I have previously done a post on setting up Veeam Backup and Replication 9.5 Community edition but I wanted to write what was involved in doing a fully fledged enterprise configuration in accordance with Veeam best practices. Below I walk through all the necessary steps to get Veeam up and running and also explain any other configuration necessary for equipment and applications involved.

Backup Infrastructure

G Datacenter

Veeam Server VM specs:

Name CPU Memory Hard Disk NIC 1Gb NIC 10Gb veeamd202 16 Cores 64GB 60GB x3 x2

Physical Backup Storage:

Name CPU Memory NIC 1Gb NIC 10Gb gqnap01 Intel® Xeon® D-1531 6-core 2.2 GHz 32GB x4 x2

W Datacenter

Veeam Server VM specs:

Name CPU Memory Hard Disk NIC 1Gb NIC 10Gb veeamd101 16 Cores 64GB 60GB x3 x2

Physical Backup Storage:

Name CPU Memory NIC 1Gb NIC 10Gb sqnap01 Intel® Xeon® D-1531 6-core 2.2 GHz 32GB x4 x2

Licences:

Name Qty Veeam Availability Suite Enterprise Plus 20 Sockets

Network Configuration

Overview

As this is an enterprise setup there are two datacenters involved. The diagram below explains what I had initially designed with the help of some Veeam engineers. Please see here if you use QNAP backup storage and need to setup multipath MPIO access to the backup device.

When a backup is initiated the process is as follows:

1. User initiates backup using Veeam

2. Veeam contacts vCenter over the 1Gb link to create a VM snapshot. This snapshot is not used it is to prepare the machine for backup using storage snapshots

3. Veeam contacts the NetApp FAS SAN over the 1Gb link to create a storage snapshot.

4. Veeam enumerates all of the VMs in the backup job and proceeds to back them up. Data flows from NetApp FAS – Veeam Backup Server – QNAP NAS which is 10Gb end to end.

5. Backup is complete so storage snapshots and VMware snapshots are deleted

6. Backup data is replicated over to the opposing datacenter.

vCenter configuration

Each host in the cluster has a 10Gb adapter for storage traffic

It also has x2 1Gb adapters for all other traffic

Multipath access to SAN and QNAP for Veeam

Each host already has multipath access to the NetApp SAN. Hosts are connected to the SANs using Cisco Nexus 10Gb switches. For the purpose of the Veeam backups I created a new vSwitch on each host

Each physical HPE ProLiant DL360 G10 host has a x4 port 10Gb NIC.

In VMware these are shown as vmnic4, vmnic5, vmnic6, vmnic7.

vmnic6 and vmnic7 are reserved for the connection to the QNAP backup storage. vmnic4 and vmnic 5 area already in use for multipath access to the SAN.

Path A

The Cisco Nexus switch port that the ESXi host port 6 is connected to is allowed access to the below VLANs. This is configured on physical switch 1.

20 iSCSI A storage network (NetApp SAN path 1)

22 Storage vmotion

50 QNAP storage traffic

The new Veeam vSwitch is configured with the below port groups. Only NIC 6 is active on this port group all others are disabled.

Veeam_Backup VLAN50

ISCSI A_Veeam VLAN20

ISCSI vmotion VLAN22

The QNAP NAS has a 10Gb NIC with ports 1 and 2.

The Cisco Nexus switch port that QNAP port 1 connects to is allowed access to the following VLANS:

50 QNAP storage traffic

Path B

The Cisco Nexus switch port that the ESXi host port 7 is connected to is allowed access to the below VLANs. This is configured on physical switch 2.

21 iSCSI B storage network (NetApp SAN path 2)

22 Storage vmotion

60 QNAP storage traffic

The new Veeam vSwitch is configured with the below port groups. Only NIC 7 is active on this port group all others are disabled.

Veeam_Backup VLAN60

ISCSI B_Veeam VLAN21

ISCSI vmotion VLAN22

The Cisco Nexus switch port that QNAP port 2 connects to is allowed access to the following VLANS:

60 QNAP storage traffic

QNAP

The QNAP NAS has x1 inbuilt 1Gb adapter and 1x 10Gb adapter.

Ethernet 1 is configured as the management interface and as such sits on the management VLAN/Subnet.

Ethernet 7-8 appear as the 10Gb ethernet NICs. In this case each is configured with its own IP and the MTU is set to 9000.

Ethernet 7 is set to VLAN 50

Ethernet 8 is set to VLAN 60

The default gateway should use the settings from Ethernet 1.

Configure the DNS server settings:

QNAP Backup Storage

The model used in both datacenters is a QNAP TES-3085U. They are filled with x24 Seagate ST5000LM000-2AN170 disks.

The QNAP NAS in G datacenter has x2 Storage Pools configured as below. The Storage Pool used for Veeam Backup and Replication is the VeeamBackupRepo pool which is 76.40TB in size.

If you need to create a new Storage Pool go to the Storage Manager>Click Storage Space and click Create and click New Storage Pool as below.

You then need to select how many disks you want to assign and choose a RAID level

We are using RAID6 and 5TB disks in the demonstration

Remove the reserved snapshot space and then click Create when ready

Once the storage space is created you need to create an iSCSI Target with a mapped LUN. Below you can see the current one.

To create a new one open the Storage Manager and click iSCSI Storage. Then click Create and select iSCSI Target with a mapped LUN and click Next

Give the target a name and Alias then click Next

Don’t enable CHAP authentication

Select the Portal Setting to be the interfaces on the storage network. You will need a separate mapped iSCSI LUN for each of the NICs ethernet 7 and ethernet 8.

Enable host access for the Veeam VM (click create host to add a new host)

Give the LUN a name then enable Instant Allocation, choose a storage group (LUN Location), choose a size, change performance profiling to customised 64k and disable compression. Then click Next and Next again.

The LUN is now ready to be accessed from the hosts.

The Volumes/LUNS are configured as below.

G datacenter Storage Pool Name Capacity RAID VeeamBackupRepo 76.40TB 6 iSCSI LUN Name Capacity VeeamBackupRepo_0 74TB W datacenter Storage Pool Name Capacity 6 VeeamBackupRepo 91.17TB 6 iSCSI LUN Name Capacity VeeamBackupRepo_0 88.3TB

The QNAP LUNs are connected to the Veeam Backup & Replication servers using the Microsoft iSCSI initiator. To connect a LUN open the iSCSI initiator by clicking Start>Run and type iscsicpl.exe

Type in the IP address of the QNAP portal (as configured earlier) in the Target box then click Quick Connect. Select the Discovered Target and then click Connect.

You should then see you connected targets

Once this is done you can open Windows disk management (Start>Run diskmgmt.msc) and configure the disk. For Veeam we need to configure the disk with 64k block size and format with ReFS

Veeam Backup Strategy

Goals

The main goals for the implementation of the Veeam backup were:

1. Fast 10Gb backups and restores

2. Backup all VMs in important VM folders within VMWare

3. Keep as much data on disk to be restored at 10Gb as possible

4. Keep 1 year of archived data on disk

5. Replicate the entire datacenter backup to the opposing datacenter (for use in the case of a complete datacenter loss)

The main aims for the backup strategy were to have:

1. A weekly full backup of all VMs and the file server

2. A daily incremental backup of all VMs and the file server

3. A job that copies these full backups and their daily increments to the opposing datacenter

4. A monthly job that keeps a full backup as an archive and to retain this on disk for a year

5. Move off any backups older than a year to slower more permanent storage (AWS/Azure)

Veeam Backup Repositories

This step assumes that Veeam has been installed and is ready to be configured.

The first stage in configuring Veeam is to create your backup repositories. Open the Veeam console and click Backup Infrastructure> Backup Repositories. You should see all your current configured repositories. A backup repository is basically a location that you intend to store your backup data in.

To create a new Backup Repository right click on Backup Repositories and click Add Backup Repository

We are using an iSCSI disk connected to the QNAP so select Direct attached storage

Select Microsoft Windows, note that the disk should be formatted with ReFS

Give the repository a name and click Next

Choose the repository server you want to use

Enter the path where the backup files will be stored and leave the maximum concurrent tasks 4. The path should be 64k block size formatted with ReFS, then click Advanced

Select Align backup file data blocks and click Next

Leave the below settings as the defaults and click Next

Click Next and then Finish

Veeam configuration backups

Veeam backs up the Veeam backup and replication server settings daily. The backups are stored offsite in the opposing datacenter. The reason for this is that if we have a site failure and need to recover the VMs we can quickly have a Veeam server up and running ready to restore.

To configure the backup job click the Veeam settings button and then click Configuration Backup

Configure the backup repository as the repository in the opposing datacenter. Enable backup file encryption and select the existing password.

Protection groups for physical servers

In order to backup a group of physical machines you need to create a protection group. To do this go to Inventory> Physical & Cloud Infrastructure> Create Protection Group

Give the Protection group a name and click Next

Select the type as Individual Computers then click Next

Click Add then type in the IP address of the physical machine that you want to backup. Select the Credentials as the Windows admin credentials you setup earlier then click Next

Select a time that Veeam should scan for any additions to the protection group (i.e. you add more physical servers). Then check Install backup agent automatically and to auto-update the agent. Hen click Next, Next and Finish. The agent will then be installed on the physical server. This will require a reboot of the physical server.

Manage Veeam credentials

In order for Veeam to connect to interact with the various systems it backs up and to make sure they are in the correct state for the back some credentials are needed.

I needed to add credentials for the following systems:

Local Veeam account

vSphere administrator

AWS SES (or whatever email system you use)

NetApp storage system

To create a new credential click Add then choose the account type. You can then fill in the details as necessary.

Veeam API connection to SAN storage

We can create a connection between a SAN and the Veeam server so that Veeam can backup VMs directly from storage snapshots.

To create a new connection click Storage Infrastructure then Add Storage.

Choose your SAN storage system

We use NetApp Data ONTAP so selected that

Enter the IP of the SAN and click next

Select the SAN credentials and click Next

Accept the certificate alert

Specify how the storage can be accessed by Veeam. We select iSCSI only, then click Next and Finish.

Connect Veeam to VMware vCenter

To connect Veeam with vCenter click Backup Infrastructure> VMware vSphere then right click in the VMware vSphere window and click Add Server.

Enter the IP address of your vCenter server

Select the credential for vCenter that you entered earlier, then click Next

Accept the certificate alert by clicking Continue, then click Next and Finish.

Create an encryption password

It is a requirement that all backup files be encrypted. To do this click the Veeam options menu and click Manage Passwords.

Once you have done this click Add and enter a strong password. This is now ready to be used in your backup jobs

Veeam backup jobs

Virtual machines

After you have your backup repositories configured you can create a backup job. To do this click home and then click Backup. Then right click in the backup window and click Backup> Virtual machine

Give the backup job a name and click Next

Click Add to select what you want to backup. We keep all of our VMs inside of categorised folders so we just need to select a folder in order to backup all the VMs inside it.

Click Exclusions to add any VMs that you do not want to be backed up within the folder. Then click Next.

Leave the Backup proxy as the Automatic selection. Change the Backup repository to one of the repositories that you have created, this will dictate where the backup data is stored. Choose how many restore points you want to keep then click Advanced. A restore point is simply a backup job – so if you have one full backup on a Saturday and then incrementals for the rest of the week you will have 7 restore points.

Select the Backup tab then Incremental backups and check Create synthetic full backups periodically – then choose the day that you want the synthetic backups created. Synthetic backups are full backups that are created using the existing incremental backups. It basically saves you having to run a separate full backup after a week of incrementals. You do not need to run full backups and synthetic full backups.

Select the storage tab and select the data reduction options as below. Select the Compression Level as Extreme and select Enable backup file encryption using the password that you created earlier.

Select the vSphere tab and select the below Changed block tracking options

Select Integration and check Enable backup from storage snapshots. This enables Veeam to use the API connection to the NetApp SAN to back it up using storage snapshots over the 10Gb network. Click Ok then Next.

There is usually nothing to select on the application aware settings. Please check the manual to see if there is a specific need you have which requires these settings to be changed. Change the Guest OS credentials to the Windows administrator credentials you setup earlier then click Next.

Select a schedule for the job and then click Apply then Finish.

Physical Servers

To backup a physical server go to Home> Backup and right click in the backup window, then select Windows Computer.

Select Server and the Mode as Managed by backup server then click Next

Give the backup job a name and click Next

Click Add then select the Physical Servers protection group we created earlier and click Ok.

Select the type of backup that you want to perform, as I am backing up a Windows DFS fileserver I select File level backup.

Click The following file system objects and then click Add. Add the path to the files you want to backup.

You can also add exclusions to any of these paths by clicking advanced and adding them as below. Click Ok and then Next.

Select the Backup Repository and how many Restore points you want to keep.

Click Advanced and check create synthetic full backups periodically.

Select to perform a health check on the backup files

Select the Compression level as Extreme and enable backup file encryption using the saved password. Click Ok then Next

Enable application-aware processing and then click Next

Create a schedule then click Apply then Finish

Veeam backup copy jobs

Veeam handles replication of backup data using backup copy jobs. The backup jobs look for new restore points and them copy them to the desired location. The changes are all block level so the copy jobs will only copy the backup data for a VM if it has changed.

To setup a backup copy job click Home> Backup Copy then select either Virtual machine or Windows computer backup (for physical machines)

Give the copy job a name and set the copy interval. This is when the job will check for the presence of new restore points and start the copy.

From the Objects section click Add and then select From jobs.

Select the backup job you want to copy and click Ok then click Next

Select the backup repository, you may be replicating a job for offsite backup or you may just be keeping archive copies locally. If the copy job is to serve as an archive select to Keep the following restore points for archival purposes.

Click Advanced and enable Extreme compression and Encryption

Leave the Data Transfer option as Direct

Leave the data transfer timings as Any time unless you have any strict time-based bandwidth requirements, then click Apply and Finish.

Restoring virtual machines

To restore a virtual machine is quite simple you first select the backup data source. So go to Home then Backups> Disk> Right click on a virtual machine and choose a restore mode. Recent jobs (last 14 days will be in the Disk backups and older backup files will be in the Disk (Copy) location. Generally we are only going to use Restore entire VM and Restore guest files restore modes but I’ll explain each below.

Restoring an entire VM

As above right click on the VM you want to restore and click Restore entire VM as below

Click Point to select the restore point you want to use to restore the VM from. As in this example we have several copy jobs we have a few options:

Select Veeam Short-Term Storage for a recent restore point on local storage

Select Veeam Long-Term Storage for an older restore point on local storage

Select Short-Term Storage S if you have lost the local storage and need to access a recent restore point from remote storage

In this example we select Veeam Long-Term Storage and select a restore point from one day ago.

Select a restore mode, generally it is best to choose Restore to a new location, or with different settings so that you aren’t touching the original VM.

Either accept the current host the VM is on or change the host to a new one by clicking the Host button

Leave the VM resource pool as the default and click Next

Leave the datastore and disk type the same unless you do not have space to restore to the same datastore. You could then change this using the Datastore button.

Leave the VM folder and Tags the same unless you have a requirement to change it

You will need to change the VM name at this stage though so click Name and check the Add suffix box to add _restored to the name.

Leave the network setting as the same

Unless you are suspicious about viruses leave the scan option off

Then click Next and Finish and the machine will be restored.

Restoring Guest machine files

In this example we will restore guest files from the physical fileserver. To do this find the backup data you require as described above and right click> Restore guest files> Microsoft Windows

Choose a restore point and click Next

Type a reason for the restore and click Next

Click Finish and the backup browser will open and allow you to choose the files you want to restore

You should now be able to browse the backup contents for the fileserver. Find the files/folders you want to restore and then right click and click Restore. You can choose to put a copy in the original location by clicking keep which will restore the file with a _Restored prefix. You can also click Copy To and put the file in a new location. See here for any confirmation on the actions from Veeam.