Setting Up Endpoint Backup Access to Backup & Replication 8 Update 2 Repositories

A part of the Veeam Backup & Replication 8 Update 2 Release is the ability to allow users to target repositories specified in your Backup Infrastructure as targets for Endpoint Backup. While this is just one of many, many fixes and upgrades (hello vSphere 6!) in Update 2 this one is important for those looking to use Endpoint Backup in the enterprise as it allows for centralized storage and management and equally important is you also get e-mail notifications on these jobs. Once the update is installed you’ll have to decide what repository or repositories will be available to Endpoint Backup and provide permissions for users to access them. By default every Backup Repository Denies Endpoint Backup access to everyone. To change this for one or more repositories you’ll need to: Access the Backup Repositories section under Backup Infrastructure, then right click a repository and choose “Permissions.” Once there you have three options for each repository in regards to Endpoint permissions; Deny to everyone (default), Allow to everyone, and Allow to the following users or groups only. This last option is the most granular and what I use, even if just to select a large group. In the example shown I’ve provided access to the Domain Admins group. You will also notice that I’ve chosen to encrypt any backups stored in the repository, a nice feature as well of Veeam Backup & Replication 8. Also of note is that no user will be able to select a repository until they have access …

Getting Started with Veeam Endpoint Backup

This week Veeam Software officially released their new Endpoint Backup Free product introduced at VeeamON last October after a few months of beta testing. The target for this product is to allow image based backup of individual physical machines, namely workstations, allowing for Change Block Tracking much like users of their more mature Backup & Replication product have been used to in virtualized environments. Further Veeam has made a commitment that in the product is and should always be freely available making it possible for anybody to perform what is frankly enterprise level backup of their own computers with no cost other than possibly a external USB drive to store the backup data.  I’ve been using the product throughout the beta process and in this post I’ll outline some of the options and features and review how to get started with the product. Also released this month by Veeam is the related Update 2 for Backup & Replication 8. This update in this case allows a Backup Repository to be selected as a target for your Endpoint Backup job after some configuration as shown here. Keep in mind if you are wanting to backup to local USB or a network share this isn’t necessary but if you are already a B&R user this will make managing these backups much better. Getting Started with Installation I have to say Veeam did very well keeping the complexity under the water in this one. Once downloaded and run the installation choices consist completely …

Support Adobe Digital ID Signing with Automated Microsoft CA User Certificate Generation

Just a quick how to, wanting to document a task I have recently had need of. This process has a perquisite of you having a Microsoft Certificate Authority already available in your environment. Start > Run >mmc Add Remove Snap-ins and choose the following – Certificate Authority (when prompted add the name of your CA) – Certificate Templates – Group Policy Management In Certificate Templatesright click on “User” and choose “Duplicate Template” Set compatibility settings as needed. If you have a 2008 R2 pure Active Directory environment make it match. In terms of Certificate Recipient make it match the oldest OS you have in use. Under General Change the Name to something meaningful as you’ll be referencing it later. Under the Security Tab set Domain Users to have both Enroll and Autoenroll permissions In Certificate Authorityright click on the “Certificate Templates”subfolder and choose New> “Certificate Template to Issue” Choose your newly created Certificate Template In Group Policy Management we are going to do a couple of things; setup your domain for certificate auto enrollmentand also define registry settings for Adobe Acrobat and Acrobat Reader. In any GPO that will hit the users you wish to have certificates (Default Domain Policy for example) choose to edit. Navigate to User Configuration> Windows Settings> Security Settings> Public Key Policies Double click on Certificate Services Client- Auto-Enrollment and set – Configuration Model: Enabled – Check Renew expired certificates… – Check Update certificates that use certificate templates – Hit OK By default Adobe Acrobat and …

Quick Config: Install ClamAV & configure a daily scan on CentOS 6

I’m pretty well versed in the ways of Anti-Virus in Windows but I’ve wanted to get an AV engine installed on my Linux boxes for a while now. In looking around I’ve found a tried and true option in ClamAV and after a few stops and starts was able to get something usable. I’d still like to figure out how to have it send me a report by e-mail if it finds something but that’s for another day; I don’t have enough Linux in my environment to necessitate me putting the time in for that. So with that here’s how to quickly get started. Step 0: If not already there, install the EPEL repository

Step 1: Install ClamAV

Step 2: Perform the 1st update of ClamAV definitions (this will happen daily by default afterwards)

Step 3: Enable and Start Services

Step 4: Configure Daily Cron Job I chose to have it scan the whole system and only report infected files, you may want to do differently

Enter the following:

Note the -i option tells it to only return infected files, the -r tells it to recursively search. You may want to add the –remove option as well to remove files that are seen as infected. Step 6: Make Cron Job Executable

You can then kick of a manual scan if you’d like using

That’s it! pretty simple and all of your output will be logged daily to the /var/log/clamav/daily_clamscan.log file for review.

Top New Features in Veeam Backup & Replication v8

We are now a couple of months out from the release of version 8 of Veeam Software’s flagship product Backup & Replication. Since then we’ve seen the first patch release a couple of weeks after, almost a Veeam tradition, and I’ve had it deployed and running for a while now. In that time I’ve found a lot to really like in the new version. End to End Encryption Backup & Replication now has the ability to encrypt your backup data from the moment it leaves your production storage system, through the LAN and WAN traffic and once it is at rest, either on disk or tape. This encryption is protected by password stored both with humans as well as within the Enterprise Manager database keeping you from losing backups. Finally the encryption does not change ratios for either compression or deduplication of the backup data. Resource Conservation Improvements Quite a few of the new Backup & Replication features are geared towards keeping your RPO goals from getting in the way of production efficiency. First and foremost is the availability of Backup I/O Control, a feature that will monitor the latency of your production storage system and if measured metrics climb above a user defined level will throttle backup operations to return systems to acceptable levels. On the networking side if you have redundant or other none production WAN links you now have the ability to specify preferred networks for backup data, with failover to production if it isn’t available. Further …

Managing your vSphere 6 Environment

VMware released their long awaited version 6 of its vSphere 6 products today and as I’m sure you’ll be running out tomorrow to go update all your production environments…. Ok now that we’re done laughing what you probably are going to want to get into is getting your lab updated or built so you can work out the changes yourself, possibly using your EvalExperience licenses you got with VMUG Advantage? Once you get it up and running you’ll notice that a few things have changed from the administration point of view. In this post I’m going to take a quick look at the Management features of vSphere 6. Platform Services Controller One thing you’ll find right off is that many of the underlying vCenter services have now been lumped together into what they are calling the Platform Services Controller. These services include Single Sign-On, licensing and certificate management.  At installation you are given two options on how to deploy the PSC, either embedded, where the PSC always rides along with vCenter, or External where the PSC is installed on its own VM and each vCenter talks back to the central services controller. There are a couple of design requirements here if you chose to go the embedded route. You can have a maximum of 8 embedded or external PSCs per Single Sign-On site, and if you choose to go the embedded route it will increase the minimum RAM required to 8 GB. vSphere Web Client As has been the trend …

Configuring Networking for Nimble-vSphere iSCSI

One of my last tasks for 2014 was integrating a new Nimble Storage array into our environment. As this is the first of these I’ve encountered and I haven’t been able to take the free one day Nimble Installation and Operation Professional (NIOP) course they provide I was left to feeling my way through it with great help from their documentation and only ended up calling support to resolve a bug related to upgrading from 2.14 of the Nimble OS. On the network side our datacenter is powered by Cisco Nexus 3000 series switches, also a new addition for us recently. These allowed us to use our existing Cat6 copper infrastructure while increasing our bandwidth to 10 GbE. In this post I’m going to document some of the setup required to meet the best practices outlined in Nimble’s Networking Best Practices Guide when setting up your system with redundant NX-OS switches.

Increase Max Attachment Size in Outlook 2007 SP2 and Above

Let me start by saying I feel very dirty for even writing this.  My basic rule in life is if the file is bigger than 2 MB, it isn’t to be sent as an attachment to an e-mail.  That said, many do not share my opinion on that and here at the office we recently had an occasion where a 200 MB file absolutely had to be e-mailed, it could be sent no other way.  A couple of years ago I wrote a post on 4sysops about how to change this in Exchange, so I thought that was an easy fix.  Instead the user continued to see this: After some Googling I found a forum post saying that not only was a hard limit of 50 MB a feature of Outlook 2010 and above, but that this feature had been added to Outlook 2007 with Service Pack 2.  The good news/ bad news is that this feature can be over ridden by registry hack. Below is the code that you can copy into a .reg file and execute to insert the required registry key.  Know that this is version specific the “12.0” portion below corresponds to Office 2007, you will need to be changed based on your version of Microsoft Office.  For reference 2010 will be 14.0 and 2013 is 15.0.

 

Fully Install VMware Tools Via Yum in CentOS

I’ll be the first to admit that I know far less about Linux than is necessary to be good at it and more than necessary to be dangerous at it.  That said, if nothing else, I do try to learn more about it.  I find that in general I’ve basically committed to CentOS as my flavor of choice with it being the underpinnings of every non-appliance installation I’ve got.  Alot of this has to do with the fact that my first experiences were with RedHat and the subsequent RHEL, so with CentOS being the server side, open source derivative of RHEL it makes sense that that’s where I’d go.  In the vSphere world as you get further down the rabbit hold of monitor systems for your infrastructure you’ll find that for most things to even begin to operate effectively you’ve got to have VMware tools installed.  While there are various instruction sets out there floating around for how to get these on both, through the “Install VMware Tools” GUI and via yum (the RHEL package installation system) I’ve found that your mileage may vary greatly. Below is a list of commands that I’ve finally got happy with to get these installed and allow for complete control over the VM much like you do with your Windows VMs via the VI client.  With the exception of a couple of modifications regarding your revisions of vSphere and CentOS you can pretty much copy and paste this into your elevated prompt (root) on your linux …