Windows Server 2016 Core is a minimal installation that has a smaller footprint which translates to a smaller attack surface. Having security in mind, it make perfect sense to use Core for deploying server components on it.
Veeam Backup for Microsoft Office 365 (VBO365) allows to back up and recover Microsoft Office 365 and on-premises Exchange and SharePoint organizations data containing Microsoft Exchange items, Microsoft SharePoint items, and OneDrive documents.
VBO365 is made of several components:
- VBO365 server
- console
- SharePoint explorer
- Exchange explorer
- PowerShell extensions
Since VBO365 is modular and since it needs Internet access, it can be installed on separate machines. In our case, we'll install server and PowerShell extension on a Windows Server 2016 Core situated in DMZ and the console and explorers on the admin workstation in the management area. Repository space will be provisioned on the local disk of VBO365.
First, we start by deploying a virtual machine with Windows Server 2016 Core installed on it. The VM is deployed from a template created previously. To create the template do the follwing:
- configure a VM with 1 vCPU, 512 MB of RAM and 32 GB of disk
- upload the Windows iso file on a datastore
- attach the VM CDROM to the iso file
- start the VM and follow the installation steps - basic Windows install, just choose the Windows install without Desktop Experience
- enter the license key and wait for the install to finish
Remember that Core installation is minimal and restrictive. Hence you would need to enable remote administration and file sharing. This can be done either by using netsh commands or PowerShell.
PowerShell
1
2
| Enable-NetFirewallRule -DisplayGroup "Remote Desktop"
Enable-NetFirewallRule -DisplayGroup "File and Printer Sharing"
|
netsh
1
2
| netsh advfirewall firewall set rule group=”Remote Desktop” new enable=Yes
netsh advfirewall firewall set rule group=”File and Printer Sharing” new enable=Yes
|
Once the VM has been installed and configured, convert it to a template. Create a customization specification in vCenter Server and deploy a VM from the template. Before powering on the new VM, resources as demanded by VBO - in a very strict lab environment you could start with 2 vCPU and 4 GB of RAM.
It's now time to install VBO365. The distribution package is made of 3 msi files:
- Veeam Backup for Microsoft Office 365
- Veeam Explorer for Microsoft Exchange
- Veeam Explorer for Microsoft SharePoint
Since we will install separately the server and the explorers, we need to transfer only server msi file. Copy the file to a share on the virtual machine. Then logon to the server and in cmd prompt change location to where the installer has been copied. To install VBO365 server from command line, run the following command:
1
| msiexec /i "Veeam.Backup365_2.0.0.567.msi" /qn ADDLOCAL=BR_OFFICE365,PS_OFFICE365 /L*V "vbo365.log"
|
This will install only server (BR_OFFICE365) and PowerShell extension (PS_OFFICE365). The install will not show any prompt (/qn) and it will log everything to vbo365.log file in the same folder with the install file.
During installation monitor the log file. Once the install is completed successfully, you will see the following lines at the end of the file:
1
2
| MSI (c) (E8:C0) [22:10:14:349]: MainEngineThread is returning 0
=== Verbose logging stopped: 8/29/2018 22:10:14 ===
|
We need to do two more tasks before moving to installation on admin workstation:
- check services are runing
- open firewall ports
To check the services are running, type the following command in PowerShell:
1
| Get-Services "Veeam*" | Format-List
|
You should see the following output:
If any service is not running, you may enable and start it:
1
2
| Set-Service -Name "Veeam.Archiver.RestFul.Service" -StartupType Automatic
Start-Service -Name "Veeam.Archiver.RestFul.Service"
|
To enable firewall ports for the 3 services, run the following:
1
2
3
| New-NetFirewallRule -DisplayName "Open Port 9191" -Direction Inbound -LocalPort 9191 -Protocol TCP -Action Allow
New-NetFirewallRule -DisplayName "Open Port 9194" -Direction Inbound -LocalPort 9194 -Protocol TCP -Action Allow
New-NetFirewallRule -DisplayName "Open Port 4443" -Direction Inbound -LocalPort 4443 -Protocol TCP -Action Allow
|
It's time to logon to admin workstation where console and explorers will be installed. Transfer all 3 msi files to admin workstation, open a command prompt, change folder to msi path and run the following commands one by one (not all at the same time):
1
2
3
| msiexec /i "Veeam.Backup365_2.0.0.567.msi" /qn ADDLOCAL=CONSOLE_OFFICE365,PS_OFFICE365 /L*V "vbo365-console.log"
msiexec /i "VeeamExplorerForExchange_9.6.3.567.msi" /qn ADDLOCAL=BR_EXCHANGEEXPLORER,PS_EXCHANGEEXPLORER /L*V "vbo365-vex.log"
msiexec /i "VeeamExplorerForSharePoint_9.6.3.568.msi" /qn ADDLOCAL=BR_SHAREPOINTEXPLORER,PS_SHAREPOINTEXPLORER /L*V "vbo365-vsp.log"
|
We are ready to connect to VBO365 and start configuring it. But this, in the next post.
UPDATE 2018/12/4
Updating VBO365 from command line. Latest VBO patch comes in the form of msp file. To update VBO installation you would simply need to copy the file on the server and run the following command:
msiexec /update VBO2.0-KB2765.msp /qb /log patch.log
You can view the log after the install. Remote proxies can be upgraded from the console.