Wednesday, February 22, 2023

A Look at Veeam Backup & Replication v12 NAS Backup - Creating file share backup job

In the previous post "A Look at Veeam Backup & Replication v12 NAS Backup - Initial Configuration" we discussed about NAS backup architecture and the initial configuration needed to setup infrastructure. It is time to continue with the creation of the backup  job and its options

Give the backup job a name

Select the shares to protect

If  you want to exclude files from being backed up, go to Advanced

Select the repository (we use here S3 compatible on premises minio)

Advanced settings for the backup job will let you specify how many versions to protect

Specify how to process ACLs for files and folders

Define compression and encryption 

If you want to plan periodic backup file maintenance, you can do it here

You can run scripts pre and post job execution, for example if you want to create a snapshot of the file share before the job runs

In case you would like to get warnings in the job about skipped files, configure here

Because we use S3 compatible, we are asked about helper appliance. We will skip it.

On archival page we selected another S3 compatible storage, this time in AWS. We will AWS S3 bucket to hold a copy of the primary storage and also to move there any files older than 3 months

Here you can filter out files that are sent to acrhive

Finally, schedule the backup job

And run it

Wednesday, February 15, 2023

A Look at Veeam Backup & Replication v12 NAS Backup - Initial Configuration

NAS backup was introduced back in v10. At the time I published a small article about how to backup a VSAN based file share using Veeam Backup & Replication (VBR) that you can read here. A lot of things changed since v10 in terms of features added to NAS backup. The new release will add support for direct to object storage backup and immutability just to name a couple.

The architecture stayed fundamentally the same since the release and its main components can be seen in the following diagram : 

File share - storage device where our protected data (files) resides. 

File proxy - backup proxy that runs the data mover service, reads data from the file share and sends it to the backup repository.

Cache proxy - dedicated component in NAS backup architecture to keep metadata about the protected sources. The cache holds temporary data and is used to reduce the load on the source during backups. 

Backup repository  - storage location for the backups 

Backup server - controls and coordinates jobs and resource allocation

In a large environment the components will be sized and distributed accordingly on different machines. The lab setup is a bit different: All Veeam components on the same machine. As source we have installed a True NAS VM  serving 2 NFS file shares 

To populate the file shares we've used a simple bash script similar to the code below. To make it faster, we've used multiple scripts that we ran in parallel. 


for i in {1..100000}
    head -c 2K /dev/urandom > /mnt/filer/lots_of_files/2K_file_$i

The lab setup has limitations coming from ethernet connectivity between hosts, Intel NUC resources (SCSI interfaces of the local datastores, CPU and RAM) and resources allocated to the VMs. 

VBR Configuration
We will start preparing VBR for NAS backups. Add the required Veeam roles: NAS backup proxy and cache repo. Then we will connect the NFS shares to the server. For brevity of the post, steps in the wizard where no changes are done will be skipped.  

NAS Backup Proxy
In our scenario with all in one VBR deployment, the NAS backup proxy role will be installed by default on the backup server.

In case you would add the proxy role(s) on different machines, then you would need to start the "Add proxy" wizard from "Backup Infrastructure"

Select "General purpose backup proxy" 

Then choose your server to which you want to assign NAS proxy role. If the server you want is not in the list, press Add new to start adding it as a managed server. We've only lowered the number of max concurrent tasks due to lab resources availability. Normally you keep default settings. 

Next follow the wizard's screens and install the proxy role. 

Add Cache Repository

Cache repo role should be as close as possible to proxy and source. It holds metadata in memory, hence having a fast disk is not mandatory. In lab we install it on backup server VM, but in a prod environment you should move it to another machine to avoid resource competition (or size you backup server to accommodate the cache repo). To create a cache repo, go to Backup Repositories and start Add Backup Repository wizard and follow the wizard. No special configuration is needed. 

Select direct attached storage

Select repo OS
Give the repo a name

Select the managed server where to install the cache repo and disk location for the repo (press Populate button). It needs only a few GB of free space. If the server you want is not in the list, press Add new to start adding it as a managed server. 

Choose the folder for the repo

Use the default settings until the end of the wizard. It will install the transport service, 

Add file share
We are using NFS shares served from a TrueNAS VM. We'll go to "Inventory" and start "Add File  Share"

Enter the NFS path to the share. Here you can also select advanced settings on how to process the file share - directly from the filer or using a snapshot of the share

Next select to use any available proxy or specific one. In case you have a distributed architecture with multiple sites, you would select here the proxies closer to you share. Also, the cache repo and how aggressive you want the backup job to be are configured on the same step.

Finally, install Veeam components and finish adding the share.

Backup repository 
From the point of view of a backup repository there is no difference in v12 between a NAS job and a VM image one. Any available repository can be used now including direct to object storage and hardened repository. Just pick your favorite.  

Now you are ready to create the backup job - in this post A Look at Veeam Backup & Replication v12 NAS Backup - Creating file share backup job

Wednesday, February 1, 2023

Five Reasons to Monitor Your Infrastructure with Veeam ONE

 Veeam ONE (VONE) is the monitoring tool for your backup environment and not only. You can use it as well to gain visibility into your virtual infrastructure. And when you think at the features it provides out of the box such as proactive alerting, monitoring, reporting, capacity planning, chargeback, intelligent automation and diagnostics you understand the value it brings to your environment. But what got me so excited about Veeam ONE? Well, it was this:

It is a screen shot from VONE monitoring my lab environment. It's not the fact that there are alarms that got my attention. It is actually what each of those alarms is describing.

Let's look closer. Veeam ONE is monitoring in this case Veeam Backup & Replication server from my personal lab. Upon a quick look at the screenshot you will notice there are 5 different issue displayed. Some are errors, others just warnings. In both cases, these would prove to be critical if ignored in a production environment.

1. Backup repository connection failure 

My scale out backup repository has a capacity tier in Google Cloud Storage. The S3 bucket is not accessible anymore. This alarm triggers by default when the repo is not accessible for more than 5 minutes. 

2. Backup job state 

This alarm is looking at the state of all backup jobs. The backup job has ended with a error because the vSphere tags where deleted from vCenter Server. So no more backups for those VMs. 

3. Suspicious incremental backup size

This is one of the out of the box alarms that can help you in case of a ransomware attacks. It looks at changes in size between incremental backups and it triggers to let you know you should further investigate what's happening. 

4. Job disabled

There are disabled backup jobs. This can be on purpose or by mistake. In any situation, as a backup admin you would like to know if there are any and which they are. The predefined time before the alarm is triggered is 12 hours. More, this alarm has remediation actions. You just need to press "Approve Action" enter a comment and Veeam ONE will enable back the job. How cool is that!

Once the action is executed successfully and the job enabled in VBR, the status changes to let you know

5. Immutability state

Seems that even if I am using S3 compatible storage, immutability flag has not been set. In today's cybersecurity context, this is one small configuration that should be applied to all your repositories. Keep your backups protected from any type of modification. 


These are only 5 alarms out of hundreds in Veeam ONE that help you keep your IT infrastructure operating securely. The alarms are all coming out of the box, but you can customize them and create your own. As I stated above, any of the issues highlighted by the alarms will prove critical in case of a situation arising. So it's better to catch and solve them pro-actively.