1-Click Veeam Install on Windows 2012

With v7 there were a lot of improvements. One of those is the ability to do a silent or unattended install of Veeam Backup & Replication. There is actually a good kb article that describe how to install each individual component but it actually requires you to figure out dependencies or how to install SQL express. You can find it here.

One of the interesting scenario's why you could do and automated install is if you want to install a backup server at each branch office to use as a "restore" installation as described in my previous article "after the backup copy job the auto import". For me the trigger was actually a partner that just wanted an installer he could use at a customer to set up a very simple PoC very quickly.

After some considerations, I decided to install everything with powershell. Not only is it the preferred language for Windows 2012 scripting but it is also your primary scripting tool for Veeam Backup & Replication. The target platform is 2012, so I have no idea if my findings will work for 2008 and so on (for example the script will enable dotnet 3.5 on Windows 2012). So feedback is really appreciated.

You can find the automation script here

Now there are some dependencies that you need to fulfill before you can use it:

• Create a Windows 2012 machine
• Add it to a domain
• Create a user srvveeam in your domain (or change the param section at the start of the script)
• Download the Veeam Backup & Replication ISO. Then extract the following folders in a new empty folder: Backup, Catalog, Explorers and Redistr. Then add the script, bat file and your license (veeam_backup.lic) in the same folder as shown below.
  
• Give srvveeam user the required permissions for backup and replication in vCenter. You can find the fined grained permissions in the doc section of Veeam. Also alter the vCenter address in the script.
• I recommend scrolling through it and fine tweaking it to your environment.

Now installation will be quite easy, just right click runmeasadmin and run the bat file as an administrator.

Installation should start and install all necessary requirements for Windows 2012 including SQL Express. If one of the components is not installed successfully it  should fail. If something is already installed, the script should skip installing the specific item.

 

Cool thing about using powershell is that you can load the powershell snapin after you install it. So it means you autoconfigure Veeam for example to add proxies or repositories automatically to the new installation. This script will do the following in B&R after installation:

• Create credentials
• Create a new repository
• Add vCenter
• Create a single job that includes all the VMs (Maybe test and tweak before you use it in your 1000VM environment ;)). It will use the credentials created before to enable Application Aware Image Processing

 But of course your imagination is your only limitation when using Powershell :D.

Miniblog Series P003: When are my Veeam socket licenses being used/assigned?

A lot of times I got the question from people: "Do I need to license my target ESXi hosts for Veeam Backup & Replication in case I want to use the replication feature?" From a Veeam perspective, you don't, you only need licenses for the source hosts. However you do require VMware licenses at the source and target side because we need to be able to talk to the VMware API (which is not possible with the ESXi free edition.

A lot of companies also have separate development and production environments but both are typically connected to one vCenter. In this case, they get worried too if they only want Veeam for production. Because what will happen if you add vCenter to Veeam? Will it start complaining about not having enough sockets? No it won't!

If you read our FAQ it will actually tell you this info:
http://forums.veeam.com/viewtopic.php?f=2&t=17633#p85109

Q: How the product is licensed?
A: Per physical CPU socket of "source" hypervisor host (where protected virtual machines reside). Destination hosts for replication and migration jobs do not need to be licensed. Hosts running virtual machines which are not being processed by Veeam do not need to be licensed, even if they are a part of the same cluster.

Then how do we do the licensing. Actually this info is also in the FAQ.

Q: At what specific moment do the source host sockets get counted towards the licensed sockets pool?
A: Upon first backup, replication or copy of a VM that is running on the given host.

So when you start a new backup job it will first validate if the host running the source VM has the necessary sockets entitled to it. If it has, Veeam will continue to backup the VM. If there are no sockets assigned to the host, Veeam will check if you still have licenses available to assign. If yes, Veeam will assign them dynamically and continue to do the backup. If there are no sockets left, the backup will fail.

Now how do you check which host have which licenses assigned? Well just go to the main menu . There select help and then licensing information.

This will open up the license information dialog. If you click the "Licensed Hosts" button in the bottom left corner of this dialog, you can check your socket assignment. If a socket was accidentally assigned to a development host you can select it and then click the revoke button to remove the socket.

 

In this dialog you can also check the total/remaining amount of sockets.

In case you added your backup server to the Enterprise Manager, it will act as the central licensing server. In this case you execute the same actions from this central console. Just go to configuration tab and then select licensing.

 

Miniblog Series P002 : How do I succesfully open a call at Veeam?

For most vendors opening call is a very annoying and tedious process. Well for Veeam it is actually really easy and I can only recommend just opening a call with every problem you have. Sometimes I will visit people just to hear that they are having a very frustrated problems for months but then when I ask to send me a call number they have never actually opened a call. To be honest, this is a chicken/egg situation. You are not telling Veeam that you have a problem so it impossible for Veeam to solve it.

Collecting Logs

First of all start by collecting the logs. You can do this by going to the main menu. There under help > support information you can start the collection wizard.

When you first start the collection wizard it will ask you to define the scope. I can strongly recommend to do this as this will decrease the size of your log package dramatically. In case you have an error with a certain job, pick the job that is having troubles:

Next step is the Data range. Again limit the amount of days. I would suggest not only including the days with errors but at least to include one day where the job ran successful. This way you can show that the job has ran successfully in the past.

Now just enter a location where you want to save your logs:

In the last step the logs are collected:

Once it is done, you can click the open folder to find your logs:

If the log bundle is smaller then 15 MB you can upload it while opening the call. If the log is bigger there are a couple of things you can do:

• Just try to upload it during opening the call but you might experience http timeouts. While writing the article I was able to upload a file of 22MB but this really depends on your connection.
• Don't upload any logs but ask support for an FTP link to transfer your logs when you open the call
• Open up the log bundle and only upload specific logs. Alternatively split the logs in multiple zip files.

Who is the license owner

I often get the question, which login should I use to open the call. I can recommend to check the license owner and use his account as your support will be associated with it. If you can't find the login you can create a new account and just open a call. Then refer to the license owner so that support can validate your support information.  To find the person who is associated with your license just go to the main menu and click "about" under help.

In the licensee field you see the email address associated with it. Also it might also be a good time to write down the version number you are running, in this case Version : 7.0.764

Alternatively you can find the name by going to the main menu and clicking support information but this won't show the actual email address.

Opening the call

Opening the call can be done via the phone, but actually I prefer to do it via the web portal because it allows you to add additional information or to follow up the status.

First of all you should go to the support portal and sign in with the license owner account or create a new account. The portal can be found here:

http://www.veeam.com/support.html

Once you log in, validate that your contact details are correct so that support will be able to contact you successfully. You can do this by clicking edit profile in the right column:

Then on the next page you will be able to edit the email address or you phone number. Please double check before you start the process of opening a call.

Once you are happy with the contact detail, just click get support button. It will take you back to the main page where you will be able to click the open ticket button. You can also select the right product directly by clicking "open ticket" next to the licenses you have listed below.

First step is to fill in a title and describe the problem you have. Please also select the correct area where you are living and the severity. You can see response time associated with the severity in the right column.

Now select the product you are having problems with

Then select the version number. You can find the version number in the about window. Check the "who is license owner" if you can't find the about window. I always select English support but there are some other languages available as well. However if you don't mind English, it is good to understand that there are more technical people speaking English then any other languages. Then click next

The portal will now suggest some knowledge base articles. Please consider them. If nothing useful is there, click continue

Now you can attach your logs. First select the kind of issue you have. It will then suggest you to upload the correct/related log files. If your log bundle is big, you could opt to extract the specific file(s) and upload only the suggested log(s). I like to send the bundle because then support will have all the info at once. So select your log/bundle

Once you selected the logs, don't forget to click the upload button. I have made this mistake (not doing it) a hundred times. If you click next without doing it will just tell you that you haven't attached any logs and will ask you that you are sure you want to proceed

Once the logs are successfully submitted you will see the file appear in the uploaded file list

Then click next or upload additional log files. You will get a summary. Validate the fields and push the submit button to open a call.

You should receive a mail now with your ticket details and your call should be open. You should also see it in your support dashboard

Adding extra notes and viewing the status

If you want add additional notes, you can do this via the support dashboard

http://www.veeam.com/support.html

Just go to the open cases tab at the button and click details next to your ticket

In the next window you should be able to add more details. Also you will be able to follow the status of your case

Escalating the problem

Not a lot of people seem to know this but you can actually escalate a problem yourself. Only do it when you feel it is really necessary. First of all you can request and update via the web portal. Just click request update next to your call

You can also call support. Before you do it, first write the case number. To find the case number, again look at your open case.

Then click the phone support button to find the number you can call for your country

Finally if you feel like support is not helping you can escalate the problem to the support manager. Refer to your case number when contacting the support manager. By clicking the "Talk to a manager" button, your email client should open, creating a new email to the support manager distribution list.

Miniblog Series P001 : Where is the main menu in Veeam Backup & Replication?

Just to have some fun I will start some miniblogs. Just small questions I often get asked, maybe just to call it my personal "Screenshots FAQs". Instead of remaking the screenshots all the time, I will just put them online for everybody to enjoy! :)

In our manual, we will sometimes refer to the main menu. I had some cases where people where unable to understand what the main menu is. Well it is just the blue button in the top left corner of the UI :)

Veeam One and Backup Servers : HRESULT: 0x80070005 (E_ACCESSDENIED)

One of the nicest thing Veeam One 6.5 added is the support to monitor and report on your backup infrastructure. In Veeam One 7 the possibilities are now expanded. For example a lot of reports for Backup & Replication has been added. For the monitoring part, you can now really monitor CPU/MEM/Network via One console. One will collect the data via WMI so it is a pretty standard approach.

It is really interesting as I often have customers telling me that B&R reporting is limited. Then I will show them Veeam One reporting and they will be blown away. Sometimes it even happens that the customer has a Veeam Essentials license and that he is unaware of the fact that he already has the licenses for One. Basically Veeam Essentials is the Veeam Backup Management Suite but limited to 6 sockets.

To start using it just go to the Data Protection View, right-click the Backup Infrastructure node in the inventory pane and choose Add Server from the shortcut menu. I would recommended adding the enterprise manager so that all your backup servers are automatically added.

When you add Veeam Backup & Replication to the Veeam One server you will use a certain user to connect to the backup server. Most cases it will be a separate service user. In my case I use "vlab\srvone".

Following the docs this "srvone" user should have local administrator rights on the backup server:

The account must have local Administrator permissions on the backup server and on all servers that run backup infrastructure components. For details on required permissions for Veeam backup servers

http://helpcenter.veeam.com/one/70/vsphere/backup_add_server_select.html
http://helpcenter.veeam.com/one/70/vsphere/backup_specify_server_creds.html

However I was getting an error on some of the proxies ( HRESULT: 0x80070005 (E_ACCESSDENIED) ). Basically One is unable to connect via WMI:

This make sense as Veeam One uses the same credentials you specified when adding the enterprise manager. You can check the credentials used by right clicking the enterprise manager and clicking "Change Connection Settings"

So if you are in this case, it probably means that srvone is not added to the local administrator group on your proxy servers. There are 2 things you can do. First of all you can right click the component and override the credentials for that certain proxy or repository. I had to do this for a remote repository / wan accelerator that is not in the domain.
http://helpcenter.veeam.com/one/70/vsphere/changing_connection_for_backup_servers.html

You could also of course add the user to the local administrator group. However I have some core servers in demo. So here is the oneliner you can use to add the user to the local admin group via cli

 net localgroup Administrators /add vlab\srvone

After this is done, you can resolve the alarm on the server. After 15m you should see WMI data flow in on the Network tab for example

For my lab I also have this oneliner I always use to disable the firewall. Might be irrelevant to this article but still in demo setups I always use it to make sure it is not a firewall issue I'm running into

 netsh advfirewall set allprofiles state off

After the backup copy job, the auto import

For me personally the most interesting feature in Veeam v7 would be the backup copy job. Why? Well it solves one of the most important challenges Veeam users were having with backup policies.

First of all you can now do tiering of your backups. Start by creating fast backups on fast disks with a limited amount of restore points, then use the backup copy job to copy the data to slower disks for a longer retention. Before this was also possible ... with scripts!

Second of all, you can now apply GFS like retention policies. I like that GFS is only available on the backup copy job. It forces people to think about tiering in combination with GFS to slow disks, so that you still have a (limited) amount of fast restore points to do Instant VM Recovery and Surebackup. Before this was also possible ... with scripts!

Lastly WAN acceleration is now built into the product. People were trying to get there backups off-site with previous versions but maybe not always in the most successful way. People were using of course scripts to RSYNC & Robocopy to get the backups shipped to a second location but didn't always liked how much bandwidth this required or the manual actions they had to take. Now you can get your backups off-site via very small connections. Best of all, you no longer require somebody to manually export the tapes and take them home everyday so that your corporate data is safe.

But what about those off-site copies? Getting your restore points off-site is the easy part. You can just use the backup copy job. Actually there are 2 ways you can get your backups of site.

In the push strategy, you will install the Veeam B&R Management Server on the source location. Backups will be made by a source proxy to a source repository. Then the backup copy job will send the data to the remote location. This is mostly used when your IT staff is working on the source location. One disadvantage about this scenario is that you can not share WAN accelerators between management servers in v7. Since every location is running their own Management Server, you will have to install multiple Windows servers for each WAN accelerator instance. However, connection outages won't result in backups not running locally.

In the pull strategy, you will install the Veeam B&R Management Server on the remote location (or HQ in a ROBO design). You will have a source proxy and a source repository. Local backups will be made locally but scheduled by the remote location. The backup copy job will then copy the data to the remote location. This scenario is mostly used when you have centralized IT and you have very stable connections between HQ and your branch offices. In this case, because the Management Server is running centrally, you don't need to deploy a windows server for each pair of WAN accelerators. In fact, you can profit from the fact that if you set up a new WAN accelerator pair, the server will copy the cache from an existing WAN accelerator on HQ.

In the push strategy your local and remote backups will be visible as restore points at the source side. This is is good when you want to do local restores. However what if you want to do a file level recovery at the remote location? In this case you could have a clean install of the backup management server and import the backups there.

In the pull strategy restoring at the remote side or HQ is easy. However restoring locally is hard because you will need a clean install of the backup management server and import the backup locally just to do a file level recovery.

How to solve it? Well actually in both scenario I would start by installing a local empty management server. Please don't forget to install the Powershell SnapIn as well, as we need to do the autoimport. From a licensing perspective, you can reuse your license because this empty install won't be backing up any VM's and so you won't consume any sockets. Notice that both Veeam servers should be running the same version or at least the server importing should be newer or the same level as the one creating the backups.

Once you installed the empty server you can start by adding the repository directory as a new repository on the clean installed server. When you add the repository give it a name but start with the prefix "WANBCJ". Alternativally you can alter the script I am providing you later.

In the last step you can then click to automatically import existing backups

After this is done you should see your backups appear as "imported" and you can start FLR or Instant VM Recovery easily via the regular way.

One thing that won't happen however is that your repository will be automatically for new restore points. So if a couple of weeks later, you need to do a restore of a freshly copied restore point, you will have to manually rescan your repository. It's quite easy to do this. Just go to the repository in backup infrastructure, right click it and choose rescan

Well now here is the fun part. You can easily automate this. Just open up a Powershell window, by going to the main menu (it's the blue button in the top left corner of the GUI)

Ok so the basic script is actually one line of code:

Get-VBRBackupRepository | where { $_.name -match "^WANBCJ" } | ForEach-Object { Sync-VBRBackupRepository -Repository $_ | out-null}

You can see why WANBCJ is required as a prefix as the code will match any repository where the name start with WANBCJ. Then for each of these repository we will ask a resync. You can see the result poping up in the history tab

Now lets make this code automated. The easiest way on various platforms is just to create a ps1 file and add the following code to it:

Add-PSSnapin -Name "VeeamPSSnapin"
Get-VBRBackupRepository | where { $_.name -match "^WANBCJ" } | ForEach-Object { Sync-VBRBackupRepository -Repository $_ | out-null}

Notice that there is some added code that will load the VeeamPSSnapin. When you trigger powershell via the Veeam menu it is done automatically. However, the task scheduler of windows won't do it for you so you have to do it manually. In my case I have saved the script under c:\vbrscripts\syncrepo.ps1

Now in the Windows task scheduler you can schedule a new task to run this script on a daily basis (or more frequently if your prefer). You can see the program is "powershell" and the argument is the path to the script enclosed with quote signs.

If you want to test that it works, just hit the run button and see if you can see the event in the history tab.

The nice thing about this script is that if you add another repository which names starts with WANBCJ, you won't have to do anything as it will be automatically rescanned!