Posts

Posted on

VEEAM AGENT FOR WINDOWS – REMOTE COPYING DATA – 1

In the last weeks, I’ve been requested to understand how to set up a strategy of remoting Backup Data when the source is a Veeam Agent.

The answer is not just the “Use the backup copy job” option because it can be used in one of three scenarios I’m going to cover in the next three articles.

So, let’s move fast forward

My Lab Environment is composed of VBR + 2 Windows 10 Physical Laptops

I do not cover the first part regarding how to create a protection group. There is more than one online guide that explains how to add a protection group to VBR.

My two suggestions are:

  1. Check if the Firewall ports are correctly open (click here)
  2. Check on Laptop if Admin share (c$) is available.

If the second point failed just follow this simple procedure. Launch a cmd as administrator and write the following command:

REG ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1 /f

Scenario 1: VBR as central Manager – VAW configurated as Server

Let’s see how to configure a primary VAW  backup Job

From the wizard select Windows Computer as shown in picture 1

Picture 1

from the Job Mode Select Server (Picture 2)

Picture 2

Now add the Backup Job name and follow the simple wizard (Pictures 3 to 9)

Picture 3

Picture 4

Picture 5

Picture 6

Picture 7

Picture 8

Picture 9

Now you can check if the backup up has been completed correctly (Picture 10)

Picture 10

Now it’s time to configure a Backup Copy job and run it (Pictures 11 to 16)

Picture 11

Picture 12

Picture 13

Picture 14

Picture 15

Picture 16

Now you can see different restore points on disks (Pictures 17 to 19)

Picture 17

Picture 18

The last step is watching how many licenses have been used

Picture 19

In the next article, we are going to see what will change if we work on the “select mode” option.

Posted on

VEEAM AGENT FOR WINDOWS – REMOTE COPYING DATA – 2

In this second article, we are going to cover what happens if we set up a VAW backup job working “managed by agent”.

Let’s see the main differences from the wizard (to know all the procedure please refer to the official guide or to my previous article)

Picture 1

Before going on, have a look at the manual to understand what happens in this scenario:

helpcenter.veeam.com (click here)

“Veeam Backup & Replication uses the backup policy as a saved template and applies settings from the backup policy to Veeam Agents that run on computers specified in the backup policy”.

In other words,  the policies are pushed to the VAW; So the laptop is able to protect its data even without a VBR start command.

Ok, following the wizard, input a backup name and select the Laptop to protect (Pictures 2 and 3)

Picture 2

Picture 3

After selecting Target and Repository it’s possible to complete the job creation (Pictures 4,5 and 6).

Picture 4

Picture 5

Picture 6

Now check if the backup policies are correctly applied and then launch the backup job (Pictures 7,8,9,10)

Picture 6

Picture 7

Picture 8

Picture 9

Picture 10

Checkpoint:

If you now try to create a backup copy job from the VBR console, you will find a problem because it is not available if you are going to select Periodic Copy (Immediate copy is available from version 11 of VBR)

Why?

Because in this scenario the policy commands the backup process. It’s like saying the Agent is the master of the backup.

How to go over?

  • Just select Immediate copy or
  • Add a new backup policy !” (Pictures 11 to 14)

Picture 11

To know: if you use a remote desktop and connect to your saved laptop, you can find the Veeam icons. When you click on them you get the classic interface (as standalone installation)

Picture 12

To Remember: from here you can not add a new job. You always have to set it up from the VBR console:

Picture 13

And the last thing? What about licensing? It consumes a single VUL

Picture 14

Wrap-up:

  1. If you need to have more than a copy, just create a new policy backup. My two cents are:
    a) Use a forever forward incremental chain.
    b) The repository should have a block cloning technology as ReFS/ XFS.
  2. If you plan to use a Backup copy job you have to configure the Agent as managed by the backup server or on the backup copy job select the immediate copy job.
  3. Licensing does not have any impact, it always uses a VUL license.

The next and last article will cover the workstation backup approach. See you soon

Posted on

VEEAM AGENT FOR WINDOWS/LINUX – REMOTE COPYING DATA – 3

Today I’m going to cover what’s happening if you set the protection policy up as a workstation.

In this article, I’m covering the Veeam Agent for Linux (VAL) also,  to widen the range of my site and answer friends asking me to talk about their workstation based on Ubuntu.

After creating the protection group  (please refer to the previous articles), let’s create a new job and set it up as a workstation job (image 1)

Image 1

Now add the laptop (ubuntu2 in my case) and follow the wizard pointing as repository the VBR server (image 2-5).

Image 2

Image 3

Image 4

Image 5

After completing the task, check that the configuration has been rightly applied to the laptop and then launch the first backup (image 6).

image 6

Now it’s time to connect via SSH to the Linux laptop and lunch  the command Veeam as root (image 7)

Image 7

it shows your backup status (image 8)

Image 8

and from here you can lunch the same job another time (image 9)

Image 9

But what happens if you try to add a new backup from this interface? As previously in Windows case, it is not allowed, because it is managed by VBR.

A good step is to check that the license work in workstation-mode (image 10)

Image 10

But if you remember well, my first goal was having a backup outside the primary site.

I already wrote in my last article (VEEAM AGENT FOR WINDOWS/LINUX – REMOTE COPYING DATA – 2 ) how to set up a new backup job from the VBR console (I’m pretty sure you are now ready to do it without any help) (image 11 – 15)

Image 11

Image 12

Image 13

Image 14

After applying the configuration let’s start the Backup job

Image 15

This is what happens, It FAILED !!! (image 16)

Image 16

Why?

The answer is inside the workstation limitation that you can find on the following Veeam web page (Veeam Edition comparison).

https://lnx.gable.it/wp-content/uploads/2020/05/1-art3.jpg

It is clearly written that if you use the agent as a workstation, you can perform the second/third backup job just writing backup data to a Cloud repository?

Veeam Agent uses case summary:

Backup Type Managed by BCJ + Backup Job to + destinations 1+Backup CC VUL
Server VBR Y Y Y 1
Server Agent N Y Y 1
Workstation Agent              Y                (immediate copy) N Y 1/3

 

1+ Backup 1+Backup CC VUL
Server Y Y 1
Workstation N Y 1/3

I hope the article series will help to set up correctly your environment.

Take care

Posted on

Unifi USG – VLAN and Routing Configuration

INTRODUCTION:

A virtual LAN (vLAN) is any broadcast domain that is partitioned and isolated in a computer network at the data link layer (OSI layer 2) (wikipedia)

vLANs works by applying tags to network frames and handling these tags in networking systems.

——

I love how USG has faced up the vLAN challenge.

Their starting point is working with vLAN as if it were a layer 3 object and not layer 2 of the OSI model.

The idea behind USG is thinking vLAN is a new LAN with a different IP Address”.  Are you a little bit confused? Yes? I also was at the beginning but now I’m enthusiastic of this new approach.

Let’s explain better with an example directly from my Lab Network.

In my Environment I needed to create 2 vLAN. The first one to address the iSCSI protocol and the second to manage the Backup traffic.

I chose #40 to point up iSCSI vLAN and #50 the Backup.

I went directly to USG user interface and created the vLANs from Network menu  as shown in figure 1, 2 and 3

Figure 1

Figure 2

Figure 3

The next step is enabling routing between the new networks and the original  LAN.

The task is performing selecting Switch ports from Profiles Menu.

As shown on figure 4 I set up  an easy rule to let the networks talk to “each other”. In this case LAN to iSCSI as Figure 4

Figure 4

Now the last step. Enabling traffic from and to the Networks. In a simple word I worked at Firewall level.

I spent some hours to understand the options the USG can offer to their customers because it’s possible to set up many rules to manage traffic among LAN (LAN-IN and OUT), WAN (WAN-IN and OUT), GUEST (IN and OUT) and LOCAL (WAN/LAN/GUEST)

Really many many options but with a little patience, you can tune your networks answering to any security design.

In this example, I just created rules to manage the traffic LAN IN (FIGURE 5 and 6)

https://lnx.gable.it/wp-content/uploads/2020/05/4-vlan.jpg

FIGURE 5

FIGURE 6

Before ending this article two more notes:

If you want to grant the Servers connected to LAN to surf on Internet,  you just  need to set up a LAN-IN and a LAN-OUT rule.

To work with vLAN you need to buy an Ethernet Switch vLAN compliant

Posted on

Unifi USG – Setup and configuration

Last device I added to my lab is the Ubiquity Unify Security Gateway (from now on USG)

I need it because I have to work with a great number of vLAN in my demo lab.

Let’s see what I learned in the last test weeks and how I set it up to address my needs.

The hardware installation is quite easy. After unpacking the box you just need to plug-in the power supply and two ethernet cables, the first one on LAN Port and the second to WAN port.

The USG setup is composed of 5 configuration phases

  1. LAN / WAN
  2. Unifi-Controller
  3. VPN
  4. VLAN
  5. Routing

In this first article, we are going to cover the three first phases.

I – LAN /WAN Configuration

  1. On your PC set up the Ethernet IP Address as 192.168.1.x/24 and plug the LAN cable. Now ping the 192.168.1.1 address to be sure you can reach the USG. Open a Browser and  you’ll be able to configure LAN and WAN interfaces from 192.168.1.1 address.

Figure 1

My personal router works on 192.168.18.x while I choose to set up the LAN on 192.168.16.x address

After “applying the changes”, you have to re-change the IP address of your PC to a LAN address (192.168.16.99 for example) and test the USG answer to ping.

II Unify Controller

After creating an account on the Ubiquity site (https://account.ui.com/register), download and install the Unifi Controller (https://www.ui.com/download/unifi-switching-routing) on your local PC.

Let’s see the most important steps on the wizard:

Click on “Launch a Browser to manage the network” button (Figure 2)

Figure 2

Log-in to Ubiquiti account

Figure 3

Checking if the USG device is properly discovered

Figure 4

After the wizard has been completed you can start to play with the friendly user interface. Figure 5 and 6 show the USG Device status (the fourth icons on the left panel (device))

Figure 5

Figure 6

III VPN Creation

The Wizard consists in:

  1. Creating a new Network (Figure 6) selecting the options “Remote user VPN” and L2PT server. On Radius menu you must add a new profile as shown in (Figure 7)

Figure 6

Figure 7

2) Enable Radius Server as shown in figure 8

Figure 8

Now you can set on your windows/linux/mac/android device the VPN connection and test it

Before ending the article two more notes.

  1. If you see the provisioning entry on the web interface, it means USG is loading and saving the new configuration.
  2. You can have all detail about USG products at the following internet address:  https://www.ui.com/unifi-routing/usg/
Posted on

Object Storage & VBR integration

This is the second article and we are going to discover how to integrate Wasabi with Veeam.

If you want to know how to configure Wasabi, please refer to my previous article (Wasabi configuration)

The two steps we’re going to follow are:

  1. Adding Wasabi Repository
  2. Creating SOBR

Let’s start

Figure 1,2,3,4 are images showing the wizard:

Figure 1

Figure 2

Figure 3

Figure 4

In figure 4 you can find two interesting options

The first sets the software capacity limit for the object storage. This check is performed at the beginning of the job not when it is running.

To use Object Storage you need to create a Scale-Out Backup Repository (from now SOBR) that is composed of 2 different physical items.

The first one is called performance tier and it could be any classical Veeam Repository like Server, Network share, Deduplication appliances.

The second is the object storage we have already configurated.

A good suggestion: try to use a repository with good reading performances. In this way, you avoid having a bad performance of offload to Object Storage.

5 pics to understand how to easily configure the SOBR

Figure 5

Figure 6

Figure 7

Figure 8

Figure 9

Some good points to remember:

As you can see from picture 9 there are different options.
Move and copy seem to do the same work but it is not.

The move is the option (already available with version 9.5u4) to empty the Repository. The idea is to have an on-premises repository without any capacity limit (because blocks are moved to Object Storage)

On the other hand, the copy mode is a way to have the same Data in both repositories.

You can add both the two options to gain all the advantages of the integration.

Their main difference is when you need to perform a restore in the unlucky case you lose VBR (Veeam Backup & Replication).

Why?

If you select the move option you have to rebuild SOBR.

If you select the copy option you just need to add the Object storage, importing the bucket and start the restoration tasks.

you can find all detail here