In this episode of our Back to Basics Veeam webinar series, we provide you with a deeper understanding of some of the more common Veeam vocabulary. Many of the terms used in Veeam are multipurpose, so here we explain what the specific terminology is, how it is used with Veeam products in the context of Backup as a Service(BaaS) and Disaster Recovery a Service (DRaaS) functionality.

• What is Veeam, and what are the products installed with it?
• Define data movers, transport services, and bottleneck detectors?
• What are the essential components of Veeam?
• What is the failover process?
• What is seeding?
• What is the Network Extension Appliance?
• How about Backup Copy Jobs?
• How does a Veeam backup work?
• What are WAN Accelerators?
• What is Changed Block Tracking?
• What is Application Aware?
• What is Crash Consistent?
• What is Veeam Cloud Connect?
• How does Instant Recovery work?
• What are File Level Restores?
• What about entire virtual machine restores?
• How does internal testing work, and how is it beneficial for end-users?
• What is network masquerading?
• Is SureBackup performed on the local or remote side?
• Does Cloud Connect validate data before transmission, like a health check?

What is Veeam, and what are the products installed with it?​

Veeam is the software company that created the Veeam backup and replication product, designed to protect virtual machines. Back in the day, the slogan was Built for Virtualization, but they’ve since come a long way. Nowadays, Veeam covers physical servers, endpoints, and multiple hypervisors.

Out of the box, when you download it and install Veeam Backup and Replication, it’s going to install a certain set of components:

• SQL Server Express

Holds your job settings, configurations, etc

• Console: The user interface for Veeam Backup & Replication

• Repository: Where Veeam stores backup files
• Proxies: Data movers, and where deduplication and compression occur

Define data movers, transport services, and bottleneck detectors?

The proxies act as data movers and transport mechanisms. They have different transport modes which, we will look at a little bit later. The data movers and the transport services/modes are part of the proxy, one of the essential components installed with Veeam. The proxy communicates with the hypervisor and the repository.

The bottleneck detector is a very valuable resource. Whenever you have issues, for example, with slow transfer speeds, the detector takes the weakest link in the backup path, whether network, source, target, or proxy. It will let you know which of those areas is the slowest point in the chain. They will all give you a percent, but usually, the bottleneck has the highest percent.

Back in the day, we used to scratch our heads and wonder where the problems were. We added resources here, added resources there, and hoped it would fix the problem, so this bottleneck detector is a time saver.

What are the Components of Veeam Backup and Replication?

Backups – Veeam backups are application-consistent, image-level backups.

Application-consistent jobs enable guest processing, which triggers a VSS (volume shadow services) snapshot and quiesces any running applications and databases like Exchange, SharePoint, stuff like that.

The backup repository is your backup file storage location. Whether you have backups going to a local path on the backup server or a deduped storage appliance, every Veeam instance will have a backup repository. That is where Veeam will keep the files that it creates during the backup run.

The replication portion creates a fully-hydrated copy of the virtual machine in a powered-off state. Whenever we run a replication job, it creates a hypervisor snapshot of the virtual machine then Veeam transports it to a hypervisor on the Global Data Vault side.

If you were ever to need to fail over–let’s say you lose one server–then you could go ahead and fail over now, but we’ll get into the more specific details of that a little later.

Restore points–these are a point in time when backups have run and from when you can recover. Your first job run will create a VBK or base image. Then, each time a backup job runs, the backup will have a timestamp, which becomes a restore point.

It’s important to note that Veeam is hardware agnostic. They don’t have an appliance; they don’t have any hardware. They’re not tied to any specific type of hardware, so that you can use one type or any combination of types. Whatever you have in your data center will work sufficiently. It is not necessary to purchase specific hardware to use Veeam.

What is the failover process?

The failover process is the process of actually switching from production to DR servers. Let’s say that you lose one server in your infrastructure. You would right-click on the replica and choose “fail over now,” which powers on the virtual machine replica on the Global Data Vault side. It powers on the Network Extension Appliance (NEA) on the customer side and the GDV side. Then it establishes a VPN tunnel, allowing the server to communicate from the Global Data Vault side back to the customer’s infrastructure.

The failback is the process of synchronizing data back from the Global Data Vault side to the primary data location. Let’s say you have one server go down, and you hit that “fail over now” button from the Veeam Backup & Replication Console. You have the option to fail back to production, which will take a snapshot on the Global Data Vault side and send that snapshot down to the customer side. Then, Veeam merges that snapshot back into the production VM. If the original virtual machine is completely gone, that creates a new VM on the customer side with the same name. Then it will automatically send the snapshot or checkpoint back to the customer side and create the VMDK, VHDXs, or any virtual files. Once recreated, Veeam removes the old VM from the replication job and adds the new one. With replication, if the virtual machine still exists, we’re only going to send the changes back that have happened since the failover, and if it doesn’t, it will just create a new virtual machine.

What is Seeding?

Seeding usually is what we use for replication data. We already have your cloud backups on the Global Data Vault side. There’s no point in sending the data to us twice, so there’s the option to choose replication seeding. Essentially, instead of sending that data over the internet twice, you would send it once, seed it to the replica, and then map it to the data it creates at Global Data Vault. Once we seed the replicas, Veeam sends the production system deltas to merge into the replicated VM.

What is the Network Extension Appliance? (NEA)

The NEA creates an SSLVPN tunnel to allow the customer to connect a virtual machine on the customer side to a replicated virtual machine on the GDV side through a secure connection initiated by Veeam. So, whenever we create a hardware plan, we automatically deploy the network extension appliances for replication on the customer and Global Data Vault sides. The virtual machine remains in a powered-off state; these are only powered on when the customer initiates a failover from the Veeam console on their side.

What are backup copy jobs?

At Global Data Vault, we follow Veeam’s best practices by keeping three copies of your data, on two different types of media, with one copy offsite. A backup copy job takes the data from your local backup repository and copies it to the Global Data Vault cloud..

How does a Veeam backup work?

The backup is initiated through the Veeam Backup & Replication console, which sends an API or a PowerShell call to the hypervisor. The hypervisor is responsible for taking a snapshot or checkpoint of the virtual machine. Then Veeam tells the proxy to transfer the data from the checkpoint or the snapshot. During the transfer is when the actual deduplication and compression take place on the proxy.

The proxy also determines the best transport mode depending on what transport types are available. Network block device (NBD) mode, or network mode as it is called, will always be the last method it will choose. It will try to use virtual appliance, hot-add, or direct SAN modes first, and if any of those are not available, it will use NBD mode.

The flow of the backup is: Veeam initiates a snapshot, then the proxy dedupes and compresses it and sends it to the backup repository. Once it’s on the backup repository, it sends a commit, or message, back to the hypervisor saying the backup is complete and initiates another call to remove the snapshot.

At that point, we use the backup copy job to pull that up to our cloud repository at Global Data Vault.

What are WAN Accelerators?

WAN accelerators are global cache mechanisms that typically cache operating system files. Let’s say you have five servers running Windows Server 2016. Obviously, you don’t need to send Windows Server 2016 to us five times, so the WAN accelerator caches the common files when the job initially runs. If each Windows operating system requires 10GB of space, backing up Windows 2016, Windows 2019, and Windows will require 30GBs, ten for each of those operating systems. The WAN accelerator eliminates the transmission of the common files across the operating systems and file structures.

WAN accelerators are saving not only time for backups but also storage used

What is Changed Block Tracking?

Every time a backup runs, it creates a changed block tracking (CBT) log, which tracks changes to blocks of data. CBT only copies blocks of data that changed since the last backup. Veeam does not back up unchanged data blocks, reducing job times and the amount of data to send to GDV.

What is Application Aware?

Application-aware processing creates a transactionally-consistent backup of servers that run VSS-aware applications. The backup process quiesces applications before backing them up, creating a reliable, uncorrupted backup.

A quiesced version of a database is essential for VSS-aware applications because, if they are not quiesced, they’ll come up in an invalid or unstable state. Application-aware job processing is very important, and it is available on domain controllers, SQL servers, SharePoint, Oracle databases, etc.

What is Crash Consistent?

Crash-consistent backups are the opposite of application-aware. It is equivalent to pulling the power out of your computer and shutting it off.  Some applications or databases could have issues when restored in a crash-consistent state, but that is still preferrable to not having a backup.

What is Veeam Cloud Connect?

Cloud Connect is actually a protocol that provides the connection between the tenant and the provider. It’s a transport path that sends data over TCP port 6180 to a cloud gateway at Global Data Vault. All of our Cloud Connect servers at GDV have a gateway attached to them that is the entry point into the Cloud Connect server.

Behind that gateway, every customer has a Cloud Connect repository where the customer, or tenant, stores their data. Every Cloud Connect repository has a tenant associated with it, accessible with the appropriate credentials.

After connecting it, you can actually see the cloud repository and how much storage is allocated. So if you go into your backup infrastructure under Backup Repositories, you will see the cloud repository. It should give you the total space available and how much space you are using.

How does Instant VM Recovery work? 

Whenever someone calls Global Data Vault and says, “hey, my site just went down,” Global Data Vault initiates an instant recovery. Instant VM Recovery uses Veeam’s vPower NFS datastore to power on a virtual machine without restoring it first.

With instant recovery, the backup file is sitting there in a duplicated, compressed format, so we are saving time. Bam,  it’s up and running! You still get all those space savings, all that, but instant recovery means that you don’t have to restore first.

What are file-level restores?

Help with file-level restores is the most common support call our team gets at Global Data Vault. Somebody may have accidentally deleted a file, or they want to compare two files.

Veeam has three options when restoring a file; overwrite, keep, or restore to another location. We always choose the option to keep because if the file does not exist, it will automatically be created if you choose the keep option. If the file exists and detects a file with the same name, Veeam puts the word restored in front of the file or the folder name. So by choosing keep, no files will be accidentally overwritten.

What about entire virtual machine restores?

An entire VM-level restore is just that, and it is a slower process. It restores the whole virtual machine to a specified location, after which you can power on the VM. We use this for non-critical virtual machines and give you the ability to copy the VMs back to your infrastructure for recovery.

How does internal testing work, and how is it beneficial for end-users?

Veeam pioneered instant recovery–powering on the virtual machine without having to restore it first—and that also gives the ability to do a lot of testing. At Global Data Vault,  we strongly encourage people to use these tools. They come included in the product and Veeam also has ways to create sandboxes and virtual labs.

SureBackup and SureReplication are jobs that run against your backups and replicated virtual machines. SureBackup uses Instant VM Recovery to mount virtual machines from the backup file and test certain aspects of it, such as ping, VMware Tools heartbeat, or custom scripts for applications. SureReplication powers on replicated VMs to test similarly, and both use a unique, internal network called a virtual lab to avoid production conflicts.

What is network masquerading?

A virtual lab doesn’t use the same IP range that you use internally. It will be an octet different. Network masquerading allows a real IP address on the production network to connect to a fake IP in the virtual lab, allowing the customer to access the VM from the production network without causing a DNS or IP conflict.

People don’t always have a lab environment.  Dev/test environments are generally slightly different from what is in production, so you never really know how the test will respond. You can test whatever you want based on a backup you took five minutes ago with these virtual labs, which is also a significant risk reduction. Users can test patches, application upgrades, scripts, or changes without impacting the production workloads or the backup file. Once finished with testing, the lab shuts down and returns to being backup files.

Is SureBackup performed on the local or remote side?

SureBackup is performed on the local side. We do not have the option today to do it on the Cloud Connect side to perform it. We test your data on the remote side by doing instant recoveries to verify functionality of the data, but the SureBackup is local to the customer’s local backup infrastructure.

Does Cloud Connect validate data before transmission, like a health check?

By default, yes. Veeam does automatically do a health check. For each job run, Veeam will automatically detect the metadata to determine if it matches. If it does not, it will flag the data. 

Also, Global Data Vault automatically runs a health check on our standard configuration every month, on the last Saturday of each month. It’s a deep dive into the data, and it compares all the metadata versus the checksums to make sure that you have a good chain. However, to be clear, this is not Cloud Connect. It’s another Veeam process related to the backup job itself. That means for every backup job, whether a backup copy or a simple backup job, we’ll perform that mini health check at the beginning of each job run.