Hyper-V


Veeam v7.0 – Backup Copy and its potential

This time I want to pick up an idea which I saw first over on Timo’s blog and add some more details which the customers and of course even me personally really like.

For now I assume the basic understanding of Veeam’s “Backup Copy” feature is clear, if not you may want to check out this post

So what’s the point of this post?

I just supported a customer to set up the following backup infrastructure and I want to share the experiences we made. The customer has two backup servers, one to use as primary server running the main instance of Veeam Backup & Replication v7.0 R2 to protect a vSphere environment and a second one which acts as target for the Veeam Backup Copy. Both servers are installed with Windows Server 2012 to leverage the built in deduplication in addition to Veeam deduplication to achieve a repository wide deduplication. Of course the secondary server is placed in a second in another fire section.

VeeamBackupCopy1

The primary backup server has four repositories in total configured:

  • Local1
  • Local2
  • Remote1
  • Remote2

Only the two local repositories are being used as target for regular backup jobs and the backup copy job picks up those restore points and “copies” them over to the remote repositories on the second server.

To achieve this I added all repositories as “Windows Server” which will install the Veeam Transport Service on the target system. This was pretty easy to setup and everything worked fine.

By using the direct SAN access via Fibre Channel we could avoid a potential bottleneck. If there is the chance to directly attach your backup server to the SAN I would go for it.

But what if you have to restore a VM or file if your primary backup server is down? Unlikely you think? Just during this setup we had massive issues with faulty hardware on the primary server and had to replace hardware multiple times.

So the plan was (as Timo already described) to install the Veeam Backup & Replication (management) server on the second server as well and to add the “remote” repositories which actually act as target for the backup copy as local repositories.

VeeamBackupCopy2

If you add the repositories the first time you can import the already copied restore points and the server is ready to perform restore operations. But the backup copy is an ongoing process, so to keep the restore points within VBR up to date you will need to use a small PowerShell script. To get a copy of a working script check of Timo’s blog post.

Then I unfortunately run in some problems. As soon as I installed VBR on the second server, the primary server lost its connection to the second server and the backup copy jobs stopped.

The error message from the backup copy job indicated that it could be a firewall related issue

“Error: Client error: Failed to connect to the port [Backup02:2502]

Maximum retry count reached (5 out of 5)

Incremental copy was not processed during the copy interval”

 

As soon as I disabled the local firewall on the second server the connection came back online.

So I did a quick comparison between the firewall rules on the primary serverFirewallRulesPrimary

to those on the secondary server (no Management Server installed):FirewallRulesSecondary

As you can see the “Veeam Backup Transport Service (In)” rule was missing. But just adding this rule (or a custom rule which allows the ports 2500-3000) didn’t fix it, so I enabled the Windows firewall logging to see what else got blocked:

netsh firewall set logging droppedpackets = enable

You may need to create the log first, which is usually located in: C:\Windows\System32\LogFiles\Firewall\pfirewall.log

The log showed the following entries when I tried to connect to the second server:

2014-01-30 14:03:33 DROP TCP <Source IP Backup01> <Dest. IP Backup02> 49662 6160 52 S 623441555 0 8192 – – – RECEIVE

So I manually added another rule to allow port 6160 and that fixed it! Unfortunately I couldn’t test which default Veeam would enable this communication because the server still suffers massive hardware issues L but now the solution works as expected.

A detailed list of all required ports can be found in KB1518

 

However let’s do a final step back to the conventional part of this post, because this setup allows a bunch of tweaks to further customize the solution to your needs:

  • Different deduplication settings on the local and remote repositories to get fast restores and even more restore points.
  • You can combine the Backup Copy with the GFS option to keep full backups based on the GFS principle
  • Add a tape library to bring the backups off site.
  • Or you may want to back up the VBR configuration of the primary server on the second server and vice versa.
  • Also some love to the Hyper-V fans out here, of course this also applies to your preferred platform. You could even speed things up by installing the Transport Service on all Hyper-V nodes.
  • Copy your backups to the cloud, accelerated by the Veeam WAN acceleration. And maybe restore them in the Cloud?

VeeamBackupCopy3

 

Please keep in mind that the second server has only a “passive” connection to the vCenter and doesn’t perform actively backups to not violate any license terms and is only used in case the primary server is not available for restore operations. I hope this helps!


Dell EqualLogic – Host Integration Tools for Windows 9

The last two posts were about the integration of Dell’s EqualLogic arrays with VMware vSphere, but I don’t want to neglect the Windows & Hyper-V friends out there, because an EqualLogic is also an ideal backend storage for a Hyper-V environment or maybe you just want to use direct SAN access for your backup software.

To be able to connect your Windows hosts redundant to an EqualLogic SAN, you need at least two physical NICs connected to your iSCSI SAN/network.

NICs

You also need an account for support.equallogic.com where you can download the latest Dell EqualLogic Host Integration Tools.

Then you need to make sure the Windows feature “Multipath I/O” is installed. The Dell tools will provide their own module for the Device Specific Module (DSM) framework, which comes along with the Multipath I/O feature.

MultipathIO

Once this is done, you can install the HIT Software, what is pretty much just next next finish.

The HIT software will automatically configure the MPIO service properly and will in addition start the Microsoft iSCSI Initiator which will be used to connect to the EqualLogic SAN.

After that make sure the EqualLogic HCM service is running, in case it’s not you may need another reboot.

Services

 

CAUTION: In case you are going to connect a volume with a VMFS datastore to a backup server, make sure to disable the auto mount feature to prevent Windows from re-signaturing the volume. For example Veeam by default will disable auto mount as soon as the console/proxy role is installed.

Then you can launch the Microsoft iSCSI Initiator where you can add the EqualLogic SAN Group IP.

iSCSI1

Sorry for the Geman OS, but you should be able to recognize the corresponding tabs and buttons in you English OS.

iSCSI2

The iSCSI initiator will discover all volumes with appropriate access configurations. Maybe you need to hit the “connect” button to establish a connection to the volume(s).

If you haven’t already prepared the volume access, you should make sure to provide your application hosts with sufficient access rights. This can be done for example for the whole iSCSI network or just specific IQNs.EQL_access_list2

Then you can switch over to the “Dell EqualLogic MPIO” tab to take a look at the iSCSI sessions.

iSCSI3

As you can see, you end up with 4 paths in total for each individual volume.  The host is logged into all available iSCSI interfaces on two EqualLogic arrays (4 iSCSI target interfaces in total).

You can also check the discovered disk within the device manager. All volumes should be recognized as “EQLOGIC … Multi-Path Disk Device” DevMgr1

The properties tab of these devices will display the all available paths as well as the default MPIO policy (least queue depth).

MultiPathDiskDevice

To edit or review the multipathing configuration you can launch the Remote Setup Wizard or the Auto-Snapshot Manager.

RemoteSetupWizards

SnapshotManager

In case the EHCM service is not running, the MPIO console will tell you so. As you can see, here you can manage failover/path selection policies. By default (like on vSphere) the path selection is based on the least queue depth.

You can also use the ASM to take a look at the IOPS, throughput or multipath statistics.

SnapshotManager3

SnapshotManager2

But that’s by far not all the ASM provides on features. As the name states this tools supports you when you want to create application consistent snapshots, smart copies of virtual machine, etc. but this would be too much for this post.

For more detailed instructions for example Failover Clusters check out the “hit-user-guide.pdf” which comes with the installation of the HIT software.


Veeam Backup & Replication v7 – New features and my thoughts

These days Veeam revealed the last features for v7 of their Veeam Backup & Replication solution, which in detail can be found here

A quick overview of the features:

  • Built-in WAN Acceleration (copy backup files including GFS)
  • Backup from Storage Snapshots with HP storage (StorVirtual & StoreServ)
  • Virtual Labs for replicated virtual machines
  • Virtual Lab for Hyper-V
  • Tape Support
  • Veeam Explorer for Microsoft SharePoint
  • Enhanced 1-Click Restore
  • Full vCloud Director support

In my opinion the most features are self-explanatory and I don’t like writing about technical features I haven’t tried yet. To get a first impression of the features you should really take a look at the videos from Veeam on the countdown page. Of course I will write about the features as soon as I get my hands on v7.

Everyone is tweeting, blogging, whatever about it, but why is there such a hype? Let me try you answer this question from my personal point of view.

In the last couple of months I had several appointments with customers who bought or who are interested in buying a Veeam product and as far as I can tell really, nobody has been disappointed thus far. For me as system engineer it’s nice to see how happy you can make an admin with a data protection solution, especially if he’s completely new to all that virtualization technology. And not only them. I really like to work with the products. The look and feel is top notch and I prefer to achieve my goal without tons of settings, which I need to look up to know what are they are good for. Keep it simple and that’s what Veeam still does.

Yes it’s not an enterprise class backup solution which is able to back everything up and which is able to leverage hardware & APIs from multiple vendors. It’s a purpose built solutions and that’s absolutely ok. I’m sure with the new features they will be able to attract more of those customers who can’t waive backup to tape and the GFS principle or those who don’t want to support multiple backup tools for different purposes. Also the HP + Veeam combo can be a tiebreaker.

Don’t get me wrong, yes there are also other solution out their especially from those vendors who provide solutions to the backup market for quite some time which fit better in some cases.

But as storage & Virtualization enthusiast I love having fun at work and not to be frustrated. That’s why I’m really looking forward to more cool projects based on Veeam v7.