Search This Blog

Saturday, July 2, 2022

Note Taking : Veeam Backup for Google Cloud Best Practice

 This is note-taking for Veeam Backup for Google Cloud (GCP Best Practice)

1. Configure Role-Based Access Control (RBAC) to manage portal users

  • Portal Admin - full access (including configuration)
  • Portal Operator - access management/infrastructure only
  • Restore Operator - perform workload restore

2. Lower storage costs using archive class

  • minimum retention 365 days
  • automatic archiving to low-cost, long-term storage

3. Protect VB appliance with configuration backup

4. Monitoring Appliance Memory

  • overconsumption due to high usage.
  • Solution - reconfigure the appliance machine type to have more memory - n1 standard (4cpu, 15GB Memory)


Friday, July 1, 2022

Note Taking: Veeam v12 Enterprise Plug-In Enhancement

 This blog post is note-taking for Veeam v12 Enterprise Plug-in Enhancement

1. Central deployment and management for Veeam Plug-in for Oracle RMAN, SAP Hana and BR Tool (SAP on Oracle)

  • Plug-in deployment via protection group
    • same as Veeam agent deployment
  • Policy configuration - Backup Job
    • database
    • transaction log backup
    • compression
    • channel
    • scheduling

2. Veeam Plug-in for Microsoft SQL Server

  • DBA-driven native backup to Veeam Repository
  • Manual deployment to source SQL Server
  • Able to run the backup from SQL Management Studio
  • Backup data transfer to Veeam Repository
  • Can do configuration, backup & recovery from this plug-in
  • Supported environment
    • OS: Windows Server 2012 R2 onward
    • SQL : SQL 2014 SP3 - 2019 (x64 only)
    • Enterprise, Standard, Web, Developer
    • Cluster: Always on group including cluster less, Windows Server Failover Cluster with shared volume or shared disk

3. PostgreSQL backup and Restore

  • Agentless for Linux VM
  • Veeam Agent for Linux
  • Log shipping
  • Veeam Explorer for PostgreSQL

4. General improvement

  • Hardened Linux Repo Support
  • Kerberos support
  • ipv6 support
  • Certificate based authentication
  • Linux group enhancement for plug in configuration access control

Thursday, June 30, 2022

Note Taking : Veeam v12 NAS Enhancement

 This is a blog post on note-taking for Veeam V12 NAS Enhancement

1. Backup to object storage directly

2. NAS Backup - Copy mode

  • copy recent data to the archive repository

3. Immutability for NAS backup

4. Storage Integration - Nutanix Files support on Veeam

  • NAS Filer
  • Automated snapshot creation
  • Changed File Tracking

5. NAS to tape - File to Tape with new improved engine

  • NAS backup to tape does not support GFS
  • Tape job always writes latest restore point to tape

6. Instant File Share Restore

  1. SMB shares - no longer read only and can migrate to production
  2. NFS shares - can be published as read only SMB

7. Health Check available for NAS

8. Rotated Drives - with limitation

  • only for backup
  • Not for archive repository, backup copy


Wednesday, June 29, 2022

Note Taking : Veeam v12 Tape Enhancement

This is a blog post taking for Veeam v12 Tape Enhancement

LTO 9 Support

Tape Server on Linux

  • Not recommended running on hardened linux repository
  • Put on a separate Linux machine
  • Linux uses SCSI drivers used
  • Tested on IBM
  • Support x64 system only. Same as VBR repository/proxy in v12

New File to tape job

  • Require to license - VUL
  • 1 instance = 500GB
  • Allow to backup directly to tape using file to tape job
  • Better performance & optimization (parallel tape drive support, database optimization, backup and enumeration run at same time, asynchronous read)
  • Retain permission like NAS Backup
  • Cross ACL restore is not supported (Windows to Windows/Linux to Linux)
  • Path exclusion supported
  • Console display for file to tape job (file share). Able to restore file to tape job
  • V12 last backup time is stored in UTC format

NAS Backup to Tape

  • Avoid load on production NAS storage
  • Fulfill 3-2-1
  • Source -> NAS backup to Disk -> File to Tape
  • NAS backup/and or NAS backup copy as source
  • Tape job always writes latest restore point to tape
  • NAS backup to tape does not support GFS
  • A periodic full backup is available for file to tape/NAS to tape
  • Files are store in native format. Restore files as files
  • Does not consume license for NAS to tape

Other tape enhancement

  • Support backup object storage to tape
  • Daily GFS & Monthly media set
  • Display current activity on tape drives
  • Eject after inventory or catalog
  • Audit for tapes
    • Windows event
    • File from tape restore audit
      • General options > security > audit logs location
      • Default to C:\ProgramData\Veeam\Backup\Audit

Tuesday, June 28, 2022

Note Taking: Veeam v12 Security Enhancement

This is a blog post on note-taking for Veeam V12 Security Enhancement

Your responsibility

1. Secure your infrastructure

2. Secure your data

3. Secure your session

4. Secure your application

5. Secure your visibility

Base security

  • Support ipv6
  • All supported except
    • Veeam Backup for Nutanix and RHEV
    • Plug in for AWS, Azure and GCP
    • Unmanaged Veeam Agent
  • Kasten - not tested

Data Security

  • Any repository with immutability
  • Hardened repository
  • Object lock for object storage
  • Storeonce catalyst
  • Primary Backup and archive
  • NAS backup immutability
  • Enterprise Plug-in backup immutability

Authentication

  • Group managed service account for Application-Aware Image processing
  • Backup Server does not store password 
  • Backup Server gets password on-demand from Active Directory
  • Recovery Token for bare metal recovery on Veeam Agent

Application Security (Session)

  • MFA for Veeam Console
  • Auto Log off after X minutes

Visibility

  • Classified data marking- by use tag/label. Required for security certification.
  • New column in inventory: last backup. To identify who perform the action 

Security update subscription

  • https://veeam.com/knowledge-base.html
  • Select security advisory
  • Enter your email address