Common Veeam B&R Mistakes

Just a small write up regarding the some of the most common Veeam B&R mistakes that I’ve seen lately.

1.Backing up the Veeam B&R Server
It may come as a bit of shock but you shouldn’t actually back up the Veeam B&R server using a backup job in Veeam. In most cases, Veeam won’t be bothered by this but on occasion Veeam can experience the following symptoms.

  • Disconnection from the configuration database.
  • Disconnection from remote Veeam Backup & Replication agents.
  • Disconnection from network storages (for example, storages presented via iSCSI) and so on

This is caused by the freezing caused during snapshot creation and committing so instead, you should rely on Veeams built in ‘Configuration Backup’ function.

2.Veeam Configuration Backup not setup properly
This is by far the most common mistake but the easiest to fix. By default the Veeam B&R server will backup it’s configuration up at 10:00 AM every day to the default backup repository. Often I see this is left in its default state and the backup files are neither copied offsite or encrypted. Getting this configuration backup files offsite is simple and easy so in my mind, there is no reason not to do this.

  • If you have an offsite site you can configure a file copy job
  • If you are using tapes you can use the file to tape job
  • Alternatively, I’ve seen customers use dropbox or google drive to get the configuration backup files offsite.

Why do we care about getting the configuration file offsite? Well, partly because you should always use the configuration backup functionality to back up and restore the configuration of the Veeam B&R server. Secondly, its a lot faster to restore using the configuration backup compared to manually reconfiguring Veeam from scratch.

Enabling encryption for the backup configuration is also critical. If you don’t enable encryption for the Veeam configuration backup this means all those credentials used for the application aware processing will be lost in the event of restoring the configuration backup to a fresh Veeam B&R server. I’ve only migrated one Veeam B&R instances with no encryption for the configuration backup enabled, I learnt pretty quick to always enable it after spending hours reconfiguring it.

3. 1-Click Failover not setup properly

1-Click failover is an awesome feature that reduces the complexity of managing failovers. It’s basically a failover plan which handles the startup order, the delay between startups and automates the running of scripts in a single operation. You could initiate a failover plan using a mobile phone in bed at 3 o’clock in the morning without ever getting out of bed if you really wanted to.

So utilising 1-click failover plans through Veeam Enterprise Manager (VEM) during a disaster means VEM can’t be down. It’s important to note that we can initiate a failover plan through the Veeam B&R console without VEM and it’s really only a minor issue if VEM is offline but I’ve seen customers first hand specifically plan to use the web portal to start their failover plans. Well, that’s great except if VEM is running from the production site.

In this instance, it was managing/federated with the B&R server at DR which was handling the replication but in the event of a total production site loss, this customer would lose access to VEM and the web portal. Luckily it’s not a big deal since the customer could still access failover plans through the DR B&R server. At best a minor inconvenience which delays failover.

I’ve also seen lately customers with a limited budget having a single vCenter managing both production ESXi hosts and the hosts in DR. If Veeam is configured to replicate through the production vCenter to the managed DR ESXi hosts you are going to have a bad day during failover.In this scenario, you can either run up a second vCenter in DR, configure Veeam to replicate directly to a standalone host which introduces its own headaches (SureReplica) or plan to manually power on the vCenter replica first at DR. If your only vCenter at production is a physical server it might be time to consider virtualising it.

4. No Backup Verification

I usually don’t raise an eyebrow when customers choose not to test their replicas but not verifying your backups never has a valid excuse in my book. What’s the point of backing up if you don’t know that you can recover?

Now backups are the always the first thing that comes to my mind when disaster strikes and while it’s a good thing that Veeam replicas can still function as a kind of backup with their guest os file level restores and more but their recovery points are much more limited. I like to consider backups are all about RPOs and retention while replicas are focused on RTOs, Instant VM Recovery tends to blur the lines a bit, though.

If you don’t have the correct licensing for SureBackup, it doesn’t matter. Run up an Instant VMRecovery and test in an isolated network.

What about just using SureReplica but no SureBackup, well I certainly would feel more comfortable knowing I could at least restore recent copies of data from the replica but anything outside of the replica restore points retention will be an unknown regarding recoverability.

6. MS Dedup Backup Repository setup incorrectly

Microsoft DeDupe can be a great for reducing the size of your backup files in the backup repository. Unfortunately, there are few key settings that need to be set at the time of the volume creation as it’s not possible to apply the settings after the volume is created.

For a better explanation of how DeDupe should be configured, check out this awesome article over at kool-aid

http://www.koolaid.info/windows-server-deduplication-veeam-repositories/

Other worthy contenders would be

  • Not excluding Veeam from the A/V
  • Job Chaining instead of scheduling
  • Not following the 3-2-1 backup rule
  • Not using vSphere Tags
  • Backup Jobs using guest indexing when you aren’t not using 1-click restores.

Thank you Veeam – Veeam Vanguard

Early last week I received news from Rick Vanover @ Veeam that I have been selected for the Veeam Vanguard Program. As a Veeam enthusiast, there is no better thing than becoming a Vanguard. Wow what an honour!

For those who are unaware of the Veeam Vanguard program, it’s awarded to members of the Veeam community to show Veeams support and appreciation for past deeds. There are a couple benefits of becoming a Vanguard including access to roadmaps, betas, free keys, awesome swag and access to those in the know at Veeam (I’m just curious to know if we get a bat phone to Anton Gostev (I wish)) just to name a few.  What I’m really looking forward to though is learning more about this awesome program and meeting other Vanguards who share my passion for Veeam.

If you happen to read my blog or know me personally, you may be aware that I tend to champion Veeam a lot. I try and help the community whether it’s writing about errors I fixed in Veeam or the unofficial VMCE practice exam. Whether it’s just a small thank you on twitter, an appreciative comment on a post or being selected for a global program, it really fuels my fire to keeping creating, sharing and interacting to help the community more. So thank you Veeam,  thank you for making such an awesome product to work with, thank you for showing support and a big thank you for recognising members of the Veeam community.

Error: Restore job failed Error: NFS status code: 30

I recently saw the below error occurring for a customer attempting to restore a backup from their NetApp SAN using Direct NFS Access. Backups using Direct NFS access were performing without issue but the restores would only successfully complete if the proxy could use the network mode (NBD).

“Restore job failed Error: NFS status code: 30
Read-only file system.
Cannot get count from WRITE3res.
Failed to download disk.
Agent failed to process method {DataTransfer.SyncDisk}.”

Direct NFS Access Error

Turns out the backup proxy was only configured with read permission not read/write.

According to the Veeam User Guide the backup proxy must have ReadOnly/Write permissions and root access to the NFS datastore.

Using Per-VM Backup Files and Deduplication

Just a quick tip regarding ‘per-vm backup files’

If your backup repository is configured with VM backup files, deduplication is only available within a single VM backup chain.
If your backup repository is not configured to use per VM backup files, deduplication across all VMs within a single job is available.

Post-Migration to Veeam – Considerations for your Legacy Backup Solution

I’ve completed my fair share of Veeam deployments in environments where there is an existing backup solution.
The question that comes up the most is, what do I do with my legacy backup data?

Well, here are my thoughts around best practices for this situation.

Option 1 Perform restores of protected data using the legacy backup software for selected restore points to a staging area, once Veeam has re-protected the VMs the legacy backup solution can be retired. VeeamZip is a great option here.

Pros

  • Removal of the legacy backup solution

Cons

  • Time-consuming if re-protecting a large amount of VM data
  • Very time-consuming if restoring from tape
  • Can be complicated if dealing with large amount of restore points & VMs
  • Requires a staging area to restore the VMs to

Thoughts: I see this option used when it’s not possible for the legacy backup data to be simply left to expire. Perhaps the retention period is too great or restore requests are frequent from legacy restore points.  This method is not very common requires as it requires a lot of time and resources to reprotect the restored data in Veeam.

Currently there is no Veeam migration tool to migrate legacy restore points to Veeam automagically.

Option 2 Suspend existing backup solution and maintain existing legacy backup data in the event of a restore being required before Veeam was implemented. Any backup data that expires/passes their retention period can be deleted to reclaim space.

Pros

  • Less work and much easier

Cons

  • Existing backup solution is taking up resources, if installed on a physical server then it is taking up space, if it’s powered on then cooling & power costs. If it’s a virtual machine it is taking up disk space on your production storage.

Thoughts: This is the most common option taken in my experience, any legacy licenses aren’t renewed and the the legacy backup data is left to expire.

Poor Performance & Power Management on VMware

Poor performance experienced by your VMs may be related to processor power management implemented either by ESXi/ESX or by the server hardware.

One real world case I recently encountered with a customer involved VMware Horizon View and large delays experienced by their end users. Applications took unusually long times to open and general performance was quite bad. This was quite apparent when comparing the same applications on a thick client to running it on a virtual desktop.

After running through the usual checks consisting of VMware Health Analyzer, checking for over-subscription and over-utilisation there were no red herrings immediately apparent. What we did discover though (which is detailed in ‘Best Practices for Performance Tuning of Latency-Sensitive Workloads in vSphere VMs’) involved changing a BIOS setting on all of the ESXi hosts. Specifically the setting for power management on the ESXi HP Hosts to “Static High”, that is, no OS-controlled power management.

While we are working through the other recommendations provided in the VMware Health Analyzer report and have already made some changes to the configuration, nothing has resulted in a noticeable improvement with the exception of the power management setting. The customer has reported that after changing this particular power setting it has provided the most significant improvement in performance of anything previously attempted (hardware and software).

 

Progress Controller: [VCSA ERROR] – Progress callback error

Deploying vCenter Server Appliance 6.0 and run into this beauty,

‘Progress Controller: [VCSA ERROR] – Progress callback error’

Turns out the vCenter Server Appliance installer will fail if more than one DNS server is provided. Fantastic…

To workaround, provide one DNS server IP during the installation wizard. Once the VCSA is installed and running you can then provide the secondary DNS IP.

Veeam Backup & Replication 9.0 Update 2 Released

Just a quick post to detail the new Veeam B&R v9 Update 2 that was released on the 5th of August.

As Gostev pointed out in his weekly digest,

“The main theme for this update is support for new platform support (for example CISCO HX, EMC Unity, vCloud Director 8.10), first wave of scalability enhancements (we’ve decided to backport a few isolated optimizations from 9.5) as well as bug fixes to address common support issues. ”

Couple important notes to point out are,

  • It is recommended to reboot the Veeam server and when the reboot is done, please stop all the Veeam jobs and services before applying the update.
  • After installing the update, during the first start of the Veeam Backup Service, required modifications will be made to the configuration database automatically to optimize its performance. These modifications may take up to 10 minutes to complete. Please do not reboot the Veeam server, or attempt to stop the service during this operation.
  • Please confirm you are running version 9.0.0.902 or 9.0.0.1491 prior to installing this update.

Release Notes

Please confirm you are running version 9.0.0.902 or 9.0.0.1491 prior to installing this update. You can check this under Help | About in Veeam Backup & Replication console. If you are using partner preview build 9.0.0.773, you must upgrade to GA build 9.0.0.902 first by installing Day 0 Update > KB2084

After upgrading, your build will be version 9.0.0.1715

Prior to installing this update please reboot the Veeam server to clear any locks on the Veeam services and when the reboot is done, please stop all the Veeam jobs and services before applying the update.

After installing the update, during the first start of the Veeam Backup Service, required modifications will be made to the configuration database automatically to optimize its performance. These modifications may take up to 10 minutes to complete. Please do not reboot the Veeam server, or attempt to stop the service during this operation. If there is concern regarding the time that the Veeam Backup Service takes to start after upgrade, please contact Veeam Customer Support.

Once Veeam Backup Service starts, please open the console and allow Veeam Backup & Replication to update its remote components.
Solution

As a result of on-going R&D effort and in response to customer feedback, Update 2 includes over 300 enhancements and bug fixes, the most significant of which are listed below:

New platform support

  • Cisco HyperFlex HX-Series support for Direct NFS backup mode.
  • EMC Unity support for Backup from Storage Snapshots and Veeam Explorer for Storage Snapshots functionality.
  • EMC Data Domain DD OS 5.7 support for DD Boost integration.
    ExaGrid 4.8.0.351.P28 is now the minimal ExaGrid firmware version supported.
  • NetApp Data ONTAP 8.3.2 support.
  • VMware vCloud Director 8.10 support.
  • VMware VSAN 6.2 support.

Engine

  • Backported a number of isolated Enterprise Scalability enhancements from 9.5 code branch to improve transaction log backup, tape backup and user interface performance.
  • Updated OpenSSH client to version 7.2 to enable out of the box support for modern Linux distributions.
  • Improved iSCSI target performance (iSCSI target is used to mount backup remotely in certain file-level and item-level recovery scenarios).
  • iSCSI mount operations are now retried automatically to workaround occasion “The device is not ready” errors which happen when mount operation takes too long. By default, the mount is retried 6 times every 10 seconds. To change the number of retries, create IscsiMountFsCheckRetriesCount (DWORD) registry value under HKLM\SOFTWARE\Veeam\Veeam Backup and Replication key on the backup server.

Backup Copy

  • To reduce backup server load, Backup Copy jobs targeting shared folder or deduplicating appliance backed repositories with the gateway server setting set to Automatic selection will now start data moves on the mount server associated with the backup repository (as opposed to the backup server). In cases when the mount server is unavailable, the data mover will be started on the backup server as before.
  • Backup Copy performance should now be more consistent due to preserving backup files cache when the job is switching to idle mode.
  • Minor reliability improvements in GFS full backup creation algorithm.

Microsoft Hyper-V

  • Find-VBRHvEntity cmdlet performance has been improved significantly when used against Hyper-V cluster.
  • Backup infrastructure resource scheduler should schedule Guest Interaction Proxy resource dramatically faster in large infrastructures (for example, 5 seconds instead of 15 minutes).

Microsoft SQL Server

  • Improved performance and reduced resource consumption of Microsoft SQL Server transaction log backups.

Microsoft Exchange

  • Added ability to force CAS server for Veeam Explorer for Microsoft Exchange (instead of automatically detecting one) via DefaultCASServer (DWORD) registry value under HKLM\SOFTWARE\Veeam\Veeam Backup and Replication key on the backup server.
  • Added ability to change the order of Exchange autodiscovery policies for Veeam Explorer for Exchange (support only setting).

Oracle

  • Added ability to restore Oracle databases while preserving certain parameters which are critical to RMAN in scenarios such as database name change via new parameter in PFileParameters.xml file of Veeam Explorer for Oracle.

Cloud Connect Replication

  • Support for Planned Failover functionality with cloud replicas. You can now perform planned failover to achieve zero data loss, for example when a natural disaster can be predicted in advance.

Veeam Cloud & Service Provider Partners

  • Update 2 introduces important changes and fixes around rental licensing, including a pilot functionality of usage reporting directly from the user interface. For additional information, as well as the list of other service provider specific enhancements and bug fixes included in this update, please refer to the issue tracking topic in the private VCSP forum. If you are VCSP but don’t have access, please apply to Cloud & Service Providers group using Veeam forum’s User Control Panel.

Veeam Agent for Linux Beta

Do you have any Linux machines that are not virtualised or Veeam cannot reach the hypervisors they run on even when they are virtualized, such as in public cloud environments?

Protecting these workloads can be difficult and cumbersome to manage, often you would need to rely on the public cloud providers backup solution (at additional cost of course) or use a traditional backup solution in lieu of Veeam. Well, that is all about to change with the new Veeam Agent for Linux which is now available in Beta.

Using the Veeam Agent for Linux allows us to backup Linux workloads even if they are physical servers or running on public cloud where traditionally the hypervisor is hidden away from Veeam.

What’s great about this product is that it’s completely free! This will enable users to finally get rid of those last few traditional backup licenses used to protect physical Linux workloads. So not only is the Veeam Agent for Linux free but it can also save you money!

Couple notes;

  • It is distributed as RPM and DEB packages.
  • It supports any Linux kernel from version 2.6.32 and above as long as you use the default kernel of your distribution, which means even old installations can be protected.
  • Both 32-bit and 64-bit kernels are supported.
  • Integrates with Veeam Backup & Replication to use existing backup repositories as target locations
  • Performs image-based backups from inside the linux guest, both at the file level and the volume level.

If you want to learn more, test it and contribute to improving it before version 1.0, sign up for the Public Beta here; https://go.veeam.com/linux