Categoria: Veeam

Veeam, backup, replication, Disaster Recovery

Pubblicato il

VBO-365 Portal: A nice project just behind the corner – Part 1

A service provider asked me to help him to design a backup service where the main topic was Microsoft 365.

I’m sure many of you already know and already use Veeam Backup for Office 365.

It is an excellent solution to address an end-user request and to allow a Service provider to supply a managed service.

But what about unmanaged service?

In other words: is it possible to give an admin of an organization a way to perform backup and restore by himself in a multi-tenant architecture?

The answer came from the great job of two Veeam guys.

Niels Engelen and Timothy De Win have developed a web portal leveraging the native VBO-365 RESTFul-API that allows the service provider to score the goal. The project is called MARTINI.

Just a note before starting: the articles have been written “for dummy”; the scope is explaining step by step the procedure I followed to design service.

To remember: 

  1. This is not a Veeam Project so it is NOT officially supported.
  2. For more details about the software used and to remain updated, please refer to the blog sites of Niels and Timothy (http://blog.dewin.me/).
  3. .ake a look at the official Veeam guide to know the hardware, software requirements of VBO-365.
  4. Please contact your security specialists to be sure it responds to your security standard.
  5. This article has been written using VBO-365 v.4. Please read carefully the second article to learn how to fix with VBO-365 v.5.

Design and Implementation:

The smallest architecture you can design is composed of one VBO-server and one Portal server.

In these articles the names of these 2 servers are in order:

a) VBO-365  (Windows 2019)
b) VBO-Portal (Linux ubuntu 20-04)

A video that explains how to install VBO-365 software is available at the following link: Installing VBO365.

Ready to start? Let’s go!

a) Commands 1/2 update and upgrade the packages installed Linux Server to the last release

1- sudo apt update
2- sudo apt upgrade

b) Command 3 installs the unzip package

3- sudo apt-get install unzip wget

c) Command 4 downloads the martini package,  command 5 unzips it in /usr/bin directory

4- wget https://dewin.me/martini/martini-cli.zip
5- sudo unzip martini-cli.zip -d /usr/bin/

d) Now it’s time to setup Martini.

6- sudo martini-cli setup

It requires and automatically installs the following packages:

apache2, mysql-server mysql-client, PHP, php-xml,  composer, zip unzip php-mysql and Terraform.

At the end of this setup the screen output shows the following output.

#MySQL commands:
CREATE DATABASE martini;
CREATE USER ‘martinidbo’@’localhost’ IDENTIFIED WITH mysql_native_password BY ‘mypasswordthatissupersecret’;
GRANT ALL ON martini.* TO ‘martinidbo’@’localhost’;
# Ubuntu older
GRANT USAGE ON *.* TO ‘martinidbo’@’localhost’ WITH MAX_QUERIES_PER_HOUR 0;
# Ubuntu 20.04
GRANT USAGE ON *.* TO ‘martinidbo’@’localhost’;

Now connect to mySQL DB using the following command:

mysql -u root -p

If the error shown in picture 1 appears it is necessary to follow the procedure described below:

Picture 1

– sudo mysql
– select user,host,plugin from mysql.user; output -> root | localhost | auth_socket 

the output is shown in picture 2 and it checks the plugin used for any MySQL users.

Picture 2

If it is auth_socket to user root just change it with the following command

– update mysql.user set plugin=’mysql_native_password’ where user=’root’;
– select user,host,plugin from mysql.user; output root | localhost | mysql_native_password

the output shown in picture 3 confirms it is correctly changed.

Picture 3

– flush privileges;

quit

Now retype the previous command (mysql -u root -p) and please continue with the procedure if it still doesn’t work as shown in picture 4 :

Picture 4

– sudo /etc/init.d/mysql stop
– sudo mkdir -p /var/run/mysqld
– sudo chown mysql:mysql /var/run/mysqld
– sudo mysqld_safe –skip-grant-tables &
– mysql -u root

– ALTER USER ‘root’@’localhost’ IDENTIFIED BY ‘new_password‘;

– flush privileges;
– quit

at this point reboot the server.

The command mysql -u root -p  shows the following output:

Copyright (c) 2000, 2020, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the current input statement.

Let’s go back to martini checking if the database and the new user have been created with the command:

mysql> show databases;

If it doesn’t appear use the following steps:
– use mysql
– show tables;
– CREATE USER ‘martinidbo’@’localhost’ IDENTIFIED BY ‘mypassword-‘;
– GRANT ALL PRIVILEGES ON * . * TO ‘martinidbo’@’localhost’;
– FLUSH PRIVILEGES;
– CREATE DATABASE martini;

Now re-launch the martini setup command

– sudo martini-cli setup

selecting no when the prompt asks if it is the first run and follow the easy wizard as shown in picture 5.

Picture 5

The last commands are:

– sudo chown thegable:thegable .martiniconfig
– martini-cli –server http://localhost/api connect

and if you have enabled the firewall just open the web default port

– sudo ufw allow 80/tcp

Now open a web browser (Picture 6) and point out to the VBO-portal server  IP address and you can see the login to Martini page.

Picture 6

In the next article, we are going to cover how to set it up and some useful detail to use it.

That’s all for now guys.

Pubblicato il

VBR – Proxy linux server UUID

When a Linux VM is added to Veeam console as a Proxy Server,  you can fall out in the error shown in picture 1

Picture 1

The reason for this behavior is that the default VM config does not allow another software to see the UUID of the VM.

What is UUID?

It’s the unique identifier used to uniquely identify partitions in Linux operating systems.

Why is it important to use it?

A backup where the proxy is a Linux VM only works with virtual appliance transport mode. It uses the VMware hot add capability.

Easier: when a job starts, the proxy Linux mounts the disks of the VM that have to be processed and then send a copy of data to the Veeam Repository.

If the backup server knows which are the proxy disks it can process the others easily and without errors.

The result is that it’s mandatory to set it up correctly as shown in the user guide and in Veeam forum

Note 1: the Linux command to show UUID is blkid

To address the issue just switch off the VM and, from vCENTER Console, follow the procedure showed in the next 4 pictures highlighted in yellow.

Picture 2

Picture 3

Picture 4

Picture 5

That’s all folks

Pubblicato il

Veeam NAS Backup – Scripts for Demo live

BR v.10 introduced a great new feature. 

NAS Backup allows managing the protection of the environment where files and folders are a focus point for a company.

This article does not cover how a Nas Backup job works or how to set it up. Please refer to the official documentation to have all details.

What is the scope of the next lines?

It will show how easy it is to realize a script to create dummy files
before launching an incremental backup.
Why? Because the scope of this article is showing how fast a backup job can be.

1. The script is composed of four parts (in every box line 1 describes the actions that will be performed after).

#working path
$mypath=”C:\Users\VBR\Documents\NAS-Folder”
Set-Location -Path $mypath
#creating folder to copy to share
$folders_new = New-Item “$((get-date).toString(‘yyyyMMddhhmmss’))” -ItemType directory
Set-Location -Path $folders_new
# Creating 100 files
$baseFile = $rootDir + “base.txt”
$desiredFileSize = 2*10KB
$fileCount = 100
“start” | Out-File -Filepath $baseFile
While ($(Get-ChildItem -path $baseFile).Length -lt $desiredFileSize)
{
$(Get-ChildItem -path $baseFile).Length | Out-File $baseFile -APPEND
}
for($i=1;$i -lt $fileCount;$i++)
{
Copy-Item $baseFile “File-NAS$i.txt”
}
#copy to network share
Set-Location -Path $mypath
$pathtocopy= $folders_new.Name
copy-item -path $pathtocopy -Destination \\ip-address\cifs-destination -Recurse

2. Let’s see how to integrate the script in VBR.

The next pictures will show the Nas Backup job wizard pointing out the main point (picture 3, 4 and 5)

Pictures 1 and 2 show one of my favorite advance options: the possibility to select the file topology to save. For example, protecting the pdf files only. It supports wild-cat character so it’s very flexible and useful.

Picture 1

Picture 2

From picture 3 to 5, highlighted in yellow the step to set-up the script:

Picture 3

Picture 4

Picture 5

Pictures 6 and 7 show the result of the job modified in this way.
Please put your attention to the last yellow line where 195 MB of the source data is processed in 20 seconds. (In my small lab it’s a great result !!!)

Picture 6

Picture 7

Note: If you need to change the script time execution from default 15 mins (900 secs), just add a REG-DWORD named “PreJobScriptTimeoutSec”(Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Veeam\Veeam Backup and Replication). The amount has to be in seconds (Picture 8)

Picture 8

That’s all folks 

Pubblicato il

VBR & Cloud a Business Model – Part 1

New articles to show which are the common business models that leverage the Veeam cloud technologies.

Today I’m going to cover two kinds of services:
A) Remoting Backup Data (RBD)
B) Disaster Recovery as a Service (DRaaS)

For every above service, the article will show the two options available:
1) Un-managed Service
2) Managed Service

The scope of these articles is to explain  Roles, Tasks, Responsibilities, license management to have a big picture of the service models.

Note-1: If you need technical details on how to deploy and how to use these functions please refer to the official documentation and ask the local Veeam representative.

Let’s start!

1) What is an un-managed service?

It’s the way in which the service provider installs, maintains and manages hardware and software in its “sites” providing a reliable service.

The customer must handle all his configuration tasks to use the services bought from Service Provider.

The following example is an easy way to fix in mind what an un-managed service is.

Office365 (now Microsoft 365) provides e-mail, SharePoint, teams, one drive services.  Microsoft itself is responsible to maintain the service up and running, but all the tasks to use it are in charge of the customer.

If you need more details about data & service responsibility on Microsoft 365 environment just take a look at the following pdf, if you want to know more about how to implement a service, please click here

AB-1) Un-managed Service & Remoting Backup Data & DRaaS

The technology supplying a Veeam Service is named cloud connect. The idea is creating a private and secure connection from the Tenant to the Service Provider side that makes shared resources available.

Picture 1 shows the backup flows and resources (Repositories) for RDB. Picture 2 shows the DRaaS flows and resources (Virtual Hosts).

Welcome Veeam Cloud Connect!Picture 1

Veeam Cloud Connect Replication, la NUOVA soluzione in arrivo con la versione 9            Picture 2

Tasks and responsibilities:

SP administrator (Cloud Connect):

    • Deploying the front-end CC Architecture (Gateway)
    • Deploying the back-end CC architecture (Backup Server/Repository/Wan-Accelerator/vCD/VSPC/SQL…)
    • For each Tenant, defining the resources to be provided (multi-tenant model)
    • Using the VSPC to monitor and report on resource use

Tenant Administrator (From VBR console):

    • Adding the Service Provider service discovering the purchased resources
    • Setting up local backup jobs
    • Setting up the backup copy job where the repository is the SP site
    • Setting up the Replica job for DRaaS
    • Performed Restore activities
    • Performed Partial and Full Failover

How is it possible to measure the services?
Is it possible to show both the use to service provider & Tenant?

The answer is yes just using the Veeam Service Provider Console (if you are a Service Provider please take your life easier deploying the VSPC).

Which sort of measure can I get from it? Very detailed usage report that can be automatically sent to a Reseller and to the tenant (via e-mail also).

VCSP can be used also to create and manage invoices.

Note-2: VSPC is the license manager focal point where you can see through reports the license Status (Approved, Waiting for Approval) for a specific period of time (details available clicking to VCSP license and to the last article of this serie) 

2) What is a managed service?

Managed services are the practice of outsourcing the responsibility for maintaining, and anticipating the need for a range of processes.

The schema used for 1AB can be used for 2AB as well

Tasks and responsibilities:

SP administrator (Cloud Connect):

    • Deploying the front-end CC Architecture (Gateway)
    • Deploying the back-end CC architecture (Backup Server/Repository/Wan-Accelerator/vCD/VSPC/SQL…)
    • For each Tenant, defining the resources to be provided (multi-tenant model)
    • Using the VSPC to monitor and report on resource use

SP administrator for Tenant Administrator (From VBR console):

    • Adding the Service Provider service discovering the purchased resources
    • Setting up local backup jobs
    • Setting up the backup copy job where the repository is the SP site
    • Setting up the Replica job for DRaaS
    • Performed Restore activities
    • Performed Partial and Full Failover

Here also the VSPC can be used as a central point of service management

Note-3:

The service providers using the pairing vCloud Director (vCD) technology and Veeam Cloud connect, can replicate production VMs directly inside the tenant virtual Data Center (vDC) as shown in Picture 3.

vCloud Director Tenant Account - Veeam Cloud Connect GuidePicture 3

This approach simplifies not just network management (NSX) but also the cloud Service provider adoption.

A natural extension is the migration services of the tenant workload from on-premises to Cloud through Cloud Connect.

Is there a different way if a Service Provider/Tenant does not implement/use the Replicas job?

The answer is sure, and I named the use case as Cold Disaster Recovery“.

The idea behind itis restoring the backup tenant files on SP virtual architecture.

To allow it to work it’s necessary:

a. The tenant has provided the backup file encryption password. 

b. Since from the VBR console the SP can’t browse the tenant backup files (The VBR SP console in fact can just show if a backup is running), the SP has to implement a script to import backup data to SP Backup Server. Luckily you can get the script from Github (Thx to an Andrea Borella works).

c. Just now from the SP-VBR console at the menu “imported backup copy” will appear all backup copy job of the tenant, and the SP can restore VMs.

That’s all for today guys.

My next article will cover topics about vCLOUD DIRECTOR backup as an un-managed service.

The last one will talk about all you need to know about the licensing.

Stay tuned!

Pubblicato il

VBR & Cloud Business Model – Part 2

In the previous article, I wrote a small pill about vCloud Director.

Today I’m going to expand the Business model that can be deployed through this great VMware technology.

Picture 1 shows the main components (VBR, Repository, Enterprise Manager and vCloud Director) mandatory to provide services.

As usual please refer to official guides to deploy correctly the Veeam technologies.

Picture 1

On the corners of the above picture, it’s possible to observe two funny images. The scope of those pictures is to show the services that the Serice Provider can sell: Managed, and un-managed.

Let’s start !!!!

a) Managed Service: Backup as a service on vCloud Director

In this scenario,  the service provider will install VBR components and it will take care of all the backup and restore activities.

The tenant will open a ticket to Service Provider for asking backup policies changes and for restore tasks.

b) Un-managed Service: Backup as a Service vCloud Director

Tasks and responsibilities:

SP administrator (backup for vDC):

        • Deploying the backup end architecture (VBR, Repository)
        • Defines templates for Backup jobs of the tenants (by selecting Repository and Quota) (picture 2)
        • If necessary apply schedule restrictions (picture 3)

Tenant Administrator (by Enterprise Manager):
Tenant through his vCD credentials can:

      • Create new backup jobs based on templates
      • Edit / Delete / Enable / Disable Jobs
      • Start, stop, restart jobs
      • View backup statistics
      • Restore VMs and vApps
      • Restore the VM guest files
      • Restore SQL Server and Oracle objects

Picture 2

Picture 3

That’s all for today folks.

The next article will show you all about licensing

Pubblicato il

VBR & Cloud Business Model – Part 3

This article will cover the topic of license in VCSP scenarios.

Please refer to the official documentation to get more details on it.

The easiest way to explain the license model is by thinking of a basket.

a. What is present in the basket?
It is the container of the licenses. The licenses belong to the Service Provider.

b. What the Service Provider can do with licenses?
It can assign them to his customers (you can call them end-users or tenants).

c. Does the services consume different amounts of licenses?
The cost depends on the supplied service.

The example below will clarify the licensing method; the units I will use to explain the model are apples 🙂
(numbers written here are not real, contact the local Veeam sales representative to have a correct quote).

A Service Provider supplies three types of services to his customers;
DraaS, BaaS, RbcS(Remote Backup Copy Service)

Every single month the Service Provider buys 100 “apples” and put them into the basket.

Let’s suppose that:

1) DraaS consumes 10 apples for VM a month (VM/m)
2) BaaS 4 apples  VM/m
3) RbcS 6 apples VM/m
4) Every tenant has 5 VMs
5) Service Provider customers are: Green – White – Red
6) Green bought DraaS
7) White bought BaaS
8) Red bought RbcS

How can I measure the apple-eating?
With an easy math operation 🙂

Green = 5VM*DraaS = 50 apples
White = 5 VM*BaaS = 20 apples
Red=5VM*BbcS=30 apples

Total = 100 Apples

Note 1: If the Service Provider adds new customers or the present tenants more VMs the Service Provider license can be enlarged on-fly easily contacting the Veeam team.

But, if the license count it’s quite simple with few customers it can be more difficult with hundreds of them.

In aid of of the Service Provider Veeam released a  very useful and powerful software named  Veeam Service Provider Console (VSPC)

What are the common VSPC use cases?

1) Remote monitoring and management
2) Licensing engine and usage reporting
3) Billing
4) Integration and automation (RestFul API)
5) Multi-tenant serviceability

(To have more details please click here)

Picture 1 shows which services can be managed via VSPC.

Picture 1

Please remember that cloud connect is mandatory work with VCSP.

The official guide shows the requirements to work with it:

Note 2: The software provided by Veeam enables any partner to create his own cloud services. To example performing a backup service for workstations and laptops  of employees that working from home (a common scenario in these unlucky last months)

Note 3: To create a price list every single Service provider will have to add all costs of Infrastructure, Managing etc

That’s all for Cloud Modelling.