Windows Server Deduplication, Veeam Repositories, and You!

Backup, among other things, is very good at creating multiple copies of giant buckets of data that don’t change much and tend to sit for long periods of time. Since we are in modern times, we have a number of technologies to deal with this problem, one of which is called deduplication with quite a few implementations of it. Microsoft has had server-based storage versions since Windows 2008 R2 that has gotten better with each release, but as any technology still has its pitfalls to be mindful of. In this post I’m going to look a very specific use case of Windows server deduplication, using it as the storage beneath your Veeam Backup and Replication repositories, covering some basic tips to keep your data healthy and performance optimized.

What is Deduplication Anyway?

For those that don’t work with it much imagine you had a copy of War and Peace stored as a Word document with an approximate file size 1 MB. Each day for 30 days you go into the document and change 100 KB worth of the text in the document and save it as a new file on the same volume. With a basic file system like NTFS this would result in you having 31 MB tied up in the storage of these files, the original and then the full file size of each additional copy.

Now let’s look at the same scenario on a volume with deduplication enabled. The basic idea of deduplication replaces identical blocks of data with very small pointers back to a common copy of the data. In this case after 30 days instead of having 31 MB of data sitting on disk you would approximately 4 MB; the original 1 MB plus just the 100 KB of incremental updates. As far as the user experience goes, the user just sees the 31 files they expect to see and they open like they normally would.

So that’s great when you are talking about a 1 MB file but what if we are talking about file storage in the virtualization world, one where we talking about terabytes of data multi gigabyte changes daily? If you think about the basic layout of a computer’s disk it is very similar to our working copy of War and Peace, a base system that rarely changes, things we add that then sit forever, and then a comparatively few things we change throughout the course of our day. This is why for virtual machine disk files and backup files deduplication works great as long as you set it up correctly and maintain it.

Jim’s Basic Rules of Windows Server Deduplication for Backup Repositories

I have repeated these a few times as I’ve honed them over the years. If you feel like you’ve read or heard this before its been part of my VeeamON presentations in both 2014 and 2015 as well as part of blog posts both here and on 4sysops.com. In any case here are the basics on care and feeding your deduplicated repositories.

  1. Format the Volume Correctly. Doing large-scale deduplication is not something that should be done without getting it right from the start. Because when we talk about backup files, or virtual disks in general for that matter, we are talking about large files we always want to format the volume through the command line so we can put some modifiers in there. The two attributes we really want to look at is /L and /A:64k. The /L  is an NTFS only attribute which overrides the default (small) size of the file record. The /A controls the allocation unit size, setting the block size. So for a given partition R: your format string may look like this:
  2. Control File Size As Best You Can. Windows Server 2012 R2 Deduplication came with some pretty stringent recommendations when it came to maximum file size and using deduplication, 1 TB. With traditional backup files blowing past that is extremely easy to do when you have all of your VMDKs rolled into a single backup file even after compression. While I have violated that recommendation in the past without issue I’ve also heard many horror stories of people who found themselves with corrupted data due to this. Your best bet is to be sure to enable Per-VM  backup chains on your Backup Repository (Backup Infrastructure> Backup Repositories> [REPONAME] > Repository> Advanced).
  3. Schedule and Verify Weekly Defragmentation. While by default Windows schedules weekly defragmentation jobs on all volumes these days the one and only time I came close to getting burnt but using dedupe was when said job was silently failing every week and the fragmentation became too much. I found out because my backup job began failing due to corrupted backup chain, but after a few passes of defragmenting the drive it was able to continue without error and test restores all worked correctly. For this reason I do recommend having the weekly job but make sure that it is actually happening.
  4. Enable Storage-Level Corruption Guard. Now that all of these things are done we should be good, but a system left untested can never be relied upon. With Veeam Backup & Replication v9 we now have the added tool on our backup jobs of being able to do periodic backup corruption checks. When you are doing anything even remotely risky like this it doesn’t hurt to make sure this is turned on and working. To enable this go to the Maintenance tab of the Advanced Storage settings of your job and check the top box. If you have a shorter retention time frame you may want to consider setting this to weekly.
  5. Modify Deduplication Schedule To Allow for Synthetic Operations. Finally the last recommendation has to do more with performance than with integrity of data. If you are going to be doing weekly synthetic fulls I’ve found performance is greatly decreased if you leave the default file age before deduplication setting (3 or 5 days depending on version of Windows) enabled. This is because in order to do the operation it has to reinflate each of the files before doing the operation. Instead set the deduplication age to 8 days to allow for the files to already be done processing before they were deduplicated.  For more information on how to enable deduplication as well as how to modify this setting see my blog over on 4sysops.com.

Well with that you now know all I know about deduplicating VBR repositories with Windows Server. Although there is currently a bug in the wild with Server 2016 deduplication, with a fix available, the latest version of Windows Server shows a lot of promise in its storage deduplication abilities. Among other things it pushes the file size limit up and does quite a bit to increase performance and stability.

Veeam Vanguard Again in 2017

It has been a great day here because today I learned that I have once again been awarded acceptance into the excellent Veeam Vanguard program, my third time. This program, above any others that I am or have been involved with takes a more personal approach to creating a group of awardees who not only deserve anything good they get out of it but give back just as much to the community itself. In only its 3rd year the group has grown; from 31 the first year, 50(ish) the second, to a total of 62 this year. There are 21 new awardees in that 62 number so there really isn’t a rubber stamp to stay included, it is legitimately awarded each year. The group has grown each year but as you can see not by the leaps and bounds others have, and for good reason. There is no way this experience could be had with a giant community.

At this point in the post I would typically tell you a bit about what the Vanguard program is and isn’t but honestly, Veeam’s own Dmitry Kniazev really put it best in a couple recent posts, “Veeam Vanguard Part 1: WTH Is This?” and “Veeam Vanguard Part 2: What It’s Not.”  What I will add is that as nice as some of the perks are, as DK says in the Part 1 post the true perk is the intangibles; a vibrant community full of some of the smartest, most passionate people in the industry and in many cases access right to the people approving and disapproving changes to their software. These are the thing that made me sweat approval time.

Once again I would give a giant thank you to Veeam Software and especially the whole Vanguard crew. This includes Rick Vanover, Clint Wyckoff, Michael White, Michael Cade, Anthony Spiteri, Kirsten Stoner, Dmitry Kniazev, Andrew Zhelezko and finally Doug Hazelman. Without these people it wouldn’t be nearly as nice.

Fixing Domain Controller Boot in Veeam SureBackup Labs

We’ve been dealing with an issue for past few runs of our monthly SureBackup jobs where the Domain Controller boots into Safe Mode and stays there. This is no good because without the DC booting normally you have no DNS, no Global Catalog or any of the other Domain Controller goodness for the rest of your servers launching behind it in the lab. All of this seems to have come from a change in how domain controller recover is done in Veeam Backup and Replication 9.0, Update 2 as discussed in a post on the Veeam Forums. Further I can verify that if you call Veeam Support you get the same answer as outlined here but there is no public KB about the issue. There are a couple of ways to deal with this, either each time or permanently, and I’ll outline both in this post.

The booting into Safe Mode is totally expected, as a recovered Domain Controller object should boot into Directory Services Restore mode the first time. What is missing though is that as long as you have the Domain Controller box checked for the VM in your application group setup then once booted Veeam should modify the boot setup and reboot the system before presenting it to you as a successful launch. This in part explains why when you check the Domain Controller box it lengthens the boot time allowed from 600 seconds to 1800 seconds by default.

On the Fly Fix

If you are like me and already have the lab up and need to get it fixed without tearing it back down you simply need to clear the Safe Boot bit and reboot from Remote Console. I prefer to

  1. Make a Remote Console connection to the  lab booted VM and login
  2. Go to Start, Run and type “msconfig”
  3. Click on the Boot tab and uncheck the “Safe boot” box. You may notice that Active Directory repair option is selected
  4. Hit Ok and select to Restart

Alternatively if you are command inclined a method is available via Veeam KB article 1277  where you just run these commands

it will reboot itself into normal operation. Just to be clear, either of these fixes are temporary. If you tear down the lab and start it back to the same point in time you will experience the same issue.

The Permanent Fix

The problem with either of the above methods is that while they will get you going on a lab that is already running about 50% of the time I find that once I have my DC up and running well I have to reboot all the other VMs in the lab to fix dependency issues. By the time I’m done with that I could have just relaunched the whole thing. To permanently fix the root issue is you can revert the way DCs are handled by creating a single registry entry as shown below on the production copy of each Domain Controller you run in the lab.

Once you have this key in place on your production VM you won’t have any issues with it going forward as long as the labs you launch are from backups made after that change is put in use. My understanding is this is a known issue and will eventually be fixed but at least as of 9.5 RTM it is not.

The Most Magical Time of Year: Influencer Program Selection Season!

Each year many of the major companies in the tech industry allow people to be nominated, by themselves or by others, to be recognized for the contributions to the community that surrounds that company’s products. These people are typically active on social media, in both online and in person forums and user groups and often will write blogs about their experiences with the products. In return for what is essentially free, grass-roots type marketing the companies will provide awardees any number of benefits; access to licenses for products for homelabbing as well as sometimes access to engineers, preferred experiences at conferences, NDA level information, etc but in some cases the biggest benefit is the recognition itself.

As of today (November 10, 2016) two of the bigger and in my opinion one of the best programs are all open for nominations.

Program Name Program Leader Nomination Link
Cisco Champions Lauren Friedman Nomination Link
VMware vExpert Corey Romero Nominations Accepted until 12/16
Veeam Vanguards Rick Vanover Nominations Accepted until 12/9

I’m honored to be both a vExpert and a Veeam Vanguard and like to think of myself as an honorary Cisco Champion (they can’t accept government employees) so I have some experience with each of these programs. Let’s take a look at all three.

vexpert-624x111VMware vExpert may not necessarily be the oldest influencers program but it is probably the one socially active technical people know except possibly the Microsoft MVP program. In many ways vExpert is not only an honorary of its own right but a launch pad towards acceptance into other programs. vExperts are as far as I know the largest such group with around 1500 members world-wide, it also boasts some really good benefits not only from VMware but from other companies in the virtualization ecosphere. There are many webinars and meet and greets throughout the calendar year which are either vExpert only or vExpert preferred and the vExpert party at VMworld is well-known as one of the best. The distinction I make most about vExpert is that while it is for and by VMware, some years much of the educational focus is on the ecosphere and community that surrounds it.

The vExpert program offers 4 paths to membership. The one most are in is the Evangelist path. These may be customers, partners or VMware employees themselves, but they are people speaking the good word of VMware. There are also specific paths for Partners and Customers but I don’t know that I’ve ever met anyone who was awarded in those tracks. Finally if you have achieved the highest level of VMware certification, VCDX, you automatically are awarded vExpert status.

ciscochampion2016-512-nodateCisco Champions contrasts from vExpert most because it is a self-contained program with all the educational opportunities and benefits being from Cisco Systems itself. With the Champions there aren’t so many of the freebies with the notable exception of some nice perks if you attend CiscoLive, but what they do offer is exposure of your personal brand. Between the weekly Cisco Champions Radio podcast and the regularly featured blogs on Cisco’s website if you are working to make a name for yourself in the industry for whatever reason it is a very good program for that. Further Cisco gives you access to developers and program  managers within the company so that you can not only gain greater understanding of the products but in many cases have the opportunity to weigh in on technology decisions during the development process.

Cisco breaks their program down into business segments in regards to your qualification for the program with tracks in Collaboration, Data Center, Enterprise Networks, IoT, and Security. If you have expertise in any of these by all means apply.
veeam_vanguard-700x224In my mind I’m saving the best for last. The Veeam Vanguard program opened its nominations up today for its 3rd year and I’ve been honored to have awarded each year (so far). It is by far the most exclusive; there are currently only 50 members worldwide and I believe the philosophy is to keep it on the small side with only people who truly understand what the company is about. There are a lot of swag type benefits to the Vanguard to be sure, most noticeably something really special that revolves around  their VeeamON conference (NOLA this year baby!), but to be honest what I most get out of the program is the distributed brain of not only the Veeam employees affiliated with the group but the group itself. On a daily basis it seems sometimes somebody’s technology issues, Veeam related or not, are being sorted out through Vanguard communication methods. Long story short, in the Vanguard program they simply take care of you and I’m happy to call all of them not just my peers but friends.

Because Veeam is a much tighter set of products than the other two there aren’t any official tracks within the program. That said they are very good about selecting members who affiliate themselves with each of the hypervisor companies they support, VMware’s vSphere and Microsoft’s Hyper-V. This diversity is part of what makes the discussions between us so good.

Conclusion

Over the course of the past week I’ve heard various people talking about strategies regarding getting awarded to any number of these. I’m not going to do this one so I can focus on that one and so forth, and honestly all I can recommend to you if you are interested in applying to any of them is look at where your focus is or where you focus should be and apply. There is no thing that says “you belong to too many programs” or anything like that; if you feel you are qualified for any of these or any other by all means go apply. The name of the game is to grow your involvement with the technology community, regardless of what type of technology it is.

Setting Up External Access To A Veeam SureBackup Virtual Lab

Hey y’all, happy Friday! One of the things that seems to still really fly under the radar in regards to Veeam Backup & Replication is its SureBackup feature. This feature is designed to allow for automated testing via scripts of groups of your backups. An example would be if you have a critical web application. You can create an application group that includes both the database server and the web server and when the SureBackup job is run Veeam will connect a section of its backup repository to a specified ESXi host as a datastore and, start the VMs within a NAT protected segment of your vSphere infrastructure, run either the role based scripts included or custom ones you specify to ensure that the VMs are connecting to the applications correctly, and then when done shut the lab down and fire off an e-mail.

That workflow is great an all but it only touches on the edge of the power of what SureBackup can do for you. In our environment not only do we have a mandate to provide backup tests that allow for end-user interaction, but we also use SureBackup for test bed type applications such as patch tests. An example of the latter here is when I was looking to upgrade our internal Windows-based CA to Server 2012 R2. I was able to launch the server in the lab, perform the upgrade and ensure that it behaved as expected WITHOUT ANY IMPACT ON PRODUCTION first and then tear down the lab and it was like it never happened. Allowing the VMs to stay up and running after the job starts requires nothing more than checking a box in your job setup.

By default access to a running lab is fairly limited. When you launch a lab from your Veeam server a route to the NAT’d network is injected to the Veeam server itself to allow access, but that doesn’t help you all that much if you are wanting others to be able to interact; we need to expand that access outwards. This post is going to walk you through the networking setup for a Virtual Lab that can be accessed from whatever level of access you are looking for, in my case from anywhere within my production network.

Setting Up the Virtual Lab

 

The first step if you haven’t setup SureBackup in your environment at all is to set up your Virtual Lab.  The first of two parts here that are critical to this task is setting up the Proxy IP, which is the equivalent to your outside NAT address if you’ve ever worked on a firewall. This IP is going to essentially be the production network side of the Lab VM that is created when you setup a Veeam Virtual Lab.

1-set-nat-host

Next we need to set up an isolated network for each production port group you need to support. While I use many VLANs in my datacenter I try to keep the application groups I need to test on the same VLAN to make this setup simple, but it doesn’t need to be, you can support as many as you need. Simply hit add, browse out and find the production network port group you need to support, give the isolated network a name and specify a VLAN.

2a-setup-vlans

The last step of setting up the Virtual Lab in this regard is creating a virtual NIC to map to each of your isolated networks. So where I see a lot of people get tripped up with this is always make the proxy appliance IP address here map to the default gateway of the production network it is reflecting. If you don’t do that the launched lab VMs will never be able to talk outside of the lab. Second, in regard to the Masquerade IP try to aim for some consistency. Notice that in my production network I am using a Class B private address space but with a class C mask. By default this will throw off the automatic generation of the Masquerade IP and I’ve found it isn’t always consistent across multiple Virtual NIC setups.  If you setup multiple isolated networks above you need to repeat this process for each network. Once you are done with this you can complete your Lab Setup and hit Finish to have it build or rebuild the appliance.

2-create-nat-network

Tweaking the SureBackup Job

For the sake of brevity I’m assuming at this point that you’ve got your Application Groups setup without issue and are ready to proceed to fixing your SureBackup job to stay up and running. To do so on the Application Group screen All you have to do is check the “Keep the application group running after the job completes” box. That’s it. Really. Once you do that this lab will stay up and running until you right click on the job in the Veeam Backup & Replication Console and choose stop. I’ve been lobbying for year for a “stop after X hours” option but still haven’t got very far with that one, but really the concern there is more performance impact from doubling a part of your load since you are essentially running 2 copies of a segment of your datacenter. If you have plenty to burn it isn’t an issue.

3-keep-lab-up

Fixing the Routing

Now the final step is to either talk to your network guy or go yourself to where your VLAN routing is taking place and add a static route to the IP range of your inside the lab into the routing table through the Proxy Appliance’s IP. For the example we’ve been working through in this post our Proxy appliance has an IP of 172.16.3.42 and all of our Lab networks are within the 172.31.0.0/16 network. If you are using a IOS based Cisco switch to handle your VLAN routing the command would be

After that is done, from anywhere that route is accessible from you should now be able to pass whatever traffic inbound to the lab network addresses. So sticking with our example, for a production VM with the IP address 172.16.3.10, you would interact with the IP 172.31.3.10 in whatever way needed. Keep in mind this is for lack of a better word one way traffic. You can connect in to any of the hosts within the lab network but you can’t really have them reach directly out and have them interact on the production network.

4a-testing

One More Thing…

One final tip that I can give you on this if you are going to let others in to play in your labs is to have at least one workstation grade VM that you include in each of your Applications Groups with the software needed to test with loaded. This way you can enable RDP on that VM and they user can just double-click an icon and connect into the lab, running their tests from there. Otherwise if you have locally installed applications that need to connect to hosts that are now inside the lab you are either going to need to reconfigure the application with the corrected address or modify the user’s hosts file temporarily so that they connect to the right place, neither of which is particularly easy to manage. The other nice thing about a modern RDP session is you can cut and paste files in and out of it, which is handy if the user wants to run reports and the like.

4-connecting-into-the-lab

As an aside I’m contemplating doing a video run through of the setting up a SureBackup environment to be added to the blog next week. Would you find such a thing helpful? If so please let me know on twitter @k00laidIT.

Lots of new stuff coming from Veeam

Veeam had what they called “THEIR BIGGEST EVENT EVER” and while it at times did seem to be really heavy on the sales for the sake of sales pitch, there was a lot of stuff to legitimately be excited about for those of us who use their products. From the features coming in Veeam Backup & Replication in version 9.5 in a couple of months through the first new feature of next year’s version 10 all in total there were 5 major announcements here today that those of us using the product can make use of. In this post I’m going to run briefly through these and in the coming months will provide some deeper insights when possible.

Veeam Backup & Replication / Veeam ONE 9.5 (October 2016)

  • Nimble Storage Integration- Nimble with be the next vendor after EMC, NetApp and HP storage systems that will allow Veeam to interact at the array level, allowing for backups from snapshot. If you are a Nimble customer (like me) this is going to be some good stuff
  • Advanced usage of Windows Server 2016 ReFS- This is the real gravy here for anybody who is having to work with any kind of synthetic operations with their backup files. Through an integration Veeam has with Microsoft when ReFS is used to back your Veeam repositories your weekly rollups are going to take a heck of a lot less time and as well as see less storage consumption for long terms “weekly fulls”.  This is due to ReFS’ basic mechanism where file copies and moves never actually move data, it just moves the pointers. An example I’ve seen is on a 10 GB change rate backup the weekly full went from 35 minutes on NTFS to 5 minutes on ReFS. Now move that out to a real production dataset and you are really talking about something. There will be a lot more of this in follow-up posts.
  • Direct Restore to Microsoft Azure – If you are resource constrained (which you usually are in a situation where you need a restore) Veeam now has the ability to restore a VM (even if it is vSphere based) directly to Azure. Pretty cool and I think probably the first of what we’ll see on this thread
  • vCloud Director Integration
  • VeeamONE 9.5 – If your organization needs to work with charge back this is something that is directly supported in VeeamONE. If you haven’t played with VeeamONE yet, please do so, I’ve yet to meet anyone who hasn’t found one problem with VeeamONE when first installed in their virtualization environment

Veeam Agents (November-December 2016)
agent versions

Expanding on the Veeam Endpoint for Windows (and now Linux) Veeam has come out with a Veeam Agents for Windows and Linux product. While Endpoint is and will still be available for standalone installations, we finally have an enterprise managed version we’ve been looking for and we truly can have one centrally managed Veeam installation for our virtual, physical and workstation backups. As you can see there’s still a lot to like about the Free version including the new ability to restore directly to Azure or Hyper-V, the paid versions give us server grade capabilities such as Application-aware processing and transaction log processing. Further one I’m excited about as part of my use case for this is for my mobile workforce is the ability for workstations and remote office servers to cache their backups locally when they aren’t connected to the Internet and then ship them back to the corporate office or Cloud Connect repository when once again connected. This is good stuff that has been a long time coming.

Veeam Availability Console (Q1 2017)

I truly want to believe this is the first edge of “one UI to rule them all”, but the Veeam Availability Console is a web-based console to let you monitor and manage all of your Veeam resources; VBR, Agent, Cloud Connect, etc. This is an evolution of the managed backup portal available to Service Providers for a bit now and allows it to be moved downstream to the Enterprise. Let me  reinforce the emphasis on the Enterprise, while included in licensing you are going to have to be so big of an organization/installation to be allowed access to it. Hopefully as subsequent versions are released that will trickle down more.

Veeam Availability Orchestrator (Q1 2017, beta soon)

Veeam for a DevOpsy world. VAO will allow you to automate many of the processes you need to do with Veeam based upon your disaster recovery plan. Let’s say your plan requires you do so many backups, so many replicas, regular testing and comply with documentation practices. Orchestrator is going to allow you to take all that on paper and define it in workflows so in theory you are always in compliance, and if you aren’t have the documentation to show you where you aren’t. I’ve seen quite a few things about this, things that are going to be available to everybody to test soon, and they are all very powerful things.

Veeam Office 365 E-mail Backup (Q4 2016)

Of the new products announce this is the biggie. For those of us who have already began or have done Exchange migrations to Office 365, Veeam now has the ability to backup those mailboxes to your local repositories so that you always know that data is there. I don’t know how those conversations have gone for you but this is a major pain point for us in going to the cloud. Pricing or even how it is going to be sold still isn’t set but what is known is that when released the end of this year it will be free for a year for all Veeam customers with an active support contract and for 3 years for those with Enterprise Plus licensing.

Again, while I have no knowledge that it will happen I have to believe this is the first baby step into a whole host of things to make our cloudy life better in the future with Sharepoint, OneDrive and anything else coming down the road.

Veeam Backup & Replication integration with IBM storage (????, preview May 2017)

Finally the last announcement was the first related to Veeam Backup version 10, in this case the next storage vendor integration. This integration is going to work with any IBM product based on their Spectrum Virtualize software and should work like any other of their integrations. With this we also go to learn that the first technical preview of v10 will coincide with VeeamON 2017 in New Orleans, so mid May 2017.

Veeam Backup Repository Best Practices Session Notes

After a couple days off I’m back to some promised VeeamON content. A nice problem that VeeamON had this year is the session choices were much more diverse and there were a lot more of them. Unfortunately this led to some overlap of some really great sessions. A friend of mine, Jaison Bailey of vBrisket fame and fortune, got tied up in another session and was unable to attend what I considered one of the best breakout sessions all week, Anton Gostev‘s Backup Repository Best Practices so he asked me to post my notes.

For those not too familiar with Veeam repos they can essentially be any manner of addressable disk space, whether local, DAS, NAS, SAN or even cloud, but when you start taking performance into account you have to get much more specific. Gostev, who is the Product Manager for Backup & Replication, lines out the way to do it right.

Anyway, here’s the notes including links to information when possible. Any notations I have are in bold and italicized.

Don’t underestimate the importance of Performance

  • Performance issues may impact RTOs

Five Factors of choosing Storage

  • Reliability
  • Fast backups
  • Fast restores
  • DR from complete storage loss
  • Lowest Cost

Ultimate backup Architecture

  • Fast, reliable primary storage for fastest backups, then backup copy to Secondary storage both onsite AND offsite
  • Limit number of RP on primary, leverage cheap secondary
  • Selectively create offsite copies to tape, dr site, or cloud

Best Repo: Low End

  • Any Windows or Linux Server
    • Can also serve as backup /backup proxy server
  • Physical server storage options
    • Local Storage
    • DAS (JBOD)
    • SAN LUN
  • Virtual
    • iSCSI LUN connected to in guest Volume

Best Backup Repo: High End

Backup Repos to Avoid

  • Low-end NAS  & appliances
    • If stuck with it, use iSCSI instead of other protocols * Ran into this myself with a Qnap array as my secondary storage, not really even feasible to run anything I/O heavy on it
  • SMB (CIFS) network shares
    • Lots of issues with existing SMB clients
    • If share is backed up by server, add actual server instead
  • VMDK on VMFS *Nothing wrong with running a repo from a virtual machine, but don’t store backups within, instead connect an iSCSI LUN directly to the VM and format NTFS
    • Extra logic on the data path- more chances for data corruption
    • Dependent on vSphere being functional
  • Windows Server 2012 Deduplication (scalability) *I get his rationale, but honestly I live and die by 2012 R2 deduplication, it just takes more care and feeding than other options. See my session’s slides for notes on how I implement it.

Immediate Future: Technologies to keep in mind

  • Server 2016 Deduplication
    • Same deduplication, far greater performance and scale (64 TB files) *This really will be a big deal in this space, there is a lot of upside to a simple dedupe ability rolled into a Windows server
  • ReFS 2.0
    • Great fit for backup repos because it has built in data corruption protection
    • Veeam is currently working on some things with it

Raw Disk

  • Raid10 whenever you can (2x write penalty, but capacity suffers)
  • Raid5 4x write penalty, greater risks)
  • Raid6 severe performance overhead (6x write penalty
  • Lookup Maximum performance per spindle
  • A single job can only keep about 6-8 spindles busy- use multiple jobs if you have them to saturate
  • RAID volume
    • Stripe Size
      • Typical I/O for Veeam is 25k-512KB
      • Windows Server 2012 defaults to 64KB
      • At least 128 KB stripe size is highly recommended
        • Huge change for things like Synthetics, etc
    • RAID array
      • Fill as many drives as possible from the start to avoid expansion
      • Low-end sorage systems have significant performance problems
    • File System
      • NTFS (Best Option)
        • Larger block size does not affect performance, but it helps avoid excessive fragmentation so 64KB block size recommend
        • Format with /L to enable larger file records
        • 16 TB max file size limit before 2012 (now 256)
        • * Full string of best practices for format NTFS partition from CLI: Format <drive:> /L /Q /FS:NTFS /A:8192
      • ReFS not ready for prime time yet
      • Other
    • Backup Job Settings
      • Always a performance vs disk space choice
      • Reverse incremental backup mode is 3x I/O per block
      • Consider forever incremental instead
      • Evaluate transform performance
      • Repository load
        • Limit concurrent jobs to a reasonable amount
        • Use ingest rate throttling for cross-SAN backups

Dedupe Storage: Pains and Gains

  • Gains
    • True global dedupe
    • Lowest cost/ TB
  • Do not use deduplicating storage as your primary backup repository!
  • But if you must leverage vendor-specific integrations, use backup modes without full backup transformation, us active fulls instead of synthetics
  • If backup performance is still bad, consider VTL
  • 16TB+ backup storage optimization for 4MB blocks (new)
  • Parallel processing may impact  dedupe ratios

Secondary Storage Best Practices

  • Vendor-specific integrations can make performance better
  • Test Backup Copy retention processing performance. If too slow consider Active Full option of backup copy jobs (new in v9)
  • If already invested and stuck
    • Use as primary storage and leverage native replication to copy backups to DR

Backup Job Settings BP

Built-In deduplication

  • Keep ON for best performance (except lowest end devices) even if it isn’t going to help you with Per VM backup files
  • Compression
    • Instead of disabling keep Optimal enabled in job and use “decompress before storing- even locally
    • Dedupe-friendly isn’t very friendly any more (new)
      • Will hinder faster recovery in v9
  • Vendor recommendations are sometimes self-serving  to achieve higher dedupe ratios but negatively effect performance

Disk-based Storage Gotchas

  • Gostev loves tape
    • Cheaper
    • Reliable
    • Read-only
    • Customer Success is the biggie
    • Tape is dead
      • Amazon, Google & 50% of Veeam customers disagree
  • Storage-level corruption
    • RAID Controllers are your worst enemies
    • Firmware and software bugs are common, too
    • VT402 Data Corruption tomorrow at 1:30 for more
  • Ransomware  possible

The 2 Part of the 3-2-1 Rule

  • 3 copies, 2 different medias, 1 offsite
  • Completely different storage type!

Storage based replication

  • Betting exclusively on storage-based replication will cost you your job
  • Pros:
    • Fantastic performance
    • Efficient bandwidth utilization
  • Cons:
    • Replicates bad data too
    • Backups remain in a single fault domain

Backup Copy vs. Storage-Based Copy

  • Pros:
    • Breaks the data loop (isolated source and target storage)
    • Implicitly validates all source data during its operation
    • Includes backup files health check
  • Cons:
    • Higher load on backup storage

Make Tape out of drives

  • Low End:
    • Use rotated drives
    • Supported for both primary & backup copy jobs
  • Mid-range:
    • Keep an off-site copy off-prem (cloud)
  • High End:
    • Use hardware-based WORM solutions

Virtualize your Repository (SOBR)

  • simplify backup storage and backup job management
  • Reduce storage hardware spending by allowing disks to be fully utilized
  • Improve backup storage performance and scalability

 

Community and the Rural IT Professional

I was born and raised in a small area between Charleston and Huntington, WV. While I recognized my hometown, Scott Depot, was a small town growing up I thought of both those cities as just that, proper cities with all the benefits and drawbacks that go with them. As I grew older and my worldly view wider I came to realize that what I considered the big city was to many a minor suburb, but never the less it was and still is my home.

This lack of size and economic opportunity has never stood out more than when I began my career in Information Technology. After graduating from Marshall University with what I still believe to be a very respectable skill set many of my fellow graduates flocked to bigger areas such as Columbus, OH, RTP and Atlanta. I chose for a variety of reasons to stick around here and make a career of it and all in all while not always the most stable it has been fairly successful.

There are very few large datacenters here with most datacenters being composed of a handful of racks. Some go to work for various service providers, others enter the VAR space and I found my niche in what I like to call the Hyper Converged Administrator role. The HCA tends to wear most if not all of the hats; virtualization, storage, networking, server administration, etc. I consider myself somewhat blessed that I’ve managed to avoid the actual desktop admin stuff for most of my career, but still some of that too.

In the past couple of years I’ve got more and more active within the social IT community by way of conference attendance, social media and blogging and while it hasn’t necessarily changed the direction my career is going it has radically changed it in that I have found great opportunities for growing my personal knowledge. This growth in some cases has been very strictly technology related by way of pushing me to explore new facets of IT systems management I didn’t previously consider as well as access to very knowledgeable people who are usually very eager to point you in the right direction when asked. In other ways this knowledge while IT related is more oblique in that I feel like I now have a much better understanding of what life is like on the other side of the various fences (vendors, VARs, datacenter admins, etc) than I ever did before. This latter knowledge base has greatly changed how I approach some of the more political parts of IT such as vendor management and internal project pitches.

While the global Internet community is great I find that the missing piece is still facetime. The richness of communication when I’m at conferences is more personal than anything that is done online and I find myself somewhat jealous of those in areas large enough to support user groups of any kind of size. In the past year I’ve got to know VMware User Group (VMUG) leaders from Louisville, Kansas City, Phoenix and Portland as well as the guys behind the excellent career oriented community vBrisket and enjoying hearing tales of what’s involved in getting their regular meetings together and wish I could do the same here.

Personally my goal for the coming year is to do a bit of travel and attend the meetings of some of the User Groups listed above. If you are local here in the WV IT community reach out and let’s figure out how to do something here. There may not be a lot of us here but that’s an even better reason to get to know each other and share the knowledge.

Presenting at VeeamON 2015: Design, Manage and Test Your Data Protection with Veeam Availabilty Suite

Last week I was presented with the honor of being invited to speak at Veeam Software‘s annual user conference, VeeamON. While this was not my first time doing so I was very happy with the end result this year, with 30-40 attendees and positive feedback both from people I knew beforehand as well as new acquaintances who attended.

My session is what I like to think of as the 1-1000 MPH with Veeam, specifically targeting the SMB space but with lots of general guidelines for how to get your DR system up and running fast and as error-free as possible. Some of the things I do with Veeam buck the Best Practices guide but we have been able to maintain high levels of protection over many years without much interruption. The session starts with the basics of designing your DR plan, then designing your Veeam infrastructure components to suit your needs, followed by tips for the actual implementation and other tricks and gotchas I’ve run into over the years.

Anyway due to the amount of information that was covered I promised attendee’s that I would put my slide deck out here for reference so here it is. If anybody has comments, questions or anything in between please feel free to reach out to me either through the comments here or on twitter. For attendees please keep an eye on your e-mail and the #VeeamON hashtag as the videos of all presentations should be made available in the coming weeks.

Proud to be a Veeam Vanguard

On July 27th Rick Vanover over on the Veeam Blog announced the inaugural class of what is known as the Veeam Vanguard of which I am honored to have been selected as a member. What the heck is a Veeam Vanguard? While best described in Rick’s announcement blog post, my take is that this group is composed of members of the IT and virtualization global community who are Veeam users and go above and beyond in sharing their knowledge of the ins and outs of the various Veeam products.  Frankly I am flabbergasted to be named and wish to thank them for the nomination.

Without getting too gushy or fanboyish, I have found over the years that Veeam’s products tend to solve problems we all deal with in a virtualized world. Backup & Replication especially had made my day in, day out life easier because I know my data is nice and protected and I can test just about anything I want to do without effecting the production environment.

In closing I just want to say congrats to all of the other nominees and that I look forward to seeing what you have to share. To say the group is geographically diverse is an understatement as Veeam was ever so nice to include the nationalities of all members, it’s very cool to see so many flags represented. Many included I’ve followed on twitter and the blogspace for quite some time, while are others are new to me but in the end I’m sure there will be some great knowledge shared and I look forward to getting to know you.