At the end of January, Update 4 for Veeam Availability Suite 9.5 was released, full of features like another full-fledged major release. Today I will briefly talk about the main innovations implemented in Veeam Backup & Replication, and I promise to write about Veeam ONE in the near future. In this review, we'll look at:

• versions of systems and applications that the solution now supports
• work with cloud infrastructures
• backup improvements
• improvements in recovery
• new in vSphere and Hyper-V support

We will also learn about improvements in working with virtual machines running Linux, about new plugins and other features.

So, welcome to cat.

Support for Windows Server 2019, Hyper-V 2019, latest applications and platforms

Microsoft Windows Server 2019 supported as:

• guest OS for protected virtual machines
• server to install Veeam Backup & Replication and its remote components
• machine that can be backed up using Veeam Agent for Microsoft Windows

Similar support has been implemented for Microsoft Windows 10 October 2018 Update.

New version of hypervisor supported Microsoft Windows Server Hyper-V 2019, including support for VMs with virtual hardware version 9.0.

For popular systems and applications Microsoft Active Directory 2019, Exchange 2019 и SharePoint 2019 supported application-aware processing backup and application object recovery using Veeam Explorer tools.

For VMs with Windows guest OS, support is implemented Oracle Database 18c - also taking into account the operation of the application, including the backup of logs and the ability to restore to a selected point.

In addition, VMware vSphere 6.7 U1 ESXi, vCenter Server and vCenter Server Appliance (VCSA), and VMware vCloud Director 9.5 are now supported.

Flexible backup storage options with Capacity Tier

Capacity Tier is a new approach to storing backups in a scale-out backup repository (SOBR) with the ability to automatically upload data to cloud storage.

With the help of Capacity Tier and storage policies, you can organize an effective tiered storage system, in which “at arm's length” (that is, in a sufficiently operational storage) there will be fresh backups in case of online recovery. After the expiration of the set period, they will move into the category of "second freshness" and automatically leave for a remote site - in this case, to the cloud.

Capacity Tier requires:

1. one or more SOBR repositories containing 1 or more extent repositories
2. one cloud repository (so-called object storage repository)

Cloud S3 Compatible, Amazon S3, Microsoft Azure Blob Storage, IBM Cloud Object Storage are supported.

If you plan to use this functionality, you will need to:

1. Configure backup repositories to be used as SOBR repository extents.
2. Set up a cloud repository.
3. Set up a scalable SOBR repository and add extension repositories to it.
4. Set up a cloud repository binding to SOBR and set a policy for storing data and uploading it to the cloud - this will be the configuration of your Capacity Tier.
5. Create a backup task that will save backups to the SOBR repository.

With point 1, everything is pretty obvious (for those who have forgotten, there is documentation in Russian). Let's move on to point 2.

Cloud storage as an element of the Veeam Backup infrastructure

About setting up a cloud repository (aka object storage) is written in detail here (so far in English). In short, you need to do the following:

1. In view Backup Infrastructure select a node in the panel on the left Backup Repositories and in the top menu click on the item Add Repository.
2. Choose which cloud storage we will configure:

   
   

3. Next, we go through the steps of the wizard (for example, I will consider Amazon S3)

Note: Class stores supported Standard и Infrequent Access.

1. First, we enter a name and a brief description of our new repository.
2. Then we specify an account for accessing Amazon S3 - select an existing one from the list or click Add and enter a new one. From the list of regions where data centers are located data center region select the desired region.

   
   
   Tip: To specify the accounts used when working with cloud components, a Cloud Credential Manager.

   
   

3. If you need to regulate Internet traffic through the gateway (gateway), you can select the option Use gateway server and specify the desired gateway.
4. We specify the settings for the new storage: the required bucket, the folder where our backups will be stored, the limit on the total amount of space (optional) and the storage class (optional).

   
   
   Important! One folder can be associated with only one object storage! In no case should you configure several of these repositories that “look” at the same folder.

5. At the final step, check all the settings and click Finish.

Setting up uploading backups to cloud storage

Now we configure the SOBR repository accordingly:

1. In view Backup Infrastructure select a node in the panel on the left Backup Repositories and in the top menu click on the item Add Scale-out Repository.
2. On the step of the master performance tier specify extents for it and say how to add backups to them:

   
   

3. On the move Capacity Tier:
   • choose an option Extend scale-out backup repository capacity with object storage (expand the repository capacity by using object storage) and specify which cloud object storage to use. You can select from the list or start the creation wizard by clicking Add.
   • we say what days-hours you can upload to the cloud - for this, press the button Window (load window).
   • we set up a storage policy - we specify after how many days of storage in the SOBR repository the data will become "second freshness", and they can be transferred to the cloud - in our example it is 15 days.
   • you can enable data encryption when uploading to the cloud - to do this, select the option Encrypt data uploaded to object storage and specify which of the passwords stored in Credential Manager, must be used. Encryption is performed using AES 256-bit.

     

By default, data is collected from extents and transferred to object storage using a special type of job - SOBR Offload job. It runs in the background, named after the SOBR repository with the suffix Offload (Eg, Amazon Offload) and performs the following operations every 4 hours:

1. Checks if the backup chains stored in extents meet the criteria for moving to the object store.
2. Gathers validated chains and sends them block by block to the object store.
3. Writes the results of its session to the database so that the administrator can view them if necessary.

The scheme of data transfer and the structure of their storage in the cloud is shown in the figure below:

Important! To create such a tiered storage system, you need an edition license of at least Enterprise.

Backups saved to the cloud, of course, can be used to restore directly from the storage location. Moreover, you can also download them from the cloud to the ground and restore them using even the free Veeam Backup Community Edition.

New in working with cloud infrastructures

To work with Amazon

• Restoring backups directly to AWS - Supported for Windows or Linux guest VMs, as well as for physical machines. All this can be restored to virtual machines in AWS EC2VMIncluding Amazon Government Cloud и Amazon China.
• Native UEFI2BIOS conversion works.

To work with Microsoft Azure

• Implemented support for Azure Government Cloud and Azure CSP subscriptions.
• It is possible to select a network security group when restoring to an Azure IaaS VM.
• When signing into the cloud with an Azure account, you can now specify an Azure Active Directory user.

New in application support

• Implemented support for running applications on vSphere virtual machines Kerberos authentication. This will allow you to disable NTLM in the network settings of the guest OS to prevent attacks using hash transfer, which is very important for infrastructures with not the highest level of control.
• Transaction Log Backup Module SQL и Oracle now uses a non-system drive as an auxiliary location when backing up logs С, where there is often not enough space, but the volume with the maximum free space. The Linux VM will use the directory / var / tmp or / Tmp, also depending on free space.
• When backing up logs Oracle redo logs they will be analyzed in order to preserve guaranteed recovery points Guaranteed Restore Points (are part of a built-in feature Oracle Flashback).
• Added support Oracle DataGuard.

Improved Backup

• The maximum supported disk and backup file size has increased by more than 10 times: with a block size of 1 MB for a .VBK file, the maximum backup disk size can now be 120 TB, and the maximum size of the entire backup file is 1 PB. (Verified by testing 100 TB for both values.)
• For backups without encryption, the amount of metadata is reduced by 10 MB.
• Optimized the performance of the initialization and completion of the backup task; as a result, backups of small VMs will go almost twice as fast.
• The module responsible for publishing the content of the VM image has been redesigned, which has significantly accelerated recovery at the file level and at the object level.
• Preferred Networks settings will now apply to WAN accelerators.

New in recovery

The new ability to recover an entire VM is called Staged Restore - phased restoration. In this mode, the VM is restored from the required backup, first in the sandbox (now called DataLab), on the guest OS, you can run your own script to make changes to the database contents, OS or application settings. The VM with changes already made can then be migrated to the production infrastructure. This can be useful, for example, to install the necessary applications ahead of time, enable or disable settings, delete personal data, etc.

You can read more here (in English).

Note: Minimum license required Enterprise.

It also became possible Secure Restore - safe recovery (works for almost all types of recovery). Now you can check the files of the VM guest system (directly in the backup copy) for viruses, trojans, etc. before starting the recovery process. — for this, the VM disks are mounted to the mount-server associated with the repository, and the scanning procedure is started using the antivirus installed on this mount-server. (It is not necessary that the mount server and the VM itself have the same antivirus.)

Microsoft Windows Defender, Symantec Protection Engine and ESET NOD32 are supported out of the box; you can specify another antivirus if it supports operation via the command line.

You can read more here (in English).

New in working with Microsoft Hyper-V

• You can now add groups of Hyper-V VMs to backup and replication tasks.
• Instant recovery to Hyper-V VMs from backups created using Veeam Agent supports Windows 10 Hyper-V as a target hypervisor.

New in working with VMware vSphere

• Multifold improved vPower NFS write cache performance for more efficient instant VM recovery and optimized SSD usage.
• vPower NFS now works more efficiently with the SOBR repository, allowing more virtual machines to be processed in parallel.
• The vPower NFS server has the option to authorize hosts by IP address (by default, access is granted to the ESXi host providing the vPower NFS datastore). To disable this feature in the mount server registry, go to HKEY_LOCAL_MACHINE
  SOFTWAREWOW6432NodeVeeamVeeam NFS and create a key under it vPowerNFSDisableIPAuth
• You can now configure the SureBackup job to use the vPower NFS cache (in addition to redirecting write changes to the vSphere datastore). This resolves the issue of using SureBackup for VMs with disks larger than 2TB in cases where the only storage for vSphere is VMware VSAN.
• Implemented support for Paravirtual SCSI controllers with more than 16 attached disks.
• Quick Migration now automatically migrates vSphere tags as well; these tags are preserved during instant VM recovery.

Improvements in Linux VM support

• For accounts to be raised to root, now there is no need to add the option NOPASSWD:ALL for sudoers.
• Added support for enabled option !required in sudoers (this is the default setting, for example, for CentOS).
• When registering a Linux server, you can now switch using the command suif the command sudo not available.
• SSH fingerprint verification (fingerprint) now applies to all Linux server connections - to protect against MITM attacks.
• Improved the reliability of the PKI authentication algorithm.

New plugins

Veeam Plug-in for SAP HANA - helps to use the BACKINT interface to backup and restore HANA databases to / from the Veeam repository. Implemented HCI SAP HANA support. The solution is certified by SAP.

Veeam Plug-in for Oracle RMAN - allows you to use RMAN manager to backup and restore Oracle databases to/from the Veeam repository. (There is no need to replace the existing built-in integration based on OCI.)

Additional features

• Experimental block cloning support for deduplicated files on Windows Server 2019 ReFS. To activate this feature in the registry of the Veeam backup server, you need to find the key HKEY_LOCAL_MACHINESOFTWAREVeeamVeeam Backup and Replication and create value ReFSDedupeBlockClone (DWORD).
• The setup now includes Microsoft SQL Server 2016 SP1.
• JSON support is implemented for working with RESTful API.

What else to read and see

Solution overview (in Russian)
Comparison of editions (in Russian)
User manual (in English) for VMware и Hyper-V

Only registered users can participate in the survey. Sign in, you are welcome.

Which of the new products would you be interested in learning more about first?

• Capacity tier for backup storage

• Working with Amazon Cloud Infrastructures

• New plugins for backing up SAP HANA, Oracle databases

• New restore options Staged Restore, Secure Restore

• New Features of Veeam ONE

• Other (write in comments)

20 users voted. 8 users abstained.

Source: habr.com