Veeam Best Practices

My last post in 2019 was about Veeam Backup for Office 365 – I think it’s only fair to continue the story. 🙂

If you haven’t noticed this short post by Niels Engelen, you may be unaware that good people at Veeam put together a Best Practice Guide for Veeam Backup for Office 365!

Great thing about this guide is that it’s really a “live document”, which covers design, configuration and operations for VBO and it will be updated regularly, so make sure to bookmark it and check it from time to time!

Also, there is a Best Practice Guide for Veeam Backup & Replication, which should be bookmarked and checked regularly as well, in case you forgot about it! 🙂

Cheers!

Backing up Office 365 to S3 storage (Exoscale SOS) with Veeam

Are you backing up your Office 365? And… why not? 🙂

I’m not going into the lengthy and exhausting discussion of why you should take care of your data, even if it’s stored in something unbreakable like “the cloud”, at least not in this post. I would like to focus on one of the features of the new Veeam Backup for Office 365 v4, which was released just the other day. This feature is “object storage support“, as you may have guessed it already from the title of this fine post!

So, this means that you can take Amazon S3, Microsoft Azure Blob Storage or even IBM Cloud Object Storage and use it for your Veeam Backup for Office 365. And even better – you can use any S3-compatible storage to do the same! How cool is that?!

To test this, I decided to use the Exoscale SOS (also S3-compatible) storage for backups of my personal Office 365 via Veeam Backup for Office 365.

I’ve created a small environment to support this test (and later production, if it works as it should) and basically done the following:

  • created a standard Windows Server 2019 VM on top of Microsoft Azure, to hold my Veeam Backup for Office 365 installation
    (good people at Microsoft provided me Azure credits, so… why not?!)
  • downloaded Veeam Backup for Office 365
    (good people at Veeam provided me NFR license for it, so I’ve used it instead of Community Edition)
  • created an Exoscale SOS bucket for my backups
    (good people at Exoscale/A1TAG/A1.digital/A1HR provided me credits, so… why not?!)
  • installed Veeam Backup for Office 365
    (it’s a “Next-Next-Finish” type of installation, hard to get it wrong)
  • configured Veeam Backup for Office 365 (not so hard, if you know what you are doing and you’ve read the official docs)
    • added a new Object Storage Repository
    • added a new Backup Repository which offloads the backup data to the previously created Object Storage Repository
    • configured a custom AAD app (with the right permissions)
    • added a new Office 365 organization with AAD app and Global Admin account credentials (docs)
    • created a backup job for this Office 365 organization
    • started backing it all up

Now, a few tips on the “configuration part”:

  • Microsoft Azure:
    • no real prerequisites and tips here – simple Windows VM, on which I’m installing the downloaded software (there is a list of system requirements if want to make sure it’s all “by the book”)
  • Exoscale:
    • creating the Exoscale SOS bucket is relatively easy, once you have your account (you can request a trial here) – you choose the bucket name and zone in which data will be stored and… voilà:

    • if you need to make adjustments to the ACL of the bucket, you can (quick ACL with private setting is just fine for this one):

    • to access your bucket from Veeam, you’ll need your API keys, which you can find in the Account – Profile – API keys section:

    • one other thing you’ll need from this section is the Storage API Endpoint, which depends on the zone you’ve created your bucket in (mine was created inside AT-VIE-1 zone, so my endpoint is https://sos-at-vie-1.exo.io):

  • Office 365:
    • note: I’m using the Modern authentication option because of MFA on my tenant and… it’s the right way to do it!
    • for this, I created a custom application in Azure Active Directory (AAD) (under App registrations – New registration) (take a note of the Application (client) ID, as you will need it when configuring Veeam):

    • I’ve added a secret (which you should also take a note of, because you’ll need it later) to this app:

    • then, I’ve added the minimal required API permissions to this app (as per the official docs) – but note that the official docs have an error (at this time), which I reported to Veeam – you’ll need the SharePoint Online API access permissions even if you don’t use the certificate based authentication(!) – so, the permissions which work for me are:

    • UPDATE: Got back the word from Veeam development – additional SharePoint permissions may not be necessary after all, maybe I needed to wait a bit longer… will retry next time without those permissions. 🙂
    • after that, I’ve enabled the “legacy authentication protocols”, which is still a requirement (you can do it in Office 365 admin center – SharePoint admin center – Access Control – Apps that don’t use modern authentication – Allow access or via PowerShell command “Set-SPOTenant -LegacyAuthProtocolsEnabled $True”):

    • lastly, I’ve created an app password for my (global admin) account (which will also be required for Veeam configuration):

  • Veeam Backup for Office 365:
    • add a new Object Storage Repository:

    • add a new Backup Repository (connected to the created Object Storage Repository; this local repository will only store metadata – backup data will be offloaded to the object storage and can be encrypted, if needed):

    • add a new Office 365 organization:

    • create a backup job:

    • start backing up your Office 365 data:

Any questions/difficulties with your setup?
Leave them in the comments section, I’ll be happy to help (if I can).

Cheers!

Altaro Hyper-V Backup v5 just released

New version of my favorite Hyper-V backup tool just got officially released! Smile

Altaro released the long-awaited next version of their Hyper-V backup software, Altaro Hyper-V Backup v5 – it features a completely new look, centralized configuration and management of multiple hosts with greater flexibility and improved performance. Do I have to mention that it has a free version as well? Smile

FREE version offers free backup of two virtual machines… forever! (there is also a 30-day trial available for more than two virtual machines)

I like it because it’s simple and not too expensive (in more than one aspect), fast, does the job, and does it pretty good! I’ve also installed the new version on one of my hosts, and it looks just great (can’t wait to run the first backup and restore of my virtual machines)!

Altaro Hyper-V Backup v5

 Altaro Hyper-V Backup v5

You can find more info and official announcement here.
Download is available here.

Cheers!

UPDATE: Please, don’t remove your own host from the console (until the next week’s release goes public) – in the current public release (5.0.75.0), you won’t be able to add it back!

Workaround:
1. stop all Altaro services
2. go to %ProgramData%\Altaro
3. rename the AltaroBackupProfile folder to AltaroBackupProfile.old
4. start all Altaro services

Microsoft Azure Backup (WinDays14)

Not so long ago (just before the WinDays14 conference in Croatia), I’ve written an article about Windows Azure Backup (now called Microsoft Azure Backup because of a renaming scheme that followed little after the article was sent to be published). This article was written for the special, conference edition of Mreža magazine.

Unfortunately (for some), this article is in Croatian.

windays14_clanak
In general, it’s a 2 page Microsoft Azure Backup overview – what can it do, how easy it is to set-up, how it can ease the burden of doing backups, how can it be incorporated into the current backup policy and extend it off-premise, etc.

You can find and read the article using the specialized Windows 8/8.1 app called Bug & Mreža (or direct link) – app created for reading the digital editions of two of our largest IT magazines, Bug and Mreža).

With weekend just around the corner, maybe now is the right time to try Microsoft Azure and, more specifically, the Microsoft Azure Backup feature? Smile

Have a great weekend!

UPDATE (June 14th, 2014): This article was re-published in Mreža magazine, “regular” (not WinDays) edition, July 2014. Makes me proud. Again. Smile
mreza_0714

Handy Backup

handybackup-professionalKolega Ilija me upozorio na backup utility iz naslova – koliko sam shvatio iz njegovog posta, mislim da se radi o utilityu koji vrijedi isprobati. Iskreno, još ga nisam stigao probati, ali upravo krećem…

Uz informacije o samom programu, Ilija dijeli i 3 Pro licence pa navalite dok još ima… 🙂