I have previously done a post on setting up Veeam Backup and Replication 9.5 Community edition but I wanted to write what was involved in doing a fully fledged enterprise configuration in accordance with Veeam best practices. Below I walk through all the necessary steps to get Veeam up and running and also explain any other configuration necessary for equipment and applications involved.
Backup Infrastructure
G Datacenter
Veeam Server VM specs:
| Name | CPU | Memory | Hard Disk | NIC 1Gb | NIC 10Gb |
| veeamd202 | 16 Cores | 64GB | 60GB | x3 | x2 |
Physical Backup Storage:
| Name | CPU | Memory | NIC 1Gb | NIC 10Gb |
| gqnap01 | Intel® Xeon® D-1531 6-core 2.2 GHz | 32GB | x4 | x2 |
W Datacenter
Veeam Server VM specs:
| Name | CPU | Memory | Hard Disk | NIC 1Gb | NIC 10Gb |
| veeamd101 | 16 Cores | 64GB | 60GB | x3 | x2 |
Physical Backup Storage:
| Name | CPU | Memory | NIC 1Gb | NIC 10Gb |
| sqnap01 | Intel® Xeon® D-1531 6-core 2.2 GHz | 32GB | x4 | x2 |
Licences:
| Name | Qty |
| Veeam Availability Suite Enterprise Plus | 20 Sockets |
Network Configuration
Overview
As this is an enterprise setup there are two datacenters involved. The diagram below explains what I had initially designed with the help of some Veeam engineers. Please see here if you use QNAP backup storage and need to setup multipath MPIO access to the backup device.
When a backup is initiated the process is as follows:
1. User initiates backup using Veeam
2. Veeam contacts vCenter over the 1Gb link to create a VM snapshot. This snapshot is not used it is to prepare the machine for backup using storage snapshots
3. Veeam contacts the NetApp FAS SAN over the 1Gb link to create a storage snapshot.
4. Veeam enumerates all of the VMs in the backup job and proceeds to back them up. Data flows from NetApp FAS – Veeam Backup Server – QNAP NAS which is 10Gb end to end.
5. Backup is complete so storage snapshots and VMware snapshots are deleted
6. Backup data is replicated over to the opposing datacenter.
vCenter configuration
Each host in the cluster has a 10Gb adapter for storage traffic
It also has x2 1Gb adapters for all other traffic
Multipath access to SAN and QNAP for Veeam
Each host already has multipath access to the NetApp SAN. Hosts are connected to the SANs using Cisco Nexus 10Gb switches. For the purpose of the Veeam backups I created a new vSwitch on each host
Each physical HPE ProLiant DL360 G10 host has a x4 port 10Gb NIC.
In VMware these are shown as vmnic4, vmnic5, vmnic6, vmnic7.
vmnic6 and vmnic7 are reserved for the connection to the QNAP backup storage. vmnic4 and vmnic 5 area already in use for multipath access to the SAN.
Path A
The Cisco Nexus switch port that the ESXi host port 6 is connected to is allowed access to the below VLANs. This is configured on physical switch 1.
20 iSCSI A storage network (NetApp SAN path 1)
22 Storage vmotion
50 QNAP storage traffic
The new Veeam vSwitch is configured with the below port groups. Only NIC 6 is active on this port group all others are disabled.
Veeam_Backup VLAN50
ISCSI A_Veeam VLAN20
ISCSI vmotion VLAN22
The QNAP NAS has a 10Gb NIC with ports 1 and 2.
The Cisco Nexus switch port that QNAP port 1 connects to is allowed access to the following VLANS:
50 QNAP storage traffic
Path B
The Cisco Nexus switch port that the ESXi host port 7 is connected to is allowed access to the below VLANs. This is configured on physical switch 2.
21 iSCSI B storage network (NetApp SAN path 2)
22 Storage vmotion
60 QNAP storage traffic
The new Veeam vSwitch is configured with the below port groups. Only NIC 7 is active on this port group all others are disabled.
Veeam_Backup VLAN60
ISCSI B_Veeam VLAN21
ISCSI vmotion VLAN22
The Cisco Nexus switch port that QNAP port 2 connects to is allowed access to the following VLANS:
60 QNAP storage traffic
QNAP
The QNAP NAS has x1 inbuilt 1Gb adapter and 1x 10Gb adapter.
Ethernet 1 is configured as the management interface and as such sits on the management VLAN/Subnet.
Ethernet 7-8 appear as the 10Gb ethernet NICs. In this case each is configured with its own IP and the MTU is set to 9000.
Ethernet 7 is set to VLAN 50
Ethernet 8 is set to VLAN 60
The default gateway should use the settings from Ethernet 1.
Configure the DNS server settings:
QNAP Backup Storage
The model used in both datacenters is a QNAP TES-3085U. They are filled with x24 Seagate ST5000LM000-2AN170 disks.
The QNAP NAS in G datacenter has x2 Storage Pools configured as below. The Storage Pool used for Veeam Backup and Replication is the VeeamBackupRepo pool which is 76.40TB in size.
If you need to create a new Storage Pool go to the Storage Manager>Click Storage Space and click Create and click New Storage Pool as below.
You then need to select how many disks you want to assign and choose a RAID level
We are using RAID6 and 5TB disks in the demonstration
Remove the reserved snapshot space and then click Create when ready
Once the storage space is created you need to create an iSCSI Target with a mapped LUN. Below you can see the current one.
To create a new one open the Storage Manager and click iSCSI Storage. Then click Create and select iSCSI Target with a mapped LUN and click Next
Give the target a name and Alias then click Next
Don’t enable CHAP authentication
Select the Portal Setting to be the interfaces on the storage network. You will need a separate mapped iSCSI LUN for each of the NICs ethernet 7 and ethernet 8.
Enable host access for the Veeam VM (click create host to add a new host)
Give the LUN a name then enable Instant Allocation, choose a storage group (LUN Location), choose a size, change performance profiling to customised 64k and disable compression. Then click Next and Next again.
The LUN is now ready to be accessed from the hosts.
The Volumes/LUNS are configured as below.
| G datacenter | ||
| Storage Pool Name | Capacity | RAID |
| VeeamBackupRepo | 76.40TB | 6 |
| iSCSI LUN Name | Capacity | |
| VeeamBackupRepo_0 | 74TB | |
| W datacenter | ||
| Storage Pool Name | Capacity | 6 |
| VeeamBackupRepo | 91.17TB | 6 |
| iSCSI LUN Name | Capacity | |
| VeeamBackupRepo_0 | 88.3TB |
The QNAP LUNs are connected to the Veeam Backup & Replication servers using the Microsoft iSCSI initiator. To connect a LUN open the iSCSI initiator by clicking Start>Run and type iscsicpl.exe
Type in the IP address of the QNAP portal (as configured earlier) in the Target box then click Quick Connect. Select the Discovered Target and then click Connect.
You should then see you connected targets
Once this is done you can open Windows disk management (Start>Run diskmgmt.msc) and configure the disk. For Veeam we need to configure the disk with 64k block size and format with ReFS
Veeam Backup Strategy
Goals
The main goals for the implementation of the Veeam backup were:
1. Fast 10Gb backups and restores
2. Backup all VMs in important VM folders within VMWare
3. Keep as much data on disk to be restored at 10Gb as possible
4. Keep 1 year of archived data on disk
5. Replicate the entire datacenter backup to the opposing datacenter (for use in the case of a complete datacenter loss)
The main aims for the backup strategy were to have:
1. A weekly full backup of all VMs and the file server
2. A daily incremental backup of all VMs and the file server
3. A job that copies these full backups and their daily increments to the opposing datacenter
4. A monthly job that keeps a full backup as an archive and to retain this on disk for a year
5. Move off any backups older than a year to slower more permanent storage (AWS/Azure)
Veeam Backup Repositories
This step assumes that Veeam has been installed and is ready to be configured.
The first stage in configuring Veeam is to create your backup repositories. Open the Veeam console and click Backup Infrastructure> Backup Repositories. You should see all your current configured repositories. A backup repository is basically a location that you intend to store your backup data in.
To create a new Backup Repository right click on Backup Repositories and click Add Backup Repository
We are using an iSCSI disk connected to the QNAP so select Direct attached storage
Select Microsoft Windows, note that the disk should be formatted with ReFS
Give the repository a name and click Next
Choose the repository server you want to use
Enter the path where the backup files will be stored and leave the maximum concurrent tasks 4. The path should be 64k block size formatted with ReFS, then click Advanced
Select Align backup file data blocks and click Next
Leave the below settings as the defaults and click Next
Click Next and then Finish
Veeam configuration backups
Veeam backs up the Veeam backup and replication server settings daily. The backups are stored offsite in the opposing datacenter. The reason for this is that if we have a site failure and need to recover the VMs we can quickly have a Veeam server up and running ready to restore.
To configure the backup job click the Veeam settings button and then click Configuration Backup
Configure the backup repository as the repository in the opposing datacenter. Enable backup file encryption and select the existing password.
Protection groups for physical servers
In order to backup a group of physical machines you need to create a protection group. To do this go to Inventory> Physical & Cloud Infrastructure> Create Protection Group
Give the Protection group a name and click Next
Select the type as Individual Computers then click Next
Click Add then type in the IP address of the physical machine that you want to backup. Select the Credentials as the Windows admin credentials you setup earlier then click Next
Select a time that Veeam should scan for any additions to the protection group (i.e. you add more physical servers). Then check Install backup agent automatically and to auto-update the agent. Hen click Next, Next and Finish. The agent will then be installed on the physical server. This will require a reboot of the physical server.
Manage Veeam credentials
In order for Veeam to connect to interact with the various systems it backs up and to make sure they are in the correct state for the back some credentials are needed.
I needed to add credentials for the following systems:
- Local Veeam account
- vSphere administrator
- AWS SES (or whatever email system you use)
- NetApp storage system
To create a new credential click Add then choose the account type. You can then fill in the details as necessary.
Veeam API connection to SAN storage
We can create a connection between a SAN and the Veeam server so that Veeam can backup VMs directly from storage snapshots.
To create a new connection click Storage Infrastructure then Add Storage.
Choose your SAN storage system
We use NetApp Data ONTAP so selected that
Enter the IP of the SAN and click next
Select the SAN credentials and click Next
Accept the certificate alert
Specify how the storage can be accessed by Veeam. We select iSCSI only, then click Next and Finish.
Connect Veeam to VMware vCenter
To connect Veeam with vCenter click Backup Infrastructure> VMware vSphere then right click in the VMware vSphere window and click Add Server.
Enter the IP address of your vCenter server
Select the credential for vCenter that you entered earlier, then click Next
Accept the certificate alert by clicking Continue, then click Next and Finish.
Create an encryption password
It is a requirement that all backup files be encrypted. To do this click the Veeam options menu and click Manage Passwords.
Once you have done this click Add and enter a strong password. This is now ready to be used in your backup jobs
Veeam backup jobs
Virtual machines
After you have your backup repositories configured you can create a backup job. To do this click home and then click Backup. Then right click in the backup window and click Backup> Virtual machine
Give the backup job a name and click Next
Click Add to select what you want to backup. We keep all of our VMs inside of categorised folders so we just need to select a folder in order to backup all the VMs inside it.
Click Exclusions to add any VMs that you do not want to be backed up within the folder. Then click Next.
Leave the Backup proxy as the Automatic selection. Change the Backup repository to one of the repositories that you have created, this will dictate where the backup data is stored. Choose how many restore points you want to keep then click Advanced. A restore point is simply a backup job – so if you have one full backup on a Saturday and then incrementals for the rest of the week you will have 7 restore points.
Select the Backup tab then Incremental backups and check Create synthetic full backups periodically – then choose the day that you want the synthetic backups created. Synthetic backups are full backups that are created using the existing incremental backups. It basically saves you having to run a separate full backup after a week of incrementals. You do not need to run full backups and synthetic full backups.
Select the storage tab and select the data reduction options as below. Select the Compression Level as Extreme and select Enable backup file encryption using the password that you created earlier.
Select the vSphere tab and select the below Changed block tracking options
Select Integration and check Enable backup from storage snapshots. This enables Veeam to use the API connection to the NetApp SAN to back it up using storage snapshots over the 10Gb network. Click Ok then Next.
There is usually nothing to select on the application aware settings. Please check the manual to see if there is a specific need you have which requires these settings to be changed. Change the Guest OS credentials to the Windows administrator credentials you setup earlier then click Next.
Select a schedule for the job and then click Apply then Finish.
Physical Servers
To backup a physical server go to Home> Backup and right click in the backup window, then select Windows Computer.
Select Server and the Mode as Managed by backup server then click Next
Give the backup job a name and click Next
Click Add then select the Physical Servers protection group we created earlier and click Ok.
Select the type of backup that you want to perform, as I am backing up a Windows DFS fileserver I select File level backup.
Click The following file system objects and then click Add. Add the path to the files you want to backup.
You can also add exclusions to any of these paths by clicking advanced and adding them as below. Click Ok and then Next.
Select the Backup Repository and how many Restore points you want to keep.
Click Advanced and check create synthetic full backups periodically.
Select to perform a health check on the backup files
Select the Compression level as Extreme and enable backup file encryption using the saved password. Click Ok then Next
Enable application-aware processing and then click Next
Create a schedule then click Apply then Finish
Veeam backup copy jobs
Veeam handles replication of backup data using backup copy jobs. The backup jobs look for new restore points and them copy them to the desired location. The changes are all block level so the copy jobs will only copy the backup data for a VM if it has changed.
To setup a backup copy job click Home> Backup Copy then select either Virtual machine or Windows computer backup (for physical machines)
Give the copy job a name and set the copy interval. This is when the job will check for the presence of new restore points and start the copy.
From the Objects section click Add and then select From jobs.
Select the backup job you want to copy and click Ok then click Next
Select the backup repository, you may be replicating a job for offsite backup or you may just be keeping archive copies locally. If the copy job is to serve as an archive select to Keep the following restore points for archival purposes.
Click Advanced and enable Extreme compression and Encryption
Leave the Data Transfer option as Direct
Leave the data transfer timings as Any time unless you have any strict time-based bandwidth requirements, then click Apply and Finish.
Restoring virtual machines
To restore a virtual machine is quite simple you first select the backup data source. So go to Home then Backups> Disk> Right click on a virtual machine and choose a restore mode. Recent jobs (last 14 days will be in the Disk backups and older backup files will be in the Disk (Copy) location. Generally we are only going to use Restore entire VM and Restore guest files restore modes but I’ll explain each below.
Restoring an entire VM
As above right click on the VM you want to restore and click Restore entire VM as below
Click Point to select the restore point you want to use to restore the VM from. As in this example we have several copy jobs we have a few options:
- Select Veeam Short-Term Storage for a recent restore point on local storage
- Select Veeam Long-Term Storage for an older restore point on local storage
- Select Short-Term Storage S if you have lost the local storage and need to access a recent restore point from remote storage
In this example we select Veeam Long-Term Storage and select a restore point from one day ago.
Select a restore mode, generally it is best to choose Restore to a new location, or with different settings so that you aren’t touching the original VM.
Either accept the current host the VM is on or change the host to a new one by clicking the Host button
Leave the VM resource pool as the default and click Next
Leave the datastore and disk type the same unless you do not have space to restore to the same datastore. You could then change this using the Datastore button.
Leave the VM folder and Tags the same unless you have a requirement to change it
You will need to change the VM name at this stage though so click Name and check the Add suffix box to add _restored to the name.
Leave the network setting as the same
Unless you are suspicious about viruses leave the scan option off
Then click Next and Finish and the machine will be restored.
Restoring Guest machine files
In this example we will restore guest files from the physical fileserver. To do this find the backup data you require as described above and right click> Restore guest files> Microsoft Windows
Choose a restore point and click Next
Type a reason for the restore and click Next
Click Finish and the backup browser will open and allow you to choose the files you want to restore
You should now be able to browse the backup contents for the fileserver. Find the files/folders you want to restore and then right click and click Restore. You can choose to put a copy in the original location by clicking keep which will restore the file with a _Restored prefix. You can also click Copy To and put the file in a new location. See here for any confirmation on the actions from Veeam.
