backup | Tom's Notes

Veeam Best Practices

By Tomica Kaniski in Other 07/01/2020 0 Comment

My last post in 2019 was about Veeam Backup for Office 365 – I think it’s only fair to continue the story. 🙂

If you haven’t noticed this short post by Niels Engelen, you may be unaware that good people at Veeam put together a Best Practice Guide for Veeam Backup for Office 365!

Great thing about this guide is that it’s really a “live document”, which covers design, configuration and operations for VBO and it will be updated regularly, so make sure to bookmark it and check it from time to time!

Also, there is a Best Practice Guide for Veeam Backup & Replication, which should be bookmarked and checked regularly as well, in case you forgot about it! 🙂

Cheers!

Backing up Office 365 to S3 storage (Exoscale SOS) with Veeam

By Tomica Kaniski in Other 27/11/2019 0 Comment

Are you backing up your Office 365? And… why not? 🙂

I’m not going into the lengthy and exhausting discussion of why you should take care of your data, even if it’s stored in something unbreakable like “the cloud”, at least not in this post. I would like to focus on one of the features of the new Veeam Backup for Office 365 v4, which was released just the other day. This feature is “object storage support“, as you may have guessed it already from the title of this fine post!

So, this means that you can take Amazon S3, Microsoft Azure Blob Storage or even IBM Cloud Object Storage and use it for your Veeam Backup for Office 365. And even better – you can use any S3-compatible storage to do the same! How cool is that?!

To test this, I decided to use the Exoscale SOS (also S3-compatible) storage for backups of my personal Office 365 via Veeam Backup for Office 365.

I’ve created a small environment to support this test (and later production, if it works as it should) and basically done the following:

created a standard Windows Server 2019 VM on top of Microsoft Azure, to hold my Veeam Backup for Office 365 installation
(good people at Microsoft provided me Azure credits, so… why not?!)
downloaded Veeam Backup for Office 365
(good people at Veeam provided me NFR license for it, so I’ve used it instead of Community Edition)
created an Exoscale SOS bucket for my backups
(good people at Exoscale/A1TAG/A1.digital/A1HR provided me credits, so… why not?!)
installed Veeam Backup for Office 365
(it’s a “Next-Next-Finish” type of installation, hard to get it wrong)
configured Veeam Backup for Office 365 (not so hard, if you know what you are doing and you’ve read the official docs)
- added a new Object Storage Repository
- added a new Backup Repository which offloads the backup data to the previously created Object Storage Repository
- configured a custom AAD app (with the right permissions)
- added a new Office 365 organization with AAD app and Global Admin account credentials (docs)
- created a backup job for this Office 365 organization
- started backing it all up

Now, a few tips on the “configuration part”:

Microsoft Azure:
- no real prerequisites and tips here – simple Windows VM, on which I’m installing the downloaded software (there is a list of system requirements if want to make sure it’s all “by the book”)
Exoscale:
- creating the Exoscale SOS bucket is relatively easy, once you have your account (you can request a trial here) – you choose the bucket name and zone in which data will be stored and… voilà:

- if you need to make adjustments to the ACL of the bucket, you can (quick ACL with private setting is just fine for this one):

- to access your bucket from Veeam, you’ll need your API keys, which you can find in the Account – Profile – API keys section:

- one other thing you’ll need from this section is the Storage API Endpoint, which depends on the zone you’ve created your bucket in (mine was created inside AT-VIE-1 zone, so my endpoint is https://sos-at-vie-1.exo.io):

Office 365:
- note: I’m using the Modern authentication option because of MFA on my tenant and… it’s the right way to do it!
- for this, I created a custom application in Azure Active Directory (AAD) (under App registrations – New registration) (take a note of the Application (client) ID, as you will need it when configuring Veeam):

- I’ve added a secret (which you should also take a note of, because you’ll need it later) to this app:

- then, I’ve added the minimal required API permissions to this app (as per the official docs) – but note that the official docs have an error (at this time), which I reported to Veeam – you’ll need the SharePoint Online API access permissions even if you don’t use the certificate based authentication(!) – so, the permissions which work for me are:

- UPDATE: Got back the word from Veeam development – additional SharePoint permissions may not be necessary after all, maybe I needed to wait a bit longer… will retry next time without those permissions. 🙂
- after that, I’ve enabled the “legacy authentication protocols”, which is still a requirement (you can do it in Office 365 admin center – SharePoint admin center – Access Control – Apps that don’t use modern authentication – Allow access or via PowerShell command “Set-SPOTenant -LegacyAuthProtocolsEnabled $True”):

- lastly, I’ve created an app password for my (global admin) account (which will also be required for Veeam configuration):

Veeam Backup for Office 365:
- add a new Object Storage Repository:

- add a new Backup Repository (connected to the created Object Storage Repository; this local repository will only store metadata – backup data will be offloaded to the object storage and can be encrypted, if needed):

- add a new Office 365 organization:

- create a backup job:

- start backing up your Office 365 data:

Any questions/difficulties with your setup?
Leave them in the comments section, I’ll be happy to help (if I can).

Cheers!

The backup destination is not writable…

By Tomica Kaniski in Other 21/09/2016 2 Comments

So… you decided to finally configure backup for your servers, and just when you’ve chosen the “backup solution”, troubles start.

What do we need for doing Windows Server backups?

Nothing too fancy – we can use the built-in Windows Server Backup (feature that needs to be installed through Server Manager, PowerShell, …) combined with some location (network share, disk, volume) with enough free space. (yes, we can also use some other backup software, but this is not the topic here)

Let’s say that we have installed Windows Server Backup feature and chosen a network share for our backup location. The one other thing we need on this share are the right permissions for our service account (an account under which the backups will be done – for example, BackupAccount).

So, we go to this share (\\BackupLocation\MyBackups\) and check if our service account has the required permissions:

Everything looks fine (our service account has permissions, folder is shared and accessible from the source server – yes, Windows Firewall is also configured properly ).

We go back to our source server where we configure our backup schedule as a Full Computer backup, once a day, to the backup location previously mentioned, using the service account previously specified for this backup job. Everything goes fine.

Then, just for fun, we try to run our backup schedule (just to see if everything works as it should). We click on the Backup Once option (with Using the previously scheduled… option), and just at the end of this wizard, we receive the following error, saying that our backup destination is not writable (yes, it’s the good old Windows Server 2008 R2, but it really doesn’t matter… the same happens on newer/older versions as well ):

What happened???

We’ve checked (and double-checked) everything – our share, permissions, Windows Firewall, and “who knows what”, and this wizard still says we cannot write to the backup destination! This must be an issue with the free, out-of-the-box backup solution.

Not really.

The issue here is that I’m running the Windows Server Backup console as “myself” (i.e. my user, for example, SERVER\tomica) and I don’t really have the required permissions on the backup share (I’m not a member of the local Administrators group on the backup destination and, as you may remember, only our BackupAccount has the required permissions set).

So, is this an issue?

No, not really because our scheduled backup will complete successfully (it will be running under the user account with correct permissions on a backup share).

And, if we really want to make this first backup right now, we can run it from the Task Scheduler console (by checking the “Allow task to be run on demand” checkbox first, for the backup task).

Hope this helps someone with similar problems (it’s kind of a dumb “issue”, but…).

Cheers!

Altaro Hyper-V Backup v5 just released

By Tomica Kaniski in Other 03/02/2015 0 Comment

New version of my favorite Hyper-V backup tool just got officially released!

Altaro released the long-awaited next version of their Hyper-V backup software, Altaro Hyper-V Backup v5 – it features a completely new look, centralized configuration and management of multiple hosts with greater flexibility and improved performance. Do I have to mention that it has a free version as well?

FREE version offers free backup of two virtual machines… forever! (there is also a 30-day trial available for more than two virtual machines)

I like it because it’s simple and not too expensive (in more than one aspect), fast, does the job, and does it pretty good! I’ve also installed the new version on one of my hosts, and it looks just great (can’t wait to run the first backup and restore of my virtual machines)!

You can find more info and official announcement here.
Download is available here.

Cheers!

UPDATE: Please, don’t remove your own host from the console (until the next week’s release goes public) – in the current public release (5.0.75.0), you won’t be able to add it back!

Workaround:
1. stop all Altaro services
2. go to %ProgramData%\Altaro
3. rename the AltaroBackupProfile folder to AltaroBackupProfile.old
4. start all Altaro services

Microsoft Azure Backup (WinDays14)

By Tomica Kaniski in Other 06/06/2014 0 Comment

Not so long ago (just before the WinDays14 conference in Croatia), I’ve written an article about Windows Azure Backup (now called Microsoft Azure Backup because of a renaming scheme that followed little after the article was sent to be published). This article was written for the special, conference edition of Mreža magazine.

Unfortunately (for some), this article is in Croatian.

In general, it’s a 2 page Microsoft Azure Backup overview – what can it do, how easy it is to set-up, how it can ease the burden of doing backups, how can it be incorporated into the current backup policy and extend it off-premise, etc.

You can find and read the article using the specialized Windows 8/8.1 app called Bug & Mreža (or direct link) – app created for reading the digital editions of two of our largest IT magazines, Bug and Mreža).

With weekend just around the corner, maybe now is the right time to try Microsoft Azure and, more specifically, the Microsoft Azure Backup feature? Smile

Have a great weekend!

UPDATE (June 14th, 2014): This article was re-published in Mreža magazine, “regular” (not WinDays) edition, July 2014. Makes me proud. Again. Smile

Handy Backup

By Tomica Kaniski in Other 13/10/2009 0 Comment

Kolega Ilija me upozorio na backup utility iz naslova – koliko sam shvatio iz njegovog posta, mislim da se radi o utilityu koji vrijedi isprobati. Iskreno, još ga nisam stigao probati, ali upravo krećem…

Uz informacije o samom programu, Ilija dijeli i 3 Pro licence pa navalite dok još ima… 🙂