Proxies are not available to deploy unless there is a vCenter or Cloud Director server configured in the backup infrastructure in Veeam Backup and Replication.
    • When using a physical server – Must have a fast network link between hosts and CDP Proxies.

     

    Backup Repositories.

    Direct Attached Storage – Virtual and Physical. 

    There are 3 types of Backup repositories that can be used for Veeam Backup and Replication that are directly attached to the server.

    There are where the disk is attached to the server (I.e. VMDK attached to the VM used as a repository or physical disk installed in the physical server)

    Microsoft Windows Server:
    Several different ways to use a MS Windows Server as a Backup Repository:

    • Local/Direct (USB Drive) attached storage
    • iSCSI/FC SAN if server is connected to a SAN

    There are 2 Data Mover servers that are in play during a backup. There is a DM on the Proxy, and one on the Repository, these both will talk to each other to transfer data over WAN or LAN efficiently. The Data Mover is installed automatically when the server is added to Veeam BR.

    A Windows based repository can also be configured to run the vPower NFS Server function Allowing Veeam BR to provide ESXi transparent access to backed-up VM images that are sitting on the backup repository.

    Requirements:

    • Must meet all system requirements
    • Server must be added as a managed server inside Veeam Backup and Replication.
    • To be able to utilise Fast Clone, must use ReFS on the target disk and meet any additional requirements for this function.

    Linux Server:

    Like Windows, you can connect to the disks on the backup repository in several ways.

    • Local / Direct (USB Drive) attached storage
    • iSCSI/FC SAN if Server is connect to a SAN
    • NFS

    A Linux repository provides additional security measures as well, including: Hardened Repository utilising immutability and single-use credentials.

    Again, similar to the Windows repository, there are 2 Veeam Data Movers that are in play to communicate and transfer data. These are located on both the Proxy and the Repository.

    Requirements:

    • Must meet all system requirements
    • Must add machine to Veeam Backup and Replication as managed Server
    • SSH Daemon must be properly configured and SCP utility is available on Linux host to enable the installation of the Veeam Data Mover.
    • To enable Fast Clone function, need to meet the FC Requirements – min. XFS with reflink=1 enabled.
    • Open required ports on the firewall

     

    To utilise both Hardened and standard repositories on the same Linux server, you need to use Single-Use Credentials when adding the host. – Standard repository will disable immutability and use persistent credentials.

    Hardened Repository:

    A hardended repository enables a series of additional security measures to ensure that backed up data is secure and unable to be tampered with. A hardened repository is only available when using a Linux based server.

    A hardened repository provides the below additional security measures:

    • Immutability = Backed up files can have a time limit assigned to them for how long they are locked, providing the ability to protect from modification and deletion during this time period.
    • Single-Use Credentials = This is a set of credentials that are only used once to deploy the Veeam services (Veeam Data Mover and/or Transport Service). These credentials are only added once to the Veeam Backup and Replication in order to run the install. These are not added and saved to the credential store, providing an additional layer of security and not allowing the credentials to become compromised.

    ** For security reasons, not additional roles can be assigned to the hardened repository except for the use of the VMware Backup Proxy running in Network mode (NBD). Hardened Repository as VMware Backup Proxy.

     

    Network Attached Storage

    SMB:

    To communicate with SMB Backup Repository, Veeam utilises two Veeam Data Movers. Not to be confused with the direct attached repositories, the two used are Veeam Data Mover on the VMware Backup Proxy & Veeam Data Mover on the Gateway Server

    Veeam Data Movers are unable to be installed on an SMB share and a Gateway Server is required to be deployed to connect both the Proxy running Veeam Data Mover and the target SMB share to enable efficient data transfers over LAN or WAN.

    When targeting an off-site SMB share, it is recommended to deploy an additional gateway server on the remote site that is close to the SMB repository.

    Requirements:

    An SMB repository can be assigned to a Microsoft Windows machine that meets the requirements.

    NFS:

    As is the case with SMB, both the Veeam Data Movers for Proxy and gateway servers are required as a VDM is unable to be installed on the NFS share. The processing and communication sequence is the same in that the Gateway server established the connection with the proxy server to move the data efficiently.

    ** Windows Gateway servers cannon be used on NFS shares with krb5i and krb5p support

    Requirements and Limitations:

    • The NFS repository must provided R/W access to the Gateway server
    • Both Windows and Linux servers, and NAS Storage that supports the NFS Protocol
    • The server must also meet all of the System Requirements

    Requirements for Gateway Server:

    A machine installed with the gateway Server role and used to communicate with NFS backup repositories required the following:

    • Both Windows and Linux can be used as gateway servers – meeting the System Requirements
    • The server must be a managed server within the Veeam Backup and Replication console.
    • Backup server must have R/W access to the NFS repository to allow automatic gateway selection
    • When using automatic gateway selection for NFS, the backup jobs can use the same machine as gateway for the repository and proxy. Ensure the below is configured for the backup proxies:
      • All required proxies have R/W access on the NFS repository
      • When configuring for automatic proxy selection, provide R/W to all procies in the VBR Infrastructure
      • Ensure the NFS Client package is installed on the Linux Proxy server

    While there are general requirements above, a Linux Gateway server has some additional requirements:

    • The NFS Client package must be installed
    • Must provide either root or elevated root credentials in order to authenticate with the Linux gateway server
    • Veeam Backup and Replication will only use the highest version of the NFS protocol that is enabled on the NFS repository.

    If the NFS repository has a newer version, then VBR will require the repository to be edited. Running through the edit wizard (without making changes) will run the DB update process after collecting the repositories information.

    Object Storage:

    Object storage is intended for long term retention of data that can be placed in either the cloud (AWS S3/Azure Blob) or an S3-compatible solution running locally/on-premises; such as MinIO.

    Starting in Veeam BR 12, Backups are now able to store direct to object as the primary repository, this is where the data will first back stored before going to a second copy (in most cases, off site.)

    There are a number of cloud object storage providers supported available;

    • Amazon S3, Amazon S3 Glacier or AWS Snowball Edge
    • S3 Compatible, S3 Compatible with Data Archiving
    • Google Cloud
    • IBM Cloud
    • Wasabi Cloud Storage
    • Microsft Azure Blob, Azure Archive Storage and Azure Data Box
    • (Veeam Data Cloud Vault – VBR 12.1.2.172 or higher)

    Object Storage is available to be used in multiple ways:

    • Target Repository as for backup and backup copy jobs
    • Object stoage source from which backup copies will copy restore points from
    • Target repository for file backup jobs
      • Files cannot be backed up to an object repository if the repo is part of a performance extent.
    • Target repository for Cloud Director Virtual Machines
    • Target repository for virual and physical machines by using the Veeam Agent for Windows and Linux.
    • Target repository for backups using the MacOS Client
    • Target Repository for Nutanix AHV
    • Target Repository for oVirt by Veeam Backup for Oracle Linux Virtualization Mnager and RedHat Virtualization
    • Target repository for Applications running on Kubernetes persistent volumes created by Kastan K10 Plugin
    • Target Repository for the configuration backup for Veeam Backup and Replication.

    Object Storage can form part of the SOBR (Scale-out Backup Repository) where it can be used on each of the tiers.

    • Performance Tier: For quickly accessing stored backups
    • Capacity Tier: Available for offloading backups to cloud storage
    • Archive Tier: Infrequently accessed backups, mainly considered cold storage

    Veeam BR will use a VMware backup proxy to transfer data and a mount server to process guest OS application and perform item recovery.

    VMware Backup Proxy will connect to the object storage using one of the below methods – This is all dependent on the type of job

    • Directly: VMware Backup Proxy will transfer data direct to the Object Storage Repository
    • VMware Backup Proxy will transfer data to the object storage repository utilising a gateway server (IF backing up multiple VMs in a job, then a gateway server pool can be used)

    Considerations and Limitations

    • Make sure all required ports are open to and from the object storage.
    • Backup Server and Gateway server require internet connection to validate certificates
    • A second backup server can be attached to the same Object Storage, however it must be read only to ensure that there is no split brain between backup servers where data is mismatched
  • VeeamOn 24 – Day 1 Keynote Announcements

    VeeamOn 24 – Day 1 Keynote Announcements

    VeeamOn is upon us once more and is loaded with many great announcements for new innovations and technology in the backup and cyber resiliency space. There were recaps of announcements made earlier in the year, such as; Veeam Data Cloud, and Coveware. But there was some secrets that were kept very quiet.

    Veeam, in recent years, has had a strong focus on Cyber Security, and protecting not only your backups, but also detecting anomalies in your data, capturing malicious content before it becomes a problem. There are many ways in which your backups can be protected using technologies like; Immutability, Encryption and in-line malware detection. Each one plays a critical role.

    At VeeamOn 24, Veeam highlighted the Veeam Cyber Secure Program detailing the workflow for securing your backups, detecting anomalies and performing the subsequent action required to ensure your business data is secure and protected or getting the business back on their feet after a cyber incident.


    Before getting into announcements, taking a look back at the history of innovation from Veeam is a great way show the progression over the years for how the product(s) have transformed and become what they are today, and where the product is heading.


    But now it is time, the future of Veeam products is laid out, what new versions and what are they going to entail?

    First up, the small updates and additions to existing products on the market. Some highlight

    Kubernetes Backup – V7 (Available Now):

    • FIPS- Enable Cluster
    • Azure Blob Immutability
    • OpenShift Support

    Veeam Backup for M365 – V8

    • Immutability for Primary Backups
    • Linux Proxys
    • Proxy Pools
    • MFA for Console access

    Backup for AWS – V8

    • AWS RedShift Support
    • ASW FSx

    Backup for Azure – V7 

    • CosmosDB Support

    Backup for Salesforce – V3

    • Data Encryption
    • Data Archiving
    • Data Pipeline

     

    Moving to the longest standing Veeam product, there is always room for improvement or other technologies out there that just aren’t being backed up yet. Anton dove straight in and presented backup for both MongoDB and Microsoft Entra ID. These are both built into Veeam Backup and Replication, extending the feature set to do more.

    Some will wonder why Entra ID is going to Veeam BR rather than VB365, and there are going to be a few answers, but it comes down to the majority that will benefit from being able to backup their users in Azure and restore user properties. Those customers may also not use the full Azure suite and may only have it for authentication into their environment. EntraID becomes the backbone, the replacement for Active Directory on-premises.

    And finally, the most exciting announcement I thought was worth highlighting is Veeam Backup and Replication V13 will be coming with support to run on Linux! This is something that Veeam has fallen behind on, but it has certainly been assumed that it was on the road map, as each new version of VBR brought in another component running on Linux.  There are possibly a few components that might not support running on Linux, but I’m sure these will come over time.

    Running on Linux allows for greater control, security, and performance. This now brings the flexibility that could be used to build Veeam appliances that MSPs and Service Providers can supply to customer sites to create a primary backup copy and then using cloud connect, store a backup copy offsite with the Service Provider – This is just one of the possibilities – Sure, you could do that with Windows, but there are more limitations and additional licensing.

    All this is due for release Q3 2024. Watch out for further announcements on day 2, along with product demoes.

  • Configure Object Backup Copy in Veeam Backup for Microsoft 365

    Configure Object Backup Copy in Veeam Backup for Microsoft 365

    In early 2023, Veeam released their next realease of Veeam Backup for Microsoft 365, with v7.  This brought a load of new features, allowing it provide faster and more resilient backups for Microsoft 365.  One of the biggest features was the ability to perform backup copies of your tenancy, allowing you to keep a second copy whether that be on another datastore, another data centre or off up into the mighty cloud.

    Backup copies aren’t new, they have been around in Veeam Backup and Replication for over 10 years, and it only made sense to extend this feature to 365 backups.

    A backup copy is a separate job from the primary job, this allows more flexibility and ease of use – so it is important to name the backup copy with something that distinguishes it from the primary job.

    Before we get into the configuration side of things, there are a couple of pre-requisites for being able to run a backup copy:

    • Only Object Repository to Object Repository is supported. You cannot perform a backup copy of the original JetDB – If you want to backup your JetDB, you could use Veeam Agent Based backup to take a copy of the JetDB files or veeam Backup and Replication to take a backup of the VM hosting those JetDB files.
    • Your Object target must have it’s own Proxy/Repository attached, you cannot share with Object targets. You will receive an error if you try to use a proxy folder that already contains data.
    • If you want to use Immutability, Object Lock must be enabled on the bucket before configuring the job.

    That’s pretty much all there is to watch out for and consider. The rest of the steps should be fairly familiar if you have already gone through and set up Object Repositories for your existing jobs.

    Config

    1. If you are using an on-prem solution for your object storage, like MinIO or Object First, you will need make sure your storage is pre-confgiured and accessible from your 365 server.
    2. Create your bucket on your Backup Copy target storage and confirm that you can access the location. Below you can see that minio-001 (left) contains my primary backup that i hav already configured and taken an initial full backup of my 365 account. My Backup Copy target, minio-002 (right) currently shows no backed up data for 365,


      You will also note that i currently only have 1 backup job configured.

    3. Navigate to Backup Infrastructure -> Object Storage and  select Add Object Storage.  This will open up the Object Storage connection wizard. Here you can start by giving your object storage a Name and Description

    4. Select the correct object storage solution to meet your requirements. If you are using something like MinIO, Ceph or another S3 Compatible object storage, select S3 Compatible, otherwise select the matching cloud target.

    5. In the next screen, you will need to enter your service point, Data Center Region and specify your Account Credentials for your target repository. These will be saved into the Veeam DB. The service point will be that of your backup copy target.

    6. Ensure that you have already prepped your repository with a bucket to connect to. Depending on the number of buckets that you have, the drop down menu will display all available buckets – Select the correct bucket for your target. Once you have selected your bucket, click Browse  and select the bucket name – Click New Folder and name your Backup Copy target folder.

    7. Another great feature brought into v7 is the ability to create Immutable Backup Copies. However, please consider and understand the use of this feature, whilst it is always recommended to have immutable backups, in Veeam Backup for Microsoft 365, the retention period you select for the job is also the retention period of the immutable backup. In other words, If you select to retain 2 years worth of backups before they age out and have applied immutable backups, if the customer leaves and you are required to delete the customers data off your system, you will need to wait until the last backup has aged out over 2 years before it can be removed.
      https://helpcenter.veeam.com/docs/vbo365/guide/immutability.html?ver=70

      Click Finish to create your object storage

    8. You will need to create and Object Repository that attached the Object Storage to a Proxy and a caching folder for the database. Select Backup Repository > Add Repository (You can also right click to select Add backup repository). Once again a wizard will open up and you can give the repository a Name and Description


    9. Select Backup to object storage – this will select the next few windows applicable to object storage. If you select the second option, this will allow you to create a JetDB repository – which unfortunately won’t work with what we’re trying to achieve here.

    10. Depending on your infrastructure design, you may have multiple proxy servers, and they may be in different locations. Select the right proxy server that connects to your object storage target. Here you can then create the local cache path that will reside on your proxy server. You should have a drive preconfigured to contain your cache files. Select Browse and then select the drive and path then New Folder to create the target cache folder,

    11. Select the target object storage. If the object storage is already in use by another repository, it will not show up in the list.

      You can configure an encryption password to ensure that the data is encrypted at the target. This is different from immutability, encryption will prevent someone from reading the data without the encryption password, but will not prevent them from deleting the data.


      During the validation process, if the selected cache folder already contains an existing database in it, you will receive an error message advising of this. You will either need to clear the folder or create a new folder.

    12. Select your retention policy and the type of backup you want to take, whether it be as an image or at the item level, make sure you read carefully the different options available.
      By selecting Advanced you have the ability to choose when you want the retention policy applied – make sure you understand how this works, otherwise you may end up paying additional egress charges.
      https://helpcenter.veeam.com/docs/vbo365/guide/new_repository_4.html?ver=70 

    13. Lastly, once the targets have been configure, it is now just a case of creating the backup copy job. Head back over to Organizations > Select your existing primary backup job and click Backup Copy  – this will open a new wizard that looks similar to the primary backup job creation wizard.

    14. Here you will be able to select your Target Backup Repository – take note that this is the Backup repository and not the Object Storage directly.

    15. You can choose when you want to run the backup copy job. You can select for it to occur immediately as the primary backup job runs, you can set a specific time of day or on a repeated schedule.
      There is also the option to run the backup job within a pre-defined window.

    16. Once the job has been configured, if you did not select the “Immediate” option to run the job, you can go ahead and run it for the first time. You will note that the job type is shown as Copy and the the start and last backup information is avialable.

    You have now configured a backup copy of your primary Microsoft 365 backup.

    For more information, please check out Veeam’s KB articles related to backup copies. 

  • What’s New in Veeam Backup for M365

    What’s New in Veeam Backup for M365

    It’s another week and Veeam has yet again realeased a new version. This time it is Veeam Backup for Office 365 and it is backing up the truck and dumping a sizeable amount of new features. Release notes here

    Interface Changes

    In v6, Veeam introduced the Self-Service Restore portal allowing customers to be able to log in with their M365 account and restore from their backup. In v7, this has since had an update and a facelift allowing user a greater experience.

    While there have been some portal changes, the console has also had some minor changes made to it with colours and styling. Whilst only appear to be minor, if you spend enough time in the earlier versions, you will notice the difference.

     

    Immutability

    One of the newest features that has been around in the VBR world for the last few versions is Immutability. Having a backup is one thing, but is it truely a backup if it is able to be removed or minipulated? Veeam takes care of this by providing the addition of immutability, locking down your backups to ensure that they go untouched and continue provide a safe and secure copy.

    Backup Copies

    In keeping a safe and secure copy, Veeam have now impleted Backup Copies to help get closer to the 3-2-1 rule. (3 Copies – 2 Media types – 1 Offsite). Backup copies have been around for a very long time in the Backup and Replication product set allowing for multiple copies of the backup to be placed in another repository, whether that ben connected locally or via Cloud Connect.  Veeam Backup for M365 allows the backup to be created on the attached local/on-prem repository and then the backup copy to push to a secondary location such as Azure Archive tier.

    In order to create your backup copies, you need to create a location that will be able to accept the copy. If you are an Azure shop, for example, a new option in creating an Azure Blob Storage type has been added. Here you can select to use Azure Archive Storage for cost-efficient storage, which is a great place to send your backup copies to. If you do not have a repository configured similar to this, then backup copies will not be an available option.

    New Object Storage Locations

    It’s been no secret that Veeam have really been knuckling down to implement Object Storage across their product set, and slowly they have been adding it to each of their products. This year we saw Veeam Backup and Replication v12 introduce direct to Object Storage backups, whereas this has been in the M365 product set for some time as an offload target for the repository. Along with the interface changes, there is a new selection page when starting to create your repository. You will need to have created an Object Storage location under the Object Storage menu, but once that is available, you can select which repository type you would like to create as your primary target storage.

    With the full support of direct to Object Storage, Veeam has also added native support direct to Wasabi Cloud Storage allowing for cheap, reliable Object Storage. In the past, you would need to configure a connection to Wasabi via an S3 Compatible storage type.

    History Search

    It might seem a little strange, but for me, this has been one of my biggest gripes with the Veeam Backup for M365 console. The lack of being able to search easily in the console when looking for historical backup reports has now been resovled with the introduction of the search bar. Here you are able to drill down to key words to find a log file for a particular job instead of needing to scroll through the long list of logs.  This has been a very welcomed enhancement.

    Conclusion

    Overall, even though my list above doesn’t appear to be very extensive in the number of items, each one of these has a huge impact on productivity, efficiency and the ability to ensure your backups are both safe and secure and available for when you need them.

    If i had to choose, my two favourite additions are Backup Copies and Immutability. These are critical to ensure that your data is safe. Data protection is one of the highest priorities a business should have on their list for running a business, it ensures that when the inevitable happens, you can get your business backup and runnings as quickly and efficiently as possible, no matter what the disaster is.

  • Backing Up with the Veeam Agent for Linux

    Backing Up with the Veeam Agent for Linux

    When new products are released, we generally see other products in the line up being updated with new features and improvements. We saw quite a number of new features added to the Veeam Agent for Mac. During the Veeam v12 launch where the focus was on Veeam’s new Data Platform, Veeam Warranty and Veeam Backup and Replication v12, there was also some other products that received updates and new release numbers and in among those was the Veeam Agent for Linux v6.

    Over the years, Linux has grown in popularity in the desktop world and new distros continue to pop up, but in the enterprise space, Linux continues to dominate, whether it be as a virtual machine or a bare metal appliance. Regardless of what the distro is used for and it’s underlying hardware\hypervisor, it still needs to be backed up. Your data is important. So, with that said, let’s dive in.

    Installation

    So this is something very easy, especially if you have any Linux skills. You will first want to make sure you check the release notes to ensure that you have the a supported distro (or flavour) of Linux. All the main distros are there; Ubuntu, Debian, RHEL, SLES, and many more. You will also want to make sure that all you have all the required dependencies. If you are are planning to backup to a Veeam Backup and Replication or Cloud Connect Repository, you must target VBR 12 or higher. Head on over to the downloads page over at Veeam, here you can grab the latest and appropriate version for your distro. Again, make sure you have all the required dependencies and have read the release notes so you can familiarise yourself pre-install.

    In the below, I will be installing on Pop-OS, a distro based on Ubuntu/Debian with a desktop environment, so I will be installing the .deb package and using the Apt package manager.

    Once the package has been downloaded to your preferred location, open up terminal (If you didn’t use wget or another terminal based download method) and set your new core directory to that folder. Once in the path, you can run the dpkg install line and then update your apt repository. Once the repository has updated you can go ahead and install Veeam.

    # cd path/to/folder

    # dpkg -i ./veeam-release*

    # apt-get update

    # apt-get install veeam

     

    As soon as the install has completed successfully, you can go ahead and launch Veeam. This will bring you to a ELUA splashscreen that you will need to read and accept to continue. You will then be able to move on and configure your first backup job.

    $ veeam

     

    Backup

    Using the keystrokes, you can navigte around the menu. c will take you to configuring your first backup job.

    Configuring a job is very straight forward and easy to navigate, you have a plethora of options for destination, retention and how you want your files backed up.

    As mentioned, you ahve a number of options in how you would like to back up your files. You can select from either backing up the entire machine, volume level backup, file level backup and the additional option to disable snapshots giving you a crash-consistent file-level backup without the use of snapshots.

    • Backup Entire Machine
      • With this option, you will be able to take a complete in-place backup of your system, allowing you to either restore specific files, or restore the entire system back to the last backup. This includes all partitions. If you run something like df – h  Here you can see the list of all the partitions that are mounted.
    • Volume Level Backup
      • In this option, you can select the volumes that you would like you backup to take a copy of, for example, if you only want a copy of your data drive or partition without the system root or swap partition, you can select just the data drive.
    • File Level Backup
      • Here you can select specfic folders and file in which you want backed up. This is a great option if all you want is to back up your desktop and document folders.

    Only one option is able to be selected.

    The destination is a very important selection, if you select a local storage device that is built into your computer, than you may have trouble if there is physical damage to the machine. If you were to select a local drive attached, you will need to ensure that the drive needs to be removed safely, and stored in a safe place.  Shared folders allow you you to be able to backup to an SMB or NFS share, this allows you to select a destination that might be in another room in the house, or allows your backup to take place over wireless so you can be sitting in any room of the house working away while the backup takes place. Backing up to a Veeam Backup and Replication repository is similar to a shared folder, however you have more control over the backup and it is easier to mount from within the console in the event you need to restore – The Linux agent version 6 is only able to connect to VBR v12 or higher.

    It worth noting that the above options are avilable in the free version, however there are also 2 other options available with a valid license. Object-Storage is becoming increasingly popular and there are many vendors that offer both an on-premises installation and a cloud hosted option. With a license you will be able to backup to an object storage repository, or utilise Veeam Cloud Connect and backup to a service provider – both for off-site copies.

    If you attempt to run the SMB share, you may run into an issue where an error message advises that the “Current System does not support SMB” – This is an easy fix and you just need to install the cifs-utils package and once installed, you will be able to continue on with the setup.

    # apt-get install cifs-utils

    When designing your Backup and DR plan, it is crucial to plan for how long you need to retain your restore points for. The type of restore points is also as important, whether you want all incrementals or a full created once a week, but planning from the beginning can save pain later on. With the Linux Agent, you have the option to enable Active Full and set a schedule for how often you would like the process to run. Veeam also offers some other advanced features when configuring your backup job. Encryption is certainly important, especially for sensitive data, and Veeam’s gives the option in the free version to add an encryption password, but make sure you save that password somewhere secure otherwise your backup will be scrambled and unreadable.  You can also run scripts after the restoration.

    Simply, the last two options allow you to set your schedule, what time and what day would you like your backup to run. Once you’re happy with that you can review your backup configuration and continue – if you desire, you can start the job immediately.

     

    Restore

    This is where I felt the product really shined, as much as having an easy backup with a lot of options to make it as efficient as possible, if you can’t access and restore your data then why are you even bothering with a backup?

    Once the first backup has been successful, select R for Recover Files takes you to another screen that displays your backup jobs and their restore points. Once you select a restore point, your system will mount that point to /mnt/backup and from here you can fully browse your backed up files. If you are using a desktop environment, you can open this up in your file manager, and if you are using all cli then you can navigate to the mount point and copy the files as required.

    It really is that simple.

    Conclusion

    Another great product, not only because it does exactly what it is meant to, plus more, but it is also free with a limited set of options. Veeam have really put a huge effort into making a great backup tool so easy to use on Linux. Yes, there are a number of dependencies that are required, but that is just Linux, and majority of them are already installed. Hats off to Veeam for sticking to making another easy to use tool, and also for making it freely available.

  • Introducing Veeam Mac Agent v2.0

    Introducing Veeam Mac Agent v2.0

    Over the years we have seen Veeam release some great products, and with each release they continue to build in more and more features and there is no exception when it comes to the the updated release of the Veeam Agent for Mac v2.

    Like the Windows agent, the latest Mac agent is available as a standalone install. The previous version was completely managed from Veeam Backup and Replication where you had to cut a config and package the install. With v2, you can install straight from the pkg file allowing you to have more control and freedom.

    Like the Windows and Linux agents, Veeam is providing the Mac agent with a limited free license which allows up to 1 job created and limited backup locations. However, it still has a ton of functionality and gives you access to backing up either individual files, directories or the entire computer.

    So let’s dive in and take a look at what is available under the free license.

    Straight off the bat, there is a really nice UI to work with, the layout is easy to work with and everything is very much self explainatory. There are heaps of features that are wrap into this tight little bundle and are easily accessible. The locations in the UI make sense are all in logical locations.  I did, however struggle to find how to delete the job as my instict from using other Veeam products was to Right click > Delete . This was simple enough in the end as it was just in the top menu, which I guess just makes it safer.

    Backup

    As mentioned above, there is a number of new repositories that are available for backing up your workstation to. Previously you were limited to only backing up to a Veeam Backup and Replication repository, but the Mac agent has now been extended to locally connected repositories and SMB shares.

    Some people like to only backup certain files and others prefer to backup their entire directories and Veeam knows this well which is why they give you the ability to choose your precious files or your entire root/sub directories.  You can even enable backing up locally attached USB drives in case you have an external drive that holds other working files.

     

    The Mac agent is still quite packed full of features and functions to ensure you get the most out of your backups. You have access to advanced features, such as; Active Full backup schedules, Compression, Storage Optimizations and Encryption.


    Restore

    What’s the point of a backup if you’re never able to restore from it when you need to? While dealing with enterprises, we always say to have a test plan in place, but I feel fairly certain that a lot of folks wouldn’t have one in place for their home network. we should also remember to treat our backups as a copy of our data and not as the only copy.

    The Veeam Mac Agent makes restoring a very easy task. Click on the restore tab, select your restore point and then browse your backup. Simples.

    Just like restoring in Backup and Replication, you can choose to either OVERWRITE or KEEP your existing copy of the document (Keep is usually ideal so you can check your restored copy first).  KEEP will place a second copy in the same directory and rename to <filename_RESTORED_date&time> so that you will know exactly which copy it is. There is also COPY TO which will allow you to restore to another location – This is great if you want to place the restored file on an external hard drive or in another folder.

     

    If you choose the “Restore Users Data” option, then you will receive a big pop-up to advise you that you will overwrite your User Profile. So, you have been warned!

     

    Veeam have also done a fantastic job with their job logs and have a very detailed, but human consumable log output directly in the interface.

    Consclusion

    Yet again, Veeam have hit it out of the park with their products and to be able to provide a a free product that is packed full of features is very generous of them.  I think the Mac Agent has come a long way from v1 and is worth trying out. It certainly is a replacement for TimeMachine and much easier to understand and configure. I would like to see a few more menu items in the right click menu, but these are available in the Apple top bar, so no real issues there.

    Make sure you check out the new Veeam Mac Agent once it is GA and be sure to check

  • Rubrik Backup Service Windows Host Install Walkthrough

    Rubrik Backup Service Windows Host Install Walkthrough

    To be able to get the most flexibility out of your data management and backups, sometimes you need more to be able to interrogate your OS to be able to backup the applications that are running inside. Some backup providers use VMware Tools\Hyper-V Integration Tools to be able to perform application consistent backups, such as; MS SQL and MS Exchange. Whilst this may seem like a great idea to minimise the number of services running, this also means that the backup vendor loses some control over what their product can leverage and limiting them to the virtualisation eco-system.

    Rubrik delivers control and flexibility with their Rubrik Backup Service (RBS) which is available for Windows, Linux, AIX and Solaris, but also allowing for the ability to backup virtual and also physical servers. The RBS allows for granular control over applications such as MS SQL where it can backup each database with different SLA domains, as well as backing up file systems.

    This post will walk through deploying the RBS to a MS Server 2019 Server manually, although, there are several methods available to automate the installation, this walkthrough will show you . To automate check out the Rubrik Inc. Github and Rubrik Build for sample scripts and API documentation. For Example: Install-RubrikBackupService with PowerShell

    Required Opened Ports: 
    tcp 12800
    tcp 12801

    First off, downloading the Rubrik Backup Service installer is easily achievable by 2 methods. You can obtain the installer from under the Windows Host section on your Rubrik CDM web UI or via the hyperlink https://<rubrik cluster Ip-hostname>/connector/RubrikBackupService.zip

     

    Once downloaded you will need to extract the contents. Ensure that you keep all files together in the same folder as they are all required for the install. Each installation package is specific to the cluster it was downloaded from and will only work with that cluster.

    The wizard is a simple “Next, Next..” process. Open the MSI file. When you select custom, you do have the ability ti change the installation location. Once completed, click Finish.

    Open up the computer Services manager and check that the “Rubrik Backup Service” is running.

    At this point, you will not see the host show under Windows hosts under the web UI, you will need to click on the “Add windows hosts” button – either in the main screen or in the top bar.

     

    When adding the hosts you can either do this by IP or hostname. Ensure that your DNS is configured correctly prior to trying to add via hostname – click Add. Adding the host will create a secure connection between the host and the cluster.

     

    If you run into an issue where the cluster is unable to connect to the host or display an error regarding retrieving the certificate, make sure you configure your firewall. As this lab is on a single subnet the cause for the error was the Windows Defender Firewall. Add the required allow access and retry added the Windows host to the cluster.

     

     

    The host will show a status of “Connected.” You will need to install the Volume Filter Driver (VFD) to enable the cluster to track changes to the blocks as well as assist with the performance of the incremental backups. Select the host you want to install the VFD on and click the 3 dots in the top right corner -> Select Install VFD -> Wait until the Volume Filter Driver Status changes to “Host Restart Required” and reboot the host. (Refresh the UI if you don’t see it update after some time.)

     

    After reboot, you should now see the status change to “VFD Installed”

    The Windows host is now looking ready to go and the last two items are to set up the protection by adding the SLA domain and content to be protected

    .
    Select the host and click the “Manage Protection” button. Here you can choose to backup set you want to protect, whether it is the volumes or filesets.

    When adding a fileset, you can set rules around whether to include or exclude certain folders and file types.

     

     

    Once you have set your backup set, you can then assign the SLA domain that meets your requirements for your backup SLA. For more about SLA Domains see SLA Domains Global Scale

     

    It is a very simple process which, as mentioned above, this can be automated through the use of scripts and APIs, however this was just a walkthrough of the process. Ensure to check out the Rubrik Build site. There are also other scripts available on the Rubrik Build GitHub repo along with various SDKs for use with Rubrik CDM.

  • Veeam Backup & Replication 9.5 Install – Back to Basics.

    Veeam Backup & Replication 9.5 Install – Back to Basics.

     

    Sometimes it is good to go back to basics, somethings change between different versions of software and the installation process isn’t always the same. Sometimes, you may have never installed that piece of software before, but the only installation guide is 3 versions in the past and they have since introduced the need for IIS for a new web portal or something. So here we go in the first post of my new Veeam series “How to install Veeam Backup and Replication” 

    1. Download the latest Veeam VBR ISO from the support download page. 
    2. Depending on version downloaded, you may need to extract the ISOs from the ZIP
    3. Mount the “VeeamBackup&Replication” ISO and open the setup.exe
    4. Click the install icon for Veeam Backup & Replication.
    • Read and Accept the EULA (You can’t proceed if you don’t agree) 
    • If you have a license file, attach it. Otherwise, you will get 30 days free trial
    • Choose your components to install. 
      • Veeam Backup & Replication– This is the main application for configuring and running backup & replication tasks.
      • Veeam Backup Catalog– Used to index the files into a GuestOS backup file for easy restoration. 
      • Veeam Backup & Replication Console– The console is the GUI used to perform tasks and configure Veeam Backup & Replication. 
    • The System Configuration check is used to ensure the correct components are available and installed ready for Veeam B&R to install and configure.
      If there are components showing as Failed, click on the “Install” button to get them installed.  
    • One installed, re-run the check and ensure each component passes. Click “next”. 
    1. Review the default configuration, this includes directory locations, ports and SQL instances. You can select “Let me specify different settings” if you need to make any changes. Click Install to continue. 
    • Wait until installation completes. The installation will take approx. 10 minutes, and if there is an update as part of the install, you will see this occur towards the end of the process. 
    • You will be notified once completed. 
    • Double click on the Veeam icon on the desktop to open the console and put in your Username and password and click connect.
    • By default, the Component update will open up and require you to run the update on any components that require it. They will be listed. Select and apply the updates.
    • Under “Inventory” > “Virtual Infrastructure” > select “ADD SERVER” > Select type of server (in this case, VMware vSphere). NB:You will need to run this process before you can set up your proxies.
    • Input your vCenter (or host) details for Veeam to connect to. 
    • Add your server credentials into the credential manager. 
    • Trust the certificate if it is Self-signed. Please see KB2806 regarding 9.5U3 self-signed Cert bug. 
    • Confirm settings are all correct and click “finish”. 
    • Confirm under “Virtual Infrastructure” > VMware vSphere” that you can see your vCenter hierarchy. 
    • Under “Backup Infrastructure” > “select Backup Proxies”

    • Add in your proxy server’s IP/hostname and a description
    • Add your credentials for the proxy server, or reuse pre-configured.
    • Wait for components to all install. 
    • Confirm the Proxy service details
    • Once you click “finish”, you will return back to the VMware Proxy screen, here you will be able to set your Transport Mode and Datastores. 
    • Select “Choose” for Transport Mode. This will show you a number of options with descriptions to help you choose the correct transport mode to meet your infrastructure requirements. If unsure, select Automatic Selection.
    • Once you continue on, you will have the opportunity to set up traffic rules where you can create bandwidth restrictions. Here you can get granular and create policies for certain IPs. 
    • Once you have finished setting up your proxy, you will then need to set up your repository for storing your backups and/or replications. Select “Backup Repositories” and Set up a new repository. Start off by giving your repo a name. 
    • Veeam offers support for a number of different types of repositories. Select the best option for your infrastructure. (This tutorial will just be a Windows Server.) 
    • Under “Server” choose the repository server from the list or click  “Add New…” server. Once added click the “Populate” button to see the capacities and free space available. Once identified, select the disk you want to use. 
    • In your Repository settings, you can setup the path for which you want your backups to go to. Once set, click the “Populate” button again. Veeam also offers Load Control to assist with your bandwidth and disk performance for your backups, use and adjust as required. 
    • With Windows Server 2016, Microsoft introduced ReFS, their new volume format that allows for greater capabilities. Veeam acknowledges these abilities and advises you of the benefits of using ReFS over NTFS.  *Proceeding will not prevent you from using the Datastore. NB: ReFS is reasonably resources heavy.
    • Under Mount Server, you can set which server will take the load when mounting a restore point with Instant VM Recovery, SureBackup or On-Demand Sandbox. If you have the ability to provide write caching for the mount server, you can enable vPower NFS Service to assist with those mount points.
    • Once all configured, the review stage will confirm if any of the additional components will need to be installed on the new Backup Repository. Once confirmed, you can apply and let Veeam set up the repository. 
    • During the apply process, you will be able to confirm all steps completion. 
    • Once your infrastructure is configured, it is down to business and time to test and create your first Backup job. Under “Backups”, Right click and Select “New Backup Job.” Set a Name and then select your Virtual Machines you would like to backup.  
    • Click recalculate to ensure the total size is updated to reflect the size of the disks to backup. You can also exclude objects from being backed up. 
    • Select your proxy, if you have a Proxy server setup, then choose that one. Otherwise, if you did not setup a proxy earlier, you can use VMware as the Backup Proxy, however this will be a slower process. 

    • Select your Repository for the backup job. In this screen, you can also set the amount for restore points you want to keep and any advanced settings such as additional scripts, Email notifications, backup modes (Incremental, Active Full, etc.) etc. 
    • The Guest Processing page is used to configure the backup job to leverage Application Aware processing and also file indexing and exclusions, and much more.
    • The schedule is fairly self-explanatory. Here you can configure how often the job will run and how many retry attempts before failing the job. 
    • Once all settings have been configured, apply the configuration and if appropriate, Run the job once created. 

    • Watch the progress and if there are any errors, adjust your components where required.