IamITgeek – aka Shabaz Darr

Tag: Backup

Backup & Recovery of Microsoft 365 with Veeam (SaaS) — April 26, 2021

Backup & Recovery of Microsoft 365 with Veeam (SaaS)

/IamITgeek/Leave a comment

Salaam, Namaste, Ola and Hello!

This blog post is based on a video I did a few weeks back which you can find below incase you prefer video content. In 2021 I am going to make a more conscious effort to vlog and blog about 3rd party vendors like VMware, NetApp, and Veeam and how they integrate with Microsoft Cloud services. The first series I have started this year is all around Veeam integration with Microsoft Cloud and you can catch my Introduction video below:

This specific blog will focus on ‘Backup & Recovery of Microsoft 365 with Veeam SaaS Workloads’ and I will discuss the following areas:

  • Veeam Backup for Microsoft 365 Overview
  • Features
  • Requirements

Veeam Backup for Microsoft 365 Overview

This specific Veeam service is focused around backing up Microsoft SaaS workloads including: Exchange Online, SharePoint Online, OneDrive and Microsoft Teams. It allows you to uniquely back up your data weekly, daily or as often as every five minutes if you wish to do so.

You can then store these backups in the location of your choice, including on-premises, in a hyperscale public cloud (Azure Storage or AWS Storage) or with a local service provider. The quick search and granular recovery of individual objects, including Microsoft Teams data – allows organisation’s to mitigate risk and allow a better service to its users so they can get their data back quickly.

Without an easily accessible copy of our data, retrieving emails for regulatory or compliance reasons can be costly, time-consuming and a major disruption to any business. When using Veeam Backup for Microsoft 365, you can leverage the familiar advanced search capabilities, flexible recovery and export options to perform eDiscovery on Microsoft 365 data just as easily as you would with a traditional on-premises data backup.

Veeam Backup for Microsoft 365 – Features

This service has some cool features, including a lot that you already find with other Veeam services, but also includes:

Multiple Deployment options:

  • On-premises deployment: For customers who want to have a terrestrial backup copy of Microsoft 365 data, an  on-premises deployment is the best option because it has the ability to scale-out from simple to advanced  installations. This kind of deployment provides the flexibility required by an organization that uses Microsoft 365 hybrid deployments where the protected data resides within any combination of online and on-premises Microsoft Exchange, SharePoint and OneDrive for Business infrastructures. 
  • Public Cloud Deployments: For customers who have an existing footprint in the public cloud (Azure or AWS) or for those who want to host the Infrastructure in a separate Data Centre, a deployment can operate form any public cloud and provide a complete cloud-agnostic approach. Azure Marketplace requires the customer to enter the details of the Microsoft 365 tenant you want to backup, and in general, data can be directly stored into Azure Managed disks. As of Veeam Backup for Microsoft 365 v4, Blob storage can also be achieved through ‘extended backup repositories’ which uses Microsoft Storage offerings.
  • Service Providers for a single-tenant (Exclusive mode): Veeam Cloud & Service Providers (VCSP) may offer the option to access a dedicated Veeam Backup for M365 Infrastructure that is exclusive to the clients single tenant. In this configuration, the single tenant allows the service provider to access, backup and restore content on their behalf and the customer typically uses the service provider infrastructure to protect their Microsoft 365 data and the assigned storage from the service provider as a repository for their own data. If the customer has a hybrid configuration of Microsoft Exchange and SharePoint to protect, it is required that the customer provides the FQDN of the respective on-premises Exchange and SharePoint servers to the service provider and to allow connectivity to these servers from their side. To a certain degree, the service provider for single-tenant and on-premises deployment are very similar.
  • Service Providers for Multi-tenant (Shared mode): VCSP’s can host and integrate the Veeam server deployments with existing Veeam Cloud Connect Infrastructure. In this scenario, a VCSP can use a single backup server deployment in multi-tenant mode, which means all backup data and repositories are separated and the customers can use Veeam Cloud Connect gateways to securely access and recover content. In this case, the customer has no control over the backup server which is stored on the service provider side. Customers can use Veeam Explorer for Microsoft Exchange, SharePoint and OneDrive for Business in their in-premises environment to restore data form backup stored in the service provider hosted storage. With this configuration, the service provider has visibility into all configured Microsoft 365 tenants and single tenants have no visibility into other tenant instances that share the same platform. Tenants can only access their own data from the backup jobs that the service provider has created for them.

As well as these deployment options, Veeam backup for Microsoft 365 can also backup all Exchange online objects like mail items, calendar items, contacts, notes and tasks. you can then restore directly to the mailbox, to a PST or to a different mailbox. You can also use Veeam Explorer for Exchange to browse mailboxes and recover single items. The same features are available when backing up SharePoint Online, OneDrive for Business and Microsoft Teams.

Requirements

There are several requirements around Microsoft Exchange, SharePoint, the Veeam backup server and the proxy server:

  • Microsoft Exchange Org requirements: You need to ensure you have Microsoft Exchange online or Microsoft Exchange Server 2019, 2016 or 2013 (on-premises).
  • Microsoft SharePoint Org requirements: You need to ensure you have SharePoint Online or SharePoint Server 2019 or 2016.
  • Veeam Backup for M365 Server: There are hardware, OS and Software requirements which you can see in the table below:
SpecificationRequirement
HardwareThe following hardware is required:
•CPU: any modern multi-core x64 processor, 4 cores minimum.
•Memory: 8 GB RAM minimum. Additional RAM and CPU resources improve backup, restore and search performance.
•Veeam Backup for Microsoft Office 365 also requires a minimum size of 8GB of RAM for VMs with dynamic memory allocation.
•Disk Space: 500 MB for product installation and additional free space for the configuration database (depending on the amount of organizations, jobs and sessions) and product logs.
OSOnly 64-bit version of the following operating systems are supported:
•Microsoft Windows Server 2019, Microsoft Windows Server 2016, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2012, Microsoft Windows Server 2008 R2 SP1, Microsoft Windows 10, Microsoft Windows 8.x, Microsoft Windows 7 SP1
SoftwareThe following software is required: •Microsoft .NET Framework 4.7.2 or higher.
•Windows C Runtime and Update (UCRT) in Windows.
•To use PowerShell cmdlets for backup and/or restore, Windows PowerShell 2.0 or higher is required. When using Windows 2012 or 2012 R2, Windows PowerShell 2.0 Engine must be installed regardless of the current PowerShell version.
Veeam backup for Microsoft 365 requirements
  • Veeam Backup Proxy Server: There are hardware, OS and software requirements which you an see in the table below:
SpecificationRequirement
HardwareThe following hardware is required:
•CPU: any modern multi-core x64 processor, 4 cores minimum.
•Memory: 8 GB RAM minimum. Additional RAM and CPU resources improve backup, restore and search performance.
•Veeam Backup for Microsoft Office 365 also requires a minimum size of 8GB of RAM for VMs with dynamic memory allocation.
•Disk Space: 300 MB for product installation and additional free space for the configuration database (depending on the amount of organizations, jobs and sessions) and backup proxy logs.
OSOnly 64-bit version of the following operating systems are supported:
•Microsoft Windows Server 2019, Microsoft Windows Server 2016, Microsoft Windows Server 2012 R2, Microsoft Windows Server 2012, Microsoft Windows Server 2008 R2 SP1, Microsoft Windows 10, Microsoft Windows 8.x, Microsoft Windows 7 SP1 Proxy Servers can be deployed to the following core editions:
•Microsoft Windows Server 2019, Microsoft Windows Server 2016 LTSC, 1709, Microsoft Windows Server 2012 R2
SoftwareThe following software is required: •Microsoft .NET Framework 4.7.2 or higher.
•Windows C Runtime and Update (UCRT) in Windows For a machine used as a workgroup backup proxy, the following settings are required:
•The Remote registry service must run on the target machine.  The service start-up type must be set to Automatic •Windows Firewall must be turned off on the target machine
Veeam Backup Proxy Server Requirements

Finally you can find a video of my doing a demo of the Veeam Backup for Microsoft 365 in the video below:

I hope you enjoyed this blog and find it useful. If you have any questions please leave me a comment or hit me up on my twitter handle which is @shabazdarr.

Veeam Backup & Replication – Utilize Azure Blob Storage — April 29, 2019

Veeam Backup & Replication – Utilize Azure Blob Storage

/IamITgeek/Leave a comment

Salaam, Namaste, Ola and Hello!

For those who are new to my blog welcome, and to those returning a big thanks! In my last series (https://iamitgeek.com/2019/04/15/veeam-cloud-connect-in-azure-part-1/ and https://iamitgeek.com/2019/04/17/veeam-cloud-connect-in-azure-part-2/) I discussed using Veeam Cloud Connect in Azure. Now this series was targeted at Managed Service Provider (MSP) type companies. In this weeks series I will discuss how to utilize Azure Blob storage via Veeam Backup & Replication.

Veeam Backup to Azure Blob

In part one of this series I will go through an overview of the title topic, what requirements you need to meet for this feature, a brief description of the setup tasks you need to complete (I will go into full detail in part two of this series) and the benefits this feature can offer you as a business.

Overview: Earlier this year Veeam released version 9.5 Update 4 of their Backup & Replication product, and with this new release they have introduced the capability to scale out your on premises repository to cloud object storage including Azure Blob. The new feature allows backup admins to archive older backups into Azure blob storage by adding it into Veeam as a ‘Scale-out Repository’ rather than a standard backup repository. Most companies will already be backing up there data offsite in some shape or form (if you are not you should be!!), either in a secondary site owned by them or to a Service provider. In the first instance it requires you to have a building in a geographically separated location with some sort of Infrastructure in place. This type of setup can be very costly from a financial and time perspective, however Cloud object storage takes a lot of this away. In the second instance, Service Providers do take the headache of day to day management away, however I believe would struggle to match the cost efficiency of public cloud object storage.

Requirements: Before you can go ahead and utilize this feature you need to meet certain prerequisite requirements:

  • Ensure Veeam Backup & Replication is updated to 9.5 update 4

As mentioned this is a new feature which is only currently available in update 4 of version 9.5 so this should really be your first step on this journey

  • A pay as you go or CSP Azure Subscription

You will need to have an existing Azure subscription where you can create the storage required for this feature to work. If you are able to get your subscription via a CSP partner I would recommend doing this as it works out cheaper than using the standard pay as you go subscription.

Setup Tasks: You should be at the point where you have now successfully upgraded your on premises Veeam Backup & Replication management software to 9.5 update 4 and provisioned an Azure subscription. Other initial setup tasks include creating a storage account in Azure, provisioning the Blob container you will archive the backups in, add a scale-out repository pointing at the Azure blob and finally re-configuring your existing Veeam backup jobs to archive your backups to the blob storage.

Pros and Cons: Like everything in this world there are two sides to it, and really its about what suits you as the individual company. For me this latest feature has the following positives:

  • Cost Effective – If you host your own offsite storage or use a service provider, Azure Blob storage costs will be more cost effective than both of these
  • HA & better redundancy – your own Infrastructure or Service Providers cannot compete with the high availability and redundancy offered by Microsoft Azure. A lot of Service Providers will claim they can, but in reality losing more than one Data Center would be catastrophic, where as Microsoft could cope with potential multiple DC failures.
  • Scale out to Cloud: For companies that need to keep older backups but do not necessarily want to spend additional on premises storage, this feature is ideal and allows you to scale and extend your on premises storage into the cloud.

And the cons:

  • Potential Compliance issue: This all depends on your companies compliance policies when it comes to data, and using public cloud may not be an option due to this.

So it turned out to be ‘con’ rather the the plural but that’s my point, this latest feature has more positives than negatives.

That is it for part one, keep an eye out for part two where I will go into more details on how to configure the both the Azure Blob Storage and Veeam Backup jobs for this feature. Until next time, ‘IamITGeek’ over and out!


Veeam Cloud Connect in Azure – Part 2 — April 17, 2019

Veeam Cloud Connect in Azure – Part 2

/IamITgeek/1 Comment

Salaam, Namaste, Ola and Hello!

For those who are new to the blog, welcome, and to those returning a big thanks! In part one of this series ( https://iamitgeek.com/?p=145 ) I discussed the Veeam Cloud Connect offering within Azure for Service Providers, some of the requirements as well as the initial configuration within Azure portal. In part two I will walk through the configuration of Veeam Cloud Connect and some of the different options that can be offered to customers.

Veeam Cloud Connect Service

I finished the previous post at the point where we had provisioned the virtual machine. Once this process is completed you need to ensure the version of Veeam Backup & Replication installed on premises matches the version installed in Azure, and as I mentioned the version currently available within Azure is 9.5 update 3 which is not the latest version. After upgrading Veeam, we are ready to start configuring the Veeam Cloud Connect Service Provider platform.

When you initially login to the Azure virtual instance the Veeam Cloud Connect Wizard will automatically start. To proceed any further you will need your Service Provider license which you should be sent once you have registered with Veeam for the Service Provider rental agreement. The rest of the wizard then takes you through the steps you need to follow in the Veeam Backup & Replication software both on-premises and Azure. The steps include the following:

  • Configure Cloud Gateway in Azure: Customers, or ‘tenants’ do not communicate with the repositories in Azure like they do when dealing with an on premises Veeam server. Instead the Cloud Gateway is used to mask the repositories so they make a connection (by default over port 6180) to the service provider cloud gateway. You will need to ensure you configure a DNS name on the Azure virtual machine before you can do this.
  • Configure Cloud Repository on the Azure Virtual Machine: This needs to be a location on an attached disk where you will store all your tenants backups. You may need to create some storage within the Azure platform and attach it to the virtual machine before you can do this.
  • Configure Tenants in Azure: You will need to configure a tenant username, password and repository within your main backup location for each customer. Most important part of this is ensuring you document credentials for each tenant as these are needed when configuring the backup job on premises.
  • Add the Service Provider on-premises: In Veeam Backup & Replication you need the customer to add you as a service provider. You will need to give them your Cloud Gateway FQDN and the port (6180) and they will need to ensure that this port is allowed outbound to ensure Veeam can communicate with Cloud Connect platform in Azure.

At this point the majority of the configuration is completed, however we are still not ready to send data into the Azure platform. Before we can do this we need to ensure the transfer of data is secure, which is done by installing and configuring an SSL certificate which will allow you to encrypt data in transit so customers data is secure whilst being backed up.

Data Encryption

The final part is to setup the backup jobs so the customer can start backing up data to the Veeam Cloud Connect service hosted in Azure. With the backup configuration you have the exact same features you would with an on premises backup job, including the notification features as well as scheduling.

The main benefit of the Azure offering of the Veeam Cloud Connect service is that not all Managed Service Providers have the luxury of being able to host a private data center where they can house the amount of Infrastructure required for a good size Veeam Cloud Connect Service. The Azure offering takes care of that issue and more, as with most private cloud services you get the added redundancy, durability and availability of the Microsoft Azure Data Center. Also Azure have added disk sizes that makes it a much more scalable cloud provider offering.

That concludes my blog series on Veeam Cloud Connect in Azure, I hope you enjoyed this series and I would love to know what you thought so please feel free to leave a comment in the comments section. Until next time, ‘IamITGeek’ over and out!

Veeam Cloud Connect in Azure – Part 1 — April 15, 2019

Veeam Cloud Connect in Azure – Part 1

/IamITgeek/2 Comments

Salaam, Namaste, Ola and Hello!

For those who are new to the blog, welcome, and to those returning a big thanks! In this weeks blog series I will be taking a closer look into utilizing Azure IaaS for backing up, in particular the Veeam Cloud Connect Service in Azure.

Veeam Service in Azure

This service is more applicable if you are a Managed Service Provider (MSP) as it allows you to host your customers backups on a multi-tenanted platform, offsite into the public cloud. Most IT professionals will have heard of Veeam and its range of products as they are one of leading vendors when it comes to data backup and replication. In part one of this series I will discuss the requirements as well as the initial configuration steps within Azure.

Veeam Cloud Connect in Azure Overview

The above diagram shows an overview of how the Veeam Cloud Connect service looks. As you can see you have multiple customers backing data over an SSL connection to cloud repositories in Azure. To be in a position to use this service, the end user/customer needs to meet the following prerequisites:

  • A Veeam Backup & Replication server is deployed and functioning in their on-premises infrastructure
  • The infrastructure is running on Microsoft Hyper-V or VMware (Veeam Agent for Windows is also supported for physical Windows servers)
  • The Veeam Backup & Replication Server has an Internet Connection

I will not be covering it in this blog but Backing up Office 365 mailboxes using Veeam Cloud Connect is also supported. For a Managed Service Provider to be able to offer this service they must meet the following prerequisites:

  • A current Azure tenant subscription
  • Is a Veeam Cloud Service Provider and has signed a rental agreement

Before going into the steps required to configure this service lets go through some of the key roles and concepts:

Roles and Concepts: The communication in Azure is between two parties, the Service Provider and the tenant. The Service Provider is the organization that provides the cloud infrastructure (mainly the repository) to the tenants, and the tenant is the customers who send data off site and stores their backups in the cloud infrastructure.

In Azure, the Service Provider needs to perform the following tasks:

  • Configure the Veeam Cloud Connect Infrastructure
  • Create the relevant backup repositories
  • Setup SSL certificates to allow for data encryption in transit
  • Create Cloud Gateways
  • Create and document the tenant user accounts

The customer (or in this case ‘tenants’) need to perform the following tasks:

  • Connect to the Azure hosted Veeam Cloud Connect platform from their on-premises Infrastructure.
  • Configure backup jobs targeted at the Veeam Cloud Connect repository

To get started with the Veeam Cloud Connect service in Azure you need to provision the virtual machine first via the ‘Azure Marketplace’. Now you have two options and it all depends on your requirement. If you are an Enterprise level company wanting to extend your backups offsite into Azure then ‘VCC for the Enterprise’ is the correct choice. For Managed Service Providers (MSP) who wish to run a multi tenanted solution in which they can send multiple customers backups into Azure then ‘VCC for Service Providers’ is what they require and that is what I went for.

Veeam Cloud Connect for Service Providers

One thing to note is the current version in the bottom left. As of the time of me writing this post, the latest version of Veeam is 9.5 update 4a which means the version in Azure is out of date. This means that if you are good with your patching and your on premises Veeam services are at the latest version you will need to update the version in Azure once the virtual machine is provisioned.

When you click on ‘Create’ it then takes you to create a virtual machines where you can select the relevant configuration including:

  • Virtual Machine name
  • Azure Region
  • Resource Group
  • Size
  • Administrator username and Password

That is it for part one, keep an eye out for part two where I will go into more details configuring the Veeam Cloud Connect Platform. Until next time, ‘IamITGeek’ over and out!