At the end of January, Update 4 for Veeam Availability Suite 9.5 was released, full of features like a full major release. Today I will briefly tell you about the main innovations implemented in Veeam Backup & Replication, and I promise to write about Veeam ONE in the near future. In this review, we consider:

• versions of systems and applications that the solution now supports
• work with cloud infrastructures
• backup enhancements
• improvement in recovery
• new in vSphere and Hyper-V support

And also we will learn about improvements in work with virtual machines running Linux, about new plugins and other features. So, welcome under cat.

Supports Windows Server 2019, Hyper-V 2019, latest applications and platforms

Microsoft Windows Server 2019 is supported as:

• guest OS for protected virtual machines
• server for installing Veeam Backup & Replication and its remote components
• a machine that can be backed up using Veeam Agent for Microsoft Windows

Similar support is implemented for Microsoft Windows 10 October 2018 Update .

A new version of the Microsoft Windows Server Hyper-V 2019 hypervisor is supported , including support for VMs with virtual hardware version 9.0.

For popular systems and applications of Microsoft Active Directory 2019 , Exchange 2019 and SharePoint 2019 , backup-based application operation (application-aware processing) and application object recovery are supported using Veeam Explorer tools.

For VMs with a Windows guest OS, support for Oracle Database 18c is implemented - also taking into account the operation of the application, including backup logs and the ability to restore to the selected point.

In addition, VMware vSphere 6.7 U1 ESXi, vCenter Server and vCenter Server Appliance (VCSA), and VMware vCloud Director 9.5 are now supported.

Flexible backup storage with Capacity Tier

Capacity Tier is a new approach to storing backups in a scalable repository (scale-out backup repository, SOBR) with the ability to automatically load data into cloud storage.

With the help of Capacity Tier and storage policies, you can organize an effective multi-level storage system, in which “at arm's length” (that is, in a sufficiently fast storage) fresh backups will be in case of a quick recovery. After the deadline has passed, they will go into the category of “second freshness” and will automatically leave for the remote site - in this case, the cloud.

Capacity Tier requires:

1. one or more SOBR repositories containing 1 or more repositories-extent
2. one cloud repository (so-called object storage - object storage repository)

Cloud S3 Compatible, Amazon S3, Microsoft Azure Blob Storage, IBM Cloud Object Storage are supported.

If you plan to use this functionality, you will need:

1. Configure backup repositories for use as extents of the SOBR repository.
2. Set up a cloud repository.
3. Configure a scalable SOBR repository and add repository-degrees to it.
4. Configure the binding of the cloud repository to SOBR and set the policy for storing data and uploading them to the cloud - this will be the configuration of your Capacity Tier.
5. Create a backup task that will save backups to the SOBR repository.

With paragraph 1, everything is pretty obvious (for those who have forgotten, there is documentation in Russian). Go to step 2.

Cloud storage as an element of the Veeam Backup infrastructure

About setting up the cloud repository (aka object storage) is described in detail here (so far in English). In short, you need to do the following:

1. In the Backup Infrastructure view, select the Backup Repositories node in the left pane and in the top menu click on the Add Repository item .
2. Choose which cloud storage will be configured:
   
   
   
   
3. Next, go through the steps of the wizard (for example, I will consider Amazon S3)

Note: Standard class storage and Infrequent Access are supported .

1. First, enter the name and a brief description of our new repository.
2. Then we specify an account to access Amazon S3 - select an existing one from the list or click Add and enter a new one. From the list of regions where the data centers are located. Data center region select the desired region.
   
   
   
   Tip: Cloud Credentials Manager has been developed for specifying accounts used when working with cloud components .
   
   
   
   
3. If you need to control Internet traffic through the gateway (gateway), you can select the Use gateway server option and specify the desired gateway.
   
4. Specify the settings of the new storage: the desired bucket, the folder where our backups will be added, the limit on the total space (optional) and the storage class (optional).
   
   
   
   Important! One folder can be assigned only one object storage! In no case can you configure several such storages, “looking” at the same folder.
5. In the final step, we check all the settings and click Finish .

Configuring the download of backups to the cloud storage

Now we set up the SOBR repository accordingly:

1. In the Backup Infrastructure view, select the Backup Repositories node in the left pane and in the top menu click on the Add Scale-out Repository item .
2. On the Performance Tier wizard step, specify the extent for it and tell how to add backups to them:
   
   
   
   
3. At the Capacity Tier step :
   
   • select the option Extend scale-out backup repository capacity with object storage (expand the capacity of the repository by using the object storage) and specify which cloud storage objects to use. You can select from the list or launch the creation wizard by clicking Add .
   • We say what days-hours you can download to the cloud - to do this, click the Window button (download window).
   • configure the storage policy - specify how many days the storage in the SOBR repository data will become “second freshness”, and they can be transferred to the cloud - in our example it is 15 days.
   • You can enable data encryption when uploading to the cloud - to do this, select the option Encrypt data uploaded to object storage and specify which of the passwords stored in the Credentials Manager should be used. Encryption is performed using AES 256-bit.
     
     
     
   
   

By default, data is collected with extent and transferred to the object storage using a special job type - SOBR Offload job . It runs in the background, is named for the SOBR repository with the Offload suffix (for example, Amazon Offload ) and performs the following operations every 4 hours:

1. Checks whether the backup chains stored in extents match the transfer criteria to the object storage.
2. Collects the tested chains and sends them blockwise to the object storage.
3. Records the results of the work of his session in the database so that the administrator can view them if necessary.

The data transfer scheme and its storage structure in the cloud are shown in the figure below: Important! To create such a multi-tier storage system, you need an Enterprise Edition license . Backups saved to the cloud, of course, can be used to restore directly from storage. And you can also download them from the cloud to the ground and restore them using even the free Veeam Backup Community Edition.

New in working with cloud infrastructures

To work with Amazon

• Restoration from backups directly to AWS - supported for VMs with Windows or Linux guest OS, also for physical machines. All this can be restored to virtual machines in AWS EC2 VM , including Amazon Government Cloud and Amazon China .
• Works embedded conversion UEFI2BIOS.

To work with Microsoft Azure

• Implemented support for Azure Government Cloud and Azure CSP subscriptions.
• It is possible to select the network security group when restoring to Azure IaaS VM.
• When logging into the cloud using your Azure account, you can now specify an Azure Active Directory user.

New in application support

• Kerberos authentication is supported for applications running on vSphere virtual machines . This will disable NTLM in the network settings of the guest OS to prevent attacks that use hash transfer, which is very important for infrastructures with not the highest level of control.
• The SQL and Oracle transaction log backup module now uses not a system drive C , which often has not enough space, but a volume with maximum free space as a backup location for log backups . On a Linux-VM, the directory will be / var / tmp or / tmp , also depending on the free space.
• When backing up the Oracle redo logs logs, they will be analyzed in order to maintain the guaranteed recovery points Guaranteed Restore Points (which are part of the Oracle Flashback built-in feature ).
• Added support for Oracle Data Guard .

Improved backup

• The maximum supported size of the disk and backup file has increased more than 10 times: with a block size of 1 MB for the .VBK file, the maximum size of the disk in the backup can now be 120 TB, and the maximum size of the entire backup file is 1 PB. (Confirmed by testing 100 TB for both values.)
• For backups without encryption, the amount of metadata is reduced by 10 MB.
• Optimized performance of the initialization and completion of the backup job; as a result, backups of small VMs will go almost twice as fast.
• Reworked the module responsible for publishing the content of the VM image, which gave a significant acceleration of recovery at the file and object levels.
• Preferred Networks settings (preferred networks) will now be extended to WAN accelerators.

New in recovery

The new ability to restore the VM entirely called Staged Restore - phased recovery. In this mode, the VM is restored from the desired backup, first in the sandbox (which is now called DataLab), on the guest OS, you can run your own script to make changes to the database contents, OS settings or applications. VMs with already made changes can then be transferred to the production infrastructure. This can be useful, for example, in order to install the necessary applications ahead of time, enable or disable settings, delete personal data, etc.



You can read more here (in English).

Note: Requires at least Enterprise license .

There is also an opportunitySecure Restore - safe recovery (works for almost all types of recovery). Now you can check the guest VM system files (directly in the backup) for viruses, Trojans, etc., before starting the recovery process. - for this purpose, VM disks are mounted to the mount-server associated with the repository, and the scanning procedure is started using an antivirus installed on this mount-server. (It is not necessary that the same antivirus be on the mount server and on the VM itself.)

Out of the box supports Microsoft Windows Defender, Symantec Protection Engine and ESET NOD32; You can also specify another antivirus if it supports work via the command line.



You can read more here (in English. Language).

New to Microsoft Hyper-V

• You can now add groups of Hyper-V VMs to backup and replication tasks.
• Instant recovery to Hyper-V VM from backups created using Veeam Agent, supports Windows 10 Hyper-V as a target hypervisor.

New with VMware vSphere

• Improved several times the write cache performance of vPower NFS - for more efficient instant recovery of the VM and optimizing the use of SSD.
• vPower NFS now works more efficiently with the SOBR repository, which allows you to process more virtual machines in parallel.
• The vPower NFS server has an option to authorize hosts by IP address (by default, access is granted to the ESXi host, which provides the vPower NFS datastore). To disable this feature in the mount server registry,
  go to HKEY_LOCAL_MACHINE \ SOFTWARE \ WOW6432Node \ Veeam \ Veeam NFS \ and create the vPowerNFSDisableIPAuth key under it
• Now you can configure the SureBackup task to use the vPower NFS cache (in addition to redirecting the recording of changes to the vSphere datastore). This solves the issue of using SureBackup for VMs with disks larger than 2 TB in cases where the only storage system for vSphere is VMware VSAN.
• Implemented support for Paravirtual SCSI controllers with more than 16 attached drives.
• Quick Migration now automatically migrates vSphere tags; these tags are also preserved when instantaneous VM recovery.

Improvements in Linux VM support

• For accounts that need to be raised to root , there is now no need to add the NOPASSWD: ALL option to sudoers.
• Added support for the included require requirements option in sudoers (this is the default setting, for example, for CentOS).
• When registering a Linux server, you can now perform a switch command suif the command is sudonot available.
• The SSH fingerprint check now extends to all Linux server connections — to protect against MITM attacks.
• Improved reliability of PKI authentication algorithm.

New plugins

Veeam Plug-in for SAP HANA - Helps you use the BACKINT interface to back up and restore HANA databases to / from the Veeam repository. Implemented HCI SAP HANA support. Solution certified by SAP.

Veeam Plug-in for Oracle RMAN - allows you to use RMAN manager to backup and restore Oracle databases to / from Veeam repository. (It is not necessary to replace the existing integrated integration based on OCI.)

Additional features

• Experimental block cloning support for deduplicated files on Windows Server 2019 ReFS. To activate this feature in the registry of the Veeam backup server, you need to find the HKEY_LOCAL_MACHINE \ SOFTWARE \ Veeam \ Veeam Backup and Replication key and create the ReFSDedupeBlockClone (DWORD) value .
• The setup now includes Microsoft SQL Server 2016 SP1.
• JSON support is implemented for working with RESTful API.

What else to read and see

Solution Overview (in Russian) Edition
Comparison (in Russian)
User Guide (in English) for VMware and Hyper-V