NAS Backup – GFS to TAPE – Part II

In the previous article, we saw how to operate on backup jobs to obtain Fulls that can be used to create a GFS retention policy when the destination of the jobs is a tape.

In this second article, we find out how a similar result can be achieved by copying tapes.

Note1: A second tape library must be present in the DataCenter to pursue this protection process.

Note2: The most common use case for Copy-Tape is to migrate data contained on tapes from an old technology (LT06) to a new one (LTO9), since the new technology would not be able to natively read the data contained on the old tapes.

There are two steps that will enable us to achieve our goal:

  • Step 1: Creation of a tape pool afferent to the second library.
  • Step 2: Tape copy job.

Stage 1

The creation of the Media Pool (image 1), will need to be customized by setting:

    • The use of a new tape for each copy session (image 2).
    • Setting a retention that for that tape group coincides with that required by the GFS policy (image 3).

Picture 1

picture 2

Picture 3

Note3: A 4-week retention was set in Image 3, which addresses the need to keep the full weekly for 1 month.

Note4: Image 4 highlights the possibility of implementing a Vault policy for tape storage.

Picture 4

PHASE 2

From the VBR GUI by selecting the tape to be copied with the right mouse button (image 5), the copy command can be initiated.

Picture 5

The simple next steps shown by images 6,7,8 and 9 show how to complete the copying operation.

Picture 6

Picture 7

Image 8

Image 9

Latest notes:

  • Documentation to refer to in order to know how many resources it is essential to allocate to the various components is available at the following link.
  • Automation of copying can be done through scripts in powershell.
  • Copy to Tape does not consume capacitive licensing but refer to the following link, Capacity Licensing item to know all the details.

NAS Backup – GFS to TAPE – Part II

In the previous article, we saw how to operate on backup jobs to obtain Fulls that can be used to create a GFS retention policy when the destination of the jobs is a tape.

In this second article, we find out how a similar result can be achieved by copying tapes.

Note1: A second tape library must be present in the DataCenter to pursue this protection process.

Note2: The most common use case for Copy-Tape is to migrate data contained on tapes from an old technology (LT06) to a new one (LTO9), since the new technology would not be able to natively read the data contained on the old tapes.

There are two steps that will enable us to achieve our goal:

  • Step 1: Creation of a tape pool afferent to the second library.
  • Step 2: Tape copy job.

Stage 1

The creation of the Media Pool (image 1), will need to be customized by setting:

    • The use of a new tape for each copy session (image 2).
    • Setting a retention that for that tape group coincides with that required by the GFS policy (image 3).

Picture 1

picture 2

Picture 3

Note3: A 4-week retention was set in Image 3, which addresses the need to keep the full weekly for 1 month.

Note4: Image 4 highlights the possibility of implementing a Vault policy for tape storage.

Picture 4

PHASE 2

From the VBR GUI by selecting the tape to be copied with the right mouse button (image 5), the copy command can be initiated.

Picture 5

The simple next steps shown by images 6,7,8 and 9 show how to complete the copying operation.

Picture 6

Picture 7

Image 8

Image 9

Latest notes:

  • Documentation to refer to in order to know how many resources it is essential to allocate to the various components is available at the following link.
  • Automation of copying can be done through scripts in powershell.
  • Copy to Tape does not consume capacitive licensing but refer to the following link, Capacity Licensing item to know all the details.

Veeam Backup for Salesforce – OS update

My lab has an Ubuntu 22.04.4 LTS server on which Veeam’s Salesforce environment protection software (Veeam Backup for Salesforce) is installed.

During the monthly operation of updating the operating system, some errors appeared that did not allow me to complete the operation.

The ‘output of the “sudo apt update” command, showed three errors highlighted in image 1 with the blue, green, and red arrows.

Picture 1

1. The first, (blue arrow) indicated that the digital signature linked to the Veeam repository (“https://repository.veeam.com/apt stable/amd64/ In Release”) was no longer valid.

2. The second (green arrow) indicated that the digital signature had also expired for the Ubuntu-security site (“http://security.ubuntu.com/ubuntu bionic-security InRelease”).

3. The third error (actually a warning, red arrow), indicated that the key management methodology named“apt-key” is deprecated recommending the ‘use of a more secure method named “trusted.gpg.d”.

Browsing the Internet, I found the solutions that met my needs:

1. The KB2654 on the Veeam website shows how to import a new key. The only real caution is to run the command as the root user (see image 2).

picture 2

2. As shown in ‘image 3, simply request a key update by entering the required identifier at the end of the command in the output of image 1 (green arrow).

image 3

Note 1: apt-key is a comado used to manage a gpg key fob for secure apt. The keychain is stored in the file ‘/etc/apt/trusted.gpg’ (not to be confused with the related but not very interesting /etc/apt/trustdb.gpg). The command apt-key can display the keys in the keyring and add or remove keys.

3. The last line of image 4 shows the command that addresses the security warning. It involves copying the keychain (trusted.gpg) inside the trusted.gpg.d folder.

Picture 4

In the article“Handeling the apt-key deprecation” you will find all the details that illustrate the security benefits of the new approach.

Note 2: Veeam Backup for Salesforce has its own mechanism for checking for new product versions and updates.

The same mechanism later allows the necessary software packages to be downloaded and installed.

I remember that these are product updates, not operating system updates.

Enterprise Manager – Delegation of Restores

An article devoted to how you can delegate restores with Veeam Backup & Replication (VBR).

The case study is related to the protection of files in shared folders, but can be extended to many of the objects protected with VBR. (see image 7)

  1. Image 1 shows the three shared network folders (SHARE-A, SHARE-B, SHARE-C) that are used as the source of the files to be protected.

share-sourcePicture 1

In the scenario, it is assumed that for each individual shared folder, only a specific user can proceed with the recovery tasks.

  1. Image 2 highlights the creation of three Domain users, ShareA, ShareB, ShareC.

users-ADpicture 2

Files pertaining to a specific shared folder will be restorable by the user with the identical ending letter in the name. For example, files pertaining to SHARE-A will be restorable by the ShareA user.

(
Editor’s note: For simplicity of exposition, the letter X will replace one of the three letters of the alphabet A-B-C)

  1. A Backup job named “BkF-Share-X” was created for each shared folder.

Image 3 shows that the “BKF-Share-A” job (orange arrow) protects the entire SHARE-A (Blue arrow).

Picture 3

  1. Image 4 highlights the “configuration” menu from the Enterprise Manager.

Administration credentials are required at this configuration stage.

Picture 4

  1. From the submenu
    role
    (image 5 – orange arrow) the three previously created users (ShareX) are added (green arrow) and assigned the role of Restore Operator (blue arrow).

rolePicture 5

  1. Image 6 shows the delegation options.

The ShareA user (green arrow) is assigned the ability to restore all VBR-protected objects via the “Choose” button (orange arrow); in the restore options, only in-place restoration can be allowed (blue arrow).

The next images (7-8) show how to make the choice of objects to be displayed during the restoration delegation operations.

role-1Picture 6

scopeimage 7

role-2Image 8

  1. Image 9 illustrates and confirms that when logged in from the Enterprise Manager with ShareX user credentials (Blue arrow), only files in the corresponding shared folder (orange arrow) are visible and restorable.

ProxyImage 9

Final Note:

Enterprise Manager – Delegation of Restores

An article devoted to how you can delegate restores with Veeam Backup & Replication (VBR).

The case study is related to the protection of files in shared folders, but can be extended to many of the objects protected with VBR. (see image 7)

  1. Image 1 shows the three shared network folders (SHARE-A, SHARE-B, SHARE-C) that are used as the source of the files to be protected.

share-sourcePicture 1

In the scenario, it is assumed that for each individual shared folder, only a specific user can proceed with the recovery tasks.

  1. Image 2 highlights the creation of three Domain users, ShareA, ShareB, ShareC.

users-ADpicture 2

Files pertaining to a specific shared folder will be restorable by the user with the identical ending letter in the name. For example, files pertaining to SHARE-A will be restorable by the ShareA user.

(
Editor’s note: For simplicity of exposition, the letter X will replace one of the three letters of the alphabet A-B-C)

  1. A Backup job named “BkF-Share-X” was created for each shared folder.

Image 3 shows that the “BKF-Share-A” job (orange arrow) protects the entire SHARE-A (Blue arrow).

Picture 3

  1. Image 4 highlights the “configuration” menu from the Enterprise Manager.

Administration credentials are required at this configuration stage.

Picture 4

  1. From the submenu
    role
    (image 5 – orange arrow) the three previously created users (ShareX) are added (green arrow) and assigned the role of Restore Operator (blue arrow).

rolePicture 5

  1. Image 6 shows the delegation options.

The ShareA user (green arrow) is assigned the ability to restore all VBR-protected objects via the “Choose” button (orange arrow); in the restore options, only in-place restoration can be allowed (blue arrow).

The next images (7-8) show how to make the choice of objects to be displayed during the restoration delegation operations.

role-1Picture 6

scopeimage 7

role-2Image 8

  1. Image 9 illustrates and confirms that when logged in from the Enterprise Manager with ShareX user credentials (Blue arrow), only files in the corresponding shared folder (orange arrow) are visible and restorable.

ProxyImage 9

Final Note:

MySQL Backup and Veeam Backup & Replication – Part 1

This article will show you how to implement a data protection strategy in MySQL environments.

Let’s start with a consideration.

To create consistent backups from an application point of view, it is necessary that before the copy process is started, the application has written all the data in memory to disk ( flush ).

For example, Microsoft® applications use a technology called Shadow Copy which, through the coordination of VSS drivers , achieves application consistency.

A similar technology is not available on Linux and in addition MySQL does not support it in the Microsoft® environment.

How to remedy?

Through the creation of scripts that automate application consistency before starting the creation of the Snapshot .

Having understood this aspect, let’s return to the scope of the article, introducing the options available for MySQL .

Note 1 : Application consistency occurs before snapshot creation.

  • 1. Logical Backup : The script creates a file with the .sql extension which in case of restore allows the re-creation of the database and its data.

The file . sql is created through the native MySQL command ” mysqldump “ .

The advantages of logical backup can be summarized in:

  • There are no dependencies on third-party software.
  • Backups can be restored to other servers.
  • 2. Physical / Cold Backup : Cold copies of the DB files are created (for example: ibdata, .ibd, .frm, ib_logfile, my.cnf).

To be sure that the backups are made in ” application consistency ” mode, before taking the snapshot, it is essential to stop the MySQL services.

It is a backup strategy typically implemented in environments that do not require 24×7 operations.

Note 2 : The service is stopped only for the time necessary to create the snapshot and not for the entire duration of the backup.

  • 3. Physical / Hot Backup : If the InnoDB engine is running, the script allows the creation of consistent copies without stopping the services (using for example the command mysqlbackup component of the MySQL Enterprise suite ( MySQL Product) ).

Now that we know the scripting options available, let’s see how Veeam solutions can natively integrate with MySQL environments.

The first available option is the Veeam Agent for Linux ( VAL ) which automates the following four steps:

  1. Flush data from memory to disk (application consistency).
  2. Creation of the snasphot.
  3. Release of tables.
  4. Start the Backup process.

Note 3 : As indicated in the first part of the article, if the DB is of the MyISAM type, it is possible to backup with the blocking of all the tables.

The pre-requisites of the VAL are:

  • MySQL version is greater than or equal to 5.8.
  • The operating system is Linux.

Question: Is it possible to backup in Windows environments where the MySQL version is lower than version 5.8?

The answer is yes and the available scenarios are:

Logical Backup -> Hot-Backup Database Online Dump -> Mysqldump command.

Physical / Cold Backup –> Cold-Backup Database Shutdown -> Temporary stop of the Services.

Physical / Hot Backup –> Hot-Backup Database Freeze -> Native mysql commands.

Note4 : There is also the possibility of making Partial Backups . In this scenario, specific tables and databases are backed up. It is useful when different protection strategies have to be implemented on the same Server.

In the next article, we will find out how to create scripts and how to integrate them into Veeam Backup & Replication.