Veeam CDP

Veeam V11 – Whats new and HPE Integrations

Veeam have recently released the latest major update to their flagship product, Veeam Backup and Replication. VBR 11 is packed with 200 plus improvements and enhancements, today we will discuss some of the most interesting ones.

This release continues Veeam’s evolution from simple backup product to data management suite. Data administration is one of an IT enterprises key challenges with a greater volume of data, more locations for that data plus increased threats including Ransomware. This release of Veeam 11 offers a suite of features to help manage this disparate data, deliver a higher level of availability and to enhance the security of the data.

Linux and Security

Ransomware continues to be a key threat, with high-profile cases like the Garmin attack providing a warning to all. Ransomware holds you hostage by encrypting your data. In a worst case scenario ransomware can also encrypt backup data held on disk, leaving you in a chicken and egg scenario. Veeam offered a solution to this in version 10 with Copy Mode being added to the Cloud Tier. This allowed backups to be instantly copied offsite and stored immutably in Amazon S3. V11 enhances security further by offering hardened Linux repositories, this allows local backups to also be held in an immutable format removing the threat of backups becoming encrypted by ransomware.

Further enhancements are brought to Linux focused customers with the introduction of further backup modes with the Linux proxies. Previously the only available backup mode was hot add, now the list of available modes is comparable to a Windows proxy including direct SAN and network mode.

Other features include the ability now use the Veeam agent to backup Mac. You can read a full guide on implementing the Mac Agent by Michael Cade.

CDP

Veeam CDP

Continuous data protection, is not a new concept and in many ways is easier to understand in its traditional implementation. Previously when physical servers where the norm CDP was enabled through a physical device. You connected it to the server and it acted as a write splitter so that each write was effectively written twice, once to the primary storage and a second time to a CDP appliance. CDP in Veeam utilises VMware VAIO, which like a traditional CDP appliance splits writes. This approach means that there is no need to use snapshots for backups allowing for very low RPO down to 2 seconds and minimal performance impact. To configure CDP you first need to push out the VAIO drivers to the ESXi hosts, which you can do via the Veeam console. Matt That IT Guy has written a walkthrough on  setting up and creating your first CDP job.

Instant Recovery Enhancements

Instant recovery has always been one of the nicest features of Veeam. This allowed VM’s to be spun up directly from backup.  There was some enhancements to the performance of this feature in Version 10 that allowed several VM’s to be instantly recovered at the same time. This is further enhanced in version 11 which now allows instant recovery of SQL and Oracle DB’s plus NAS.

Cloud Enhancements

Google Cloud becomes available as a backup target you can add to a scale out repository.

Veeam also adds an archive tier to scale out repositories which allows longer term retention of data in Amazon S3 Glacier (including Glacier Deep Archive) and Microsoft Azure Archive Storage.

Hardware and HPE Integrations

Version 11 brings improvements both in terms of efficiency and performance for dedupe devices. Dedupe performance is improved by changing the way metadata is stored.  Customers using a HPE Store once as a NAS target can expect up to a 4 times increase in storage capacity. Performance is also improved by increasing the blob size of the data that is being written and by writing metadata to higher performance disks.

If you are backing up a physical machine with SAN attached storage you will also benefit from some new features.  Prior to V11 SAN attached storage was recognised by an agent as local storage and backed up in this way. In V11 a physical SQL server attached to for example a Nimble array can use storage based snapshots as part of the backup process alleviating the load from the host.

Veeam 11 Apollo 4510

It also becomes possible to use an HPE Apollo 4500 as a Veeam appliance Calvin Zito discusses this and all the other changes in this podcast.

To get started you can download Veeam Backup and Replication

SUM-Welcome

Simplified driver and firmware update with iLO 5

This guest post is brought to you by Armin Kerl, if you fancy trying you hand at blogging check out our guest posting opportunities.

Principle:

The Gen10 servers now have a 1GB reserved space in the NVRAM for firmware and driver files with iLO 5, it’s called The iLO Repository. We are now able to upload firmware and drivers direct to the iLO NVRAM. This can be *.bin, *.fwpkg for firmware, *.zip for ESX, *.exe for Windows, or *.rpm for Linux.

The Integrated Software Update Manager (iSUT) service in the OS can monitor the iLO repository content. If there is something new, it pulls the update and then installs firmware and drivers inside the OS. A reboot is usually necessary afterwards. No more booting from the SPP ISO Image for firmware updates and you can specify several server stages or even reboot a number of times.

You can get more information at the HPE SUT Site here and in the User Guides

The iLO can be fuelled with updates in several ways, I will explain the most common.

  1. Upload individually in iLO under the Firmware Tab.
  2. Launch the Software Update Manager (SUM) from the Service Pack for ProLiant (SPP), and deploy.
  3. Distribute the SPP with iLO Amplifier.

I will now explain 2 and 3 by using an ESXi server as an example.

Prepare

First, the iSUT must be installed on the target server and set to AutoDeploy. The iSUT should already be installed with HPE ESX Image.

Check It:

[[email protected]:~] sut -status

System Update Manager...................: OS Administrator

Task Status.............................: Bios:N/A; LocalStorage:N/A; Deploy:Idle

Staging Directory.......................: /tmp/sut/stagingdirectory

Baseline URI............................: None

Baseline Version........................: Waiting for staging

Mode of Operation.......................: OnDemand

Polling Interval In Minutes.............: 5

Force Deploy............................: No

Optional Components.....................: None

EnableiLOQueuedUpdates..................: true

User Action Needed......................: To perform the firmware updates import the server to OneView or use iLO Amplifier Pack. If imported into OneView create a server profile with a firmware baseline and apply the profile to the server.

iLO Security Mode.......................: Production

iLO CAC Smartcard Authentication........: Off

iLO CAC Strict Mode.....................: Off



Now set iSUT to Deploy Updates:
[[email protected]:~] sut -set mode=AutoDeployReboot

Set Mode: AutoDeployReboot

Service will be registered and started

Service already registered

SUT Service started successfully

Registration successful

You can set the iSUT mode to AutoDeployReboot mode.

However, iSUT reboots the VMware ESXi host only if the host is in maintenance mode.

If it is not Installed, Download HPE Utilities Offline Bundle for ESXi 6.7

https://vibsdepot.hpe.com/

Use Service Pack for ProLiant

Mount the SPP ISO on the deployment PC/server and start SUM with launch_sum.bat.

SPP-LaunchSUM

SUM-Welcome

Select Nodes and add your Target Server using the iLO IP, not the OS IP.

Node Type:      iLO

Baseline:           Your Service Pack ProLiant

SUM-AddNode

Now, first Start an Inventory and then choose Deploy.

SUM-Review

SUM-Deploy

Chose to Deploy and the SUM will copy the Firmware and Drivers to the iLO NVRAM.

You can watch this in the iLO GUI:

iLO-Firmware

LO-Queue

The iSUT Service in the OS will now pick-up software from iLO and install.

When all is done, reboot the host, and you are done.

iLO-Complete

With iLO Amplifier

https://iloamplifierpack.itcs.hpe.com/

First, we must upload the SPP to the iLO Amplifier Repository.

This is done, by Firmware Baseline > Import Baseline:

Amp-Import

Amp-Upload

Amp-Baseline

Now we can Rollout the SPP to the Servers.

Select “Server Updates”:

Amp-ServerUpdates

If you see “SUT mode not supported, SUT not running. Host OS type not supported, AMS not Running.” the server is usually powered Off.

If you see “SUT mode not supported. SUT not running or “ iSUT is not enabled, you need to refresh the Server state using Assets > Servers > Select Server > Action > Refresh.

Amp-UpdateJob

From this point, it is the same as with SUM.

The Files are being copied to the iLO NVRAM, iSUT will see and then install them.

Armin Kerl

Brocade FOS 9 GUI

How to Enable Brocade FOS 9 Web Tools

This guest post is brought to you by Armin Kerl, if you fancy trying you hand at blogging check out our guest posting opportunities.

Great News:

Starting with Brocade FOS 9.0 the Web Tools now use only HTML and no more Java is needed. FOS 9 is supported for most 32GB Switches and you can Update from v8.2.1d or v8.2.2a or later. So, I have Updated four new HPE SN3600B (Brocade G610) Switches from 8.x to 9.0, but there is no Web Tool.

What’s the Problem?

First, there is no default https Certificate, we must generate one. (HTTP interface is no longer available)

seccertmgmt show -all

Certificate Files:

--------------------------------------------------------------------------------------------------------------------

Protocol   Client CA                 Server CA                 SW                        CSR     PVT Key Passphrase

--------------------------------------------------------------------------------------------------------------------

FCAP       Empty                     NA                        Empty                     Empty   Empty   Empty

RADIUS     Empty                     Empty                     Empty                     Empty   Empty   NA

LDAP       Empty                     Empty                     Empty                     Empty   Empty   NA

SYSLOG     Empty                     Empty                     Empty                     Empty   Empty   NA

HTTPS      NA                        Empty                     Empty                     Empty   Empty   NA

KAFKA      NA                        Empty                     NA                        NA      NA      NA

ASC        NA                        Empty                     NA                        NA      NA      NA

Now we generate a https Certificate, starting with FOS 8.1.x there is a simple command:

seccertmgmt generate -cert https -type rsa -keysize 2048 -hash sha1 -years 10

Or use the menu:

seccertmgmt generate -csr https
Certificate Files:

--------------------------------------------------------------------------------------------------------------------

Protocol   Client CA                 Server CA                 SW                        CSR     PVT Key Passphrase

--------------------------------------------------------------------------------------------------------------------

FCAP       Empty                     NA                        Empty                     Empty   Empty   Empty

RADIUS     Empty                     Empty                     Empty                     Empty   Empty   NA

LDAP       Empty                     Empty                     Empty                     Empty   Empty   NA

SYSLOG     Empty                     Empty                     Empty                     Empty   Empty   NA

HTTPS      NA                        Empty                     Exist                     Empty   Exist   NA

KAFKA      NA                        Empty                     NA                        NA      NA      NA

ASC        NA                        Empty                     NA                        NA      NA      NA

You should see the Web Tools in your Browser, like this:

Brocade FOS 9 GUI

But not for me, I get only a Blank White Page with no Login for all Switches. Wasting several Hours with search and Google for a Solution. Finally, I found the Problem: All my Browsers have a non-English GUI.

If you dig into the Release Notes there is a Note: Web Tools only supports the US English language setting in an internet browser. Setting to other language may result in Web Tools showing a blank Page.

Change setting and here it is:

Armin Kerl