Veeam Backup & Replication v8 for VMware: General Overview
Components
Deployment Methods
Features
Simple Deployment
The Veeam® Backup Server is a Windows-based physical or virtual machine (VM). • Coordinates backup, replication, recovery verification and restore tasks; • Controls job scheduling and resource allocation; • Configures and manages backup infrastructure components and specifies global settings for the backup infrastructure.
Data security is an important part of the backup strategy. Information must be protected from unauthorized access, especially if the backup of sensitive VM data goes to offsite locations or is archived to tape. To keep data safe, data encryption should be used. In Veeam Backup & Replication, encryption works at the job level and can be enabled for backup jobs, backup copy jobs, tape jobs and VeeamZIP.
Server Roles
Veeam Backup Server Backup
To take the workload off the Veeam backup server, Veeam Backup & Replication™ uses backup proxies. A Veeam Backup Proxy is an architecture component that sits between the data source and target, and is used to process jobs and deliver backup traffic. In particular, the backup proxy tasks include retrieving VM data from the production storage, compressing and sending it to the backup repository. The role of a backup proxy can be assigned to a dedicated Windows server (physical or virtual) in the environment (by default Veeam backup server takes the role itself ).
Cloud Connect is a feature of Veeam Backup & Replication that can be used by Service Providers who subscribed to the Veeam Cloud Provider Program (VCP) to offer their customers Backup Storage as a Service. Every Veeam Backup & Replication v8 customer can buy this feature from their service provider of choice. It’s a great tool to send backups offsite.
Replication Source VMware Host
Target VMware Host
Advanced Deployment
Veeam Backup Server
A Veeam Backup Repository is a location used by Veeam Backup & Replication jobs to store backup files. Technically, a backup repository is a folder on the backup storage. Due to the distribution of different repositories and the limitation on number of parallel jobs for each one, the load across the backup infrastructure is balanced.
WAN
Veeam Backup & Replication has 4 free Veeam Explorers™ included in the product. All of them are used for granular restore of specific objects directly from Veeam backups. Every Veeam Explorer has a familiar, easy-to-use interface and allows users to quickly locate the items they need. The list includes: • Veeam Explorer for Microsoft Exchange • Veeam Explorer for Microsoft Active Directory • Veeam Explorer for Microsoft SQL server • Veeam Explorer for Microsoft SharePoint
Offsite
WAN Acceleration Source VMware Host
Veeam Backup Enterprise Manager is an optional component intended for distributed enterprise environments with multiple Backup Servers. Veeam Backup Enterprise Manager federates Veeam Backup Servers and offers a consolidated view of these servers through a web browser interface. All Veeam Backup Server jobs can be managed and controlled through a single “pane of glass.”
Target VMware Host
Distributed Deployment
Veeam Backup Enterprise Manager
Veeam Backup Enterprise Manager also enables an option to search for Windows and Linux guest OS files in all current and archived backups across the whole backup infrastructure and restore these files in one click.
Veeam Backup & Replication offers Virtual Lab technology in order to guarantee recoverability of virtual data. Virtual Lab is an isolated virtual environment (no impact on production) where Veeam verifies VMs and tests backups in automatic mode. Moreover, Veeam is able to check VMs, which are dependent from others, using the notion of application group.
Veeam Search Server
Virtual Lab includes: • On-Demand Sandbox™ • SureBackup® • SureReplica
Veeam Backup Servers
Backup Server
Backup Proxy
End-to-end encryption
Veeam Cloud Connect
There are a few components deployed on Veeam Backup Server:
Requirements • Physical or virtual Windows server (Windows 2003 SP2 or later); • 2 GB RAM plus 200MB per each concurrent job; • 2 CPU cores.
Data encryption transforms data to an unreadable, scrambled format with the help of a cryptographic algorithm and a secret key. If encrypted data is intercepted, it cannot be unlocked and read by the eavesdropper. Only intended recipients who know the secret key can reverse encrypted information back to a readable format.
Veeam Cloud Connect is a technology in Veeam Backup & Replication that lets Service Providers (SP) configure cloud repositories — storage locations in the cloud, and expose cloud repository resources to their customers.
Veeam Backup Service The Veeam Backup Service is a Windows service that coordinates operations performed by Veeam Backup & Replication such as backup, replication, recovery verification and restore tasks. Veeam Backup Service runs under account with administrative privileges or local system account (default option since v8). Veeam Backup Shell The Veeam Backup Shell provides an application user interface and allows users to access the application’s functionality. Veeam Backup Catalog Service Veeam Backup Catalog Service is a Windows service that manages a guest OS file system index for VMs and replicates system index data files to enable a search through guest OS files. Index data is stored in the Veeam Backup Catalog − a folder on the Veeam Backup Server. The Veeam Backup Catalog Service running on the Veeam Backup Server works in conjunction with search components installed on Veeam Backup Enterprise Manager and (optionally) a dedicated Microsoft Search Server. Veeam Backup SQL Database Veeam Backup SQL Database is used by Veeam Backup Service, Veeam Backup Shell and Veeam Backup Catalog Service to store data about the backup infrastructure, jobs, sessions and so on. The database instance can be located on a SQL Server installed either locally (on the same machine where the Veeam Backup Server is running) or remotely. Veeam Backup PowerShell Snap-In Veeam Backup PowerShell Snap-In is an extension for Microsoft Windows PowerShell. Veeam Backup PowerShell Snap-in adds a set of cmdlets to allow users to perform backup, replication and recovery tasks through the command-line interface of PowerShell or run custom scripts to fully automate operation of Veeam Backup & Replication.
Takes the workload off the Backup Server processing jobs. Retrieves VM data from the production storage, compressing and sending it to the backup repository. Configuration modes • SAN mode − a machine used as a backup proxy should have direct access to the storage on which VMs reside or the storage where VM data is written. This way, the backup proxy will retrieve data directly from the datastore, bypassing LAN. •
Cloud gateway
SSL
Backup repository
SSL
WAN
Veeam Backup server Cloud repositories
1 2 3
•
Unencrypted data
Network mode − can be assigned to a machine on the network closer to the source or the target storage with which the proxy will be working. In this case, VM data is being transported over LAN using NBD protocol.
Encrypted data
•
Veeam Installer Service is an auxiliary that is installed and started on any Windows server once it is added to the list of managed servers in the Veeam Backup & Replication console. This analyses the system, installs and upgrades necessary components.
•
Veeam Transport is responsible for deploying and coordinating executable modules that act as “data movers” and perform main job activities on behalf of Veeam Backup & Replication such as communicating with VMware Tools, copying VM files, performing data deduplication and compression and so on.
Windows server with local or direct attached storage The storage can be: • Local disk • Direct attached disk-based storage • iSCSI SAN LUN • Fibre Channel SAN LUN
Veeam Backup Enterprise Manager is a management and reporting component that allows to manage multiple Veeam Backup & Replication installations from a single web console.
Linux Server with local, direct attached storage or mounted NFS The storage can be: • Local disk • Direct attached disk-based storage • NFS share • iSCSI SAN LUN • Fibre Channel SAN LUN
Veeam Backup Enterprise Manager
1
SSL
Tape media
WAN accelerator (optional)
Secret key
Services The following light-weight components are installed:
Backup Enterprise Manager
Deduplicating storage appliance • EMC Data Domain • ExaGrid • HP StoreOnce
Service provider Customers
HotAdd mode − the backup proxy can be a VM with HotAdd access to VM disks on the datastore. This type of proxy also enables LAN-free data transfer.
Backup Repository
CIFS (SMB) share SMB share does not support Veeam transport services, therefore data to the SMB share is written from a Windows-based proxy server. By default, this role is performed by a backup proxy that is utilized by the job for data transport.
In Veeam Backup & Replication, encryption works at the job level and can be enabled for the following types of jobs: • Backup jobs • Backup copy jobs • Tape jobs: Backup to tape jobs and file to tape jobs • VeeamZIP
Veeam Backup & Replication does not offer its own cloud for storing VM data. Instead, it uses service providers’ storage resources to configure cloud repositories — storage locations in the cloud. Users who want to store their data in the cloud can connect to the SP and write their VM backups to cloud repositories.
Veeam Backup & Replication uses the block cypher encryption algorithm. Encryption works at the source side (unless admin runs a backup copy job via WAN accelerators). Veeam Backup & Replication reads VMs or file data, encodes data blocks, transfers them to the target side in the encrypted format and stores the data to a file on the repository or archives the data to tape. Data decryption is also performed on the source side: Veeam Backup & Replication transfers encrypted data back to the source and decrypts it there. Beside the job-level encryption, Veeam Backup & Replication allows to encrypt network traffic going between the primary site and the disaster recovery site. For network traffic encryption, Veeam Backup & Replication uses the 256-bit Advanced Encryption Standard (AES).
Veeam Explorers
WAN accelerator (optional)
2
3
Backup repository
Veeam Backup & Replication • Creates a storage abstraction layer and virtually partitions storage resources of a cloud repository; • Establishes a secure channel to transfer VM data to and from the cloud repository; • Offers data encryption capabilities to protect user’s data at rest. Users can perform the following operations: 1. Back up VMs to the cloud repository; 2. Copy VM backup files to the cloud repository; 3. Restore VM data from the cloud repository; 4. Perform file copy operations between the user’s side and the cloud repository.
Virtual Lab
Physical or virtual machine
Veeam Backup Server
Staging Microsoft SQL Server Backup of Microsoft SQL server
VM replica snapshots VM replicas Backup repository
Veeam Backup Server
Veeam Explorer for Microsoft SQL Server
Target Microsoft SQL Server
Veeam Explorer for Microsoft SQL Server
Veeam Backup Server
Veeam Backup Server
In the case of distributed backup infrastructure when a number of Veeam Backup & Replication instances are installed on different servers, Veeam Backup Enterprise Manager acts as a single management point, allowing to perform backup and replication jobs across the entire backup infrastructure and providing enhanced reporting options. With Veeam Backup Enterprise Manager, backup administrator can: • Manage jobs across a number of Veeam Backup Servers; • View on-going reporting data for all jobs; • Receive email notifications about the status of all jobs; • Search for VMs and guest OS files (Windows, Linux) in current and archived backups; • Perform web-based recovery operations; • Centrally monitor license usage and update them.
Veeam enables the virtualization of the four largest Tier-1 infrastructure applications: SQL, AD, Exchange, and SharePoint. The Veeam Explorers give administrators more powerful tools and better options for handling the challenges of data protection and recovery. They can restore items within their backup files to their running virtual machines and perform granular export for any needs. Each Veeam Explorer supports a corresponding database: .MDF Database from SharePoint, .DIT DB from Active Directory, .EDB DB from Exchange and .MDF Database from SQL Server. Typical process on how Veeam Explorer works: •
•
•
The backup administrator uses Veeam Backup & Replication restore options to extract a database file from the Server’s backup file through mounting it to the Veeam backup server; Veeam Explorer obtains specific server hierarchy information (instances and databases) and presents it to the user in a native interface. Explorer facilitates browsing, search and provides users with all available restore options (entire restore, granular object restore, export sought-for information into required format).
ESX(i) host
Virtual lab
In most cases, a VM works in cooperation with other services and components. To verify such a VM, Veeam Backup & Replication uses the notion of application group. Typically, the application group contains at least a domain controller, DNS server and DHCP server. In the virtual lab, Veeam Backup & Replication starts a verified VM and VMs from the application group. A virtual lab does not require provisioning of additional resources. It can be deployed on the existing ESX(i) host in a virtual environment. The virtual lab is fully fenced off from the production environment. The network configuration in the virtual lab mirrors the network configuration of the production environment. The SureBackup job aggregates all settings and policies of a recovery verification task such as application groups and virtual labs, VM backups that should be verified in the virtual lab and so on. To ensure that the VM replica is functioning properly, Veeam Backup & Replication performs SureReplica—automatically booting the VM replica to the necessary restore point in the isolated environment. It then performs tests against it, powers the VM replica off and creates a report on the VM replica state.