Upload
others
View
3
Download
0
Embed Size (px)
Citation preview
Michael Cade, @MichaelCade1, vZilla.netAnthony Spiteri, @anthonyspiteri, anthonyspiteri.net
PBO3311BUS
#VMworld #PBO3311BUS
Implementing Advanced vSphere Features with Veeam Availability Suite
VMworld 2017 Content: Not fo
r publication or distri
bution
VVols
SPBM
Agenda
Part 1 - Next Generation Storage
vSAN
Encryption
Part 2 – Cloud and Management
Cloud Connect Replication v10 Enhancements
Cloud Connect Replication and DRaaS
Self Service Backup and Recovery for vCD and vSphere
Veeam One and Log Insight Content Management Pack
PBO3311BUS CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Next Generation StorageSPBM – Storage Policy Based Management
PART 1
PBO3311BUS CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
SPBM is the foundation of the SDS Control Panel
• A common policy framework across VMFS, vSAN & VVols
• Abstracts underlying storage
• Intelligent placement of services at VM level
PBO3311BUS CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
The Storage Policy-Based Management association is critical when it comes to backup and restore.
Otherwise, why use the new frameworks if you can’t ensure their service levels on restore.
VMFS snapshots a lot better in recent versions of vSphere, but Snapshots changed completely with vSAN and VVols.
Sounds great for your production workloads, what about backup?
PBO3311BUS CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Rules - HowPolicies in the backend are consumed by JOBS (or tasks, or schedules, or batch…)
Jobs are difficult to maintain at scale if they deal with single VMs or groups
The environment is highly changing, instead of changing jobs frequently, let’s have them adjust automatically
PBO3311BUS CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
• Why wouldn't you be using these for your Veeam Backup & Replication™ jobs?
• Fast• Manageable• Automated
Automate your Veeam backup with vSphere Tags
PBO3311BUS CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
• Automate your VMs being added to a backup job by using vSphere Tags
• SPBM policies assigned to a VM will also be recovered
Create Veeam Backup Jobs using vSphere Tags
PBO3311BUS CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
• Ensure that the restore process correctly matches the Storage Policy-Based Management association
IMPORTANT!
PBO3311BUS CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Next Generation StorageVVols
PBO3311BUS CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
• VVol support came with complete vSphere 6 support in Veeam Availability Suite™ v8
• VVol backups follow much of the same workflows of a regular VM backup except their path is much more VVol aware
Backup mechanism
PBO3311BUS CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Backup types supported
•
•
•
•
•
•
•
PBO3311BUS CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Backup types supported
•
•
•
•
•
•
•
•
PBO3311BUS CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Snapshots: Files vs VVols
main.vmdk
VMFS VVol
VVol ID 42
main.vmdk
snap.vmdk
VVolID 42
Flat file
snap.vmdk
Redo log
Redo log
snap.vmdk
VVolID 86
PBO3311BUS CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
VVolID 861
Reverting Snapshots
main.vmdk
VVol ID 42
main.vmdk
snap.vmdk
VVolID 42
Flat file
VVolID 86
backoutVVol
ID 243
VMFS VVol
PBO3311BUS CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
VMFS VVol
VMFS versus VVol
PBO3311BUS CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
VMFS VVol
VMFS versus VVol
PBO3311BUS CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
• Veeam Quick Migration (included in the FREE edition)• An out-of-band VVol migration tool • Migrate to a VVol from basically any source VM
arrangement
• Quick Migration allows you to completely reconstruct a VM on a VVol target without unnecessarily linking vCenterenvironments
• Source VM should be hardware 11
Migration
PBO3311BUS CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Next Generation StoragevSAN
PBO3311BUS CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
• Gather data distribution from vCenter• Determine where most VM data resides• Efficient use of proxy and resource (Hot-Add)
vSAN - Smart logic
VMware KB Article
PBO3311BUS CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
History and Overview
vSAN Aware Backups
• Support for vSAN first in mid 2014 v7 Update 4• 6.5 Support in 9.5 Update 1• 6.6 Support in 9.5 Update 2
• Not an Advanced Feature in Itself• VMware VADP Libraries Commonly Used• Extracts Data from ESXi• Reads VMDK of any VM
• vSAN Aware Backups• Works with lack of vSAN Data Locality• Doesn’t Care about where VM Lives (Host)• Looks at Placement of Disk Objects
PBO3311BUS CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Example Workflow
vSAN Aware Backups
PBO3311BUS CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Veeam Backup & Replication doesn’t care what Host the VM is registered on.
vSAN Aware Backups
PBO3311BUS CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
More interested in looking at the placement of the VM Disk Objects.
vSAN Aware Backups
PBO3311BUS CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
One Veeam Backup & Replication Proxy Server per vSAN Host
vSAN Aware Backups
PBO3311BUS CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Use DRS Host Affinity rules to keep them locked to a host
vSAN Aware Backups
PBO3311BUS CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
There is no special vSAN Enabled Backup Option
vSAN Aware Backups Job Logic
vSAN enabled datastore detected by Backup & Replication and objects enumerated
PBO3311BUS CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Once we know were the disk objects are…
Backup & Replication tries to map the data to the proxies that can access them
vSAN Aware Backups Job Logic
PBO3311BUS CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Proxies are marked as “hotAddSameHost”
vSAN Aware Backups
PBO3311BUS CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
The final step is to select which proxy will execute the read from vSAN
vSAN Aware Backups – Job Logic
PBO3311BUS CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
The final step is to select which proxy will execute the read from vSAN
vSAN Aware Backups
PBO3311BUS CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
• Instant VM Recovery®
• Quick Rollback
• There are many other specific options for infrastructure restores (Entire VM, VM hard disks, VM files, etc.)
• Veeam Explorers™ for SQL Server, Exchange, Active Directory, Oracle and SharePoint
Restore mechanism
PBO3311BUS CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Next Generation StorageEncrypted VMs
PBO3311BUS CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Encrypted VMs 101KMS is required• Key Management Server (KMS) is mandatory to use encrypted VMs
Doesn’t KMS add SPOF to my vSphere?• Oh, yes! We had our QC labs turn pumpkins twice already
What are my options for KMS?• HyTrust (free, 5K USD for support)• OpenKMIP (found extremely unreliable)• 3rd party
PBO3311BUS CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Lost processing modes• Direct storage access modes are impossible for encrypted
VMs (Direct SAN, Direct SAN+BFSS, Direct NFS)
Supported processing modes• Hot Add proxy itself must be an encrypted VM, otherwise
backup will failover to NBD[SSL] (load balancer is aware)
Security• VDDK fetches unencrypted content of encrypted VMDKs, so
do consider enabling backup file encryption in Veeam
Backup of encrypted VMs
PBO3311BUS CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
We DO NOT encrypt VMs, vSphere does
To ensure this, select the target datastore with VM Encryption storage policy
Applies to full VM restore, replication and Quick Migration (including Instant VM Recovery)
Restore
VMworld 2017 Content: Not fo
r publication or distri
bution
Next Generation StorageMonitoring & Reporting
PBO3311BUS CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
• Veeam ONE™ Business View
Monitoring and reporting
PBO3311BUS CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
VM with no backup
PBO3311BUS CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
VM with no backup
PBO3311BUS CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
INTERMISSION…
PBO3311BUS CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Cloud and ManagementCloud Connect Replication, vCloud Director, vSphere and Log Insight
PART 2
PBO3311BUS CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Veeam Backup Components
Infrastructure as a Service Components
Cloud Connect Repository
Cloud Backup & Replication
Network Edge
IaaS Backup & Replication
WAN Accelerator
vCenter
Cloud EnterpriseManager IaaS/Cloud
vCloud Director
Network Extension Appliances
Veeam Availability Console
vCD Self Service Portal
IaaS RepositoryCloud Connect
Gateways
Cloud Connect Tenant Portal
Cloud Veeam ONE
vCAN and VCSP Super Architecture IaaS, BaaS, RaaS, DRaaS – v9.5
IaaS vSphere Platform Replication vSphere Platform
vCenter
NSX-v
PBO3311BUS CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Veeam Backup Components
Infrastructure as a Service Components
Cloud Connect Repository
Cloud Backup & Replication
Network Edge
IaaS Backup & Replication
WAN Accelerator
vCenter
Cloud EnterpriseManager IaaS/Cloud
vCloud Director
Network Extension Appliances
Veeam Availability Console
vCD Self Service Portal
IaaS RepositoryCloud Connect
Gateways
Cloud Connect Tenant Portal
Cloud Veeam ONE
vCAN and VCSP Super Architecture IaaS, BaaS, RaaS, DRaaS – v10
IaaS vSphere Platform Replication vSphere Platform
vCenter
NSX Edge Service GatewayNSX-v NSX-v
PBO3311BUS CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Cloud and ManagementvCloud Director History, Advanced Capabilities and Futures
PBO3311BUS CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Veeam vCloud Director Backup Integration
• Released in Veeam Backup & Replication 7.0
• Uses vCD APIs to get correct hierarchy• Captures vApp Metadata• Allows Restoration of object back into vCD
• Metadata Includes
• General VM info• vApp Networks• Startup options• User Info• Lease• Quota• Storage
• Restore Options
• In Place or side by side• Instant VM Recovery• VM Files, Hard Disks or OS Files
PBO3311BUS CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Veeam vCloud Director Self Service Portal
• Released in Veeam Backup & Replication 9.5
• Multi-tenant self service backup and restore portal• Requires Enterprise Manager
• Allows tenant’s to backup
• Single VMs• vApps• Virtual Datacenters• Organisations
• Allows tenant’s to restore
• In place• Side by side• File level• MSSQL items• Oracle items
PBO3311BUS CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Veeam vCloud Director Self Service Portal – Quick Demo
PBO3311BUS CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Veeam vCloud Director v10 DRaaS Enhancements
• Released in Veeam Backup & Replication 7.0
• Uses vCD APIs to get correct hierarchy• Captures vApp Metadata• Allows Restoration of object back into vCD
• Metadata Includes
• General VM info• vApp Networks• Startup options• User Info• Lease• Quota• Storage
• Restore Options
• In Place or side by side• Instant VM Recovery• VM Files, Hard Disks or OS Files
PBO3311BUS CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Cloud and ManagementCloud Connect Replication Advanced Partial Failover
PBO3311BUS CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Veeam Cloud Connect Replication – Partial Failover
Tenant Side SP Side
Cloud Gateways
PBO3311BUS CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Veeam Cloud Connect Replication – Partial Failover
Tenant Side SP Side
Cloud Gateways
PBO3311BUS CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Veeam Cloud Connect Replication – Partial Failover
Tenant Side SP Side
Cloud Gateways
PBO3311BUS CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Veeam Cloud Connect Replication – Partial Failover
Tenant Side SP Side
Cloud Gateways
PBO3311BUS CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Veeam Cloud Connect Replication – Partial Failover
Tenant Side SP Side
Cloud Gateways
L2 VPN
PBO3311BUS CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Veeam Cloud Connect Replication – Partial Failover DEMO
PBO3311BUS CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Cloud and ManagementVeeam One and Log Insight Content Management Pack
PBO3311BUS CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
• Free Edition is Powerful!• vCD and Cloud Connect Monitoring
Veeam One
PBO3311BUS CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
vRealize Log Insight- DEMO
• Log Analytics• Content Packs
• vCD• vSphere• NSX• Veeam
PBO3311BUS CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
Call To Action!
• Use Tags Use Tags• Download Veeam ONE• Download Log Insight Content Pack
PBO3311BUS CONFIDENTIAL
VMworld 2017 Content: Not fo
r publication or distri
bution
VMworld 2017 Content: Not fo
r publication or distri
bution
VMworld 2017 Content: Not fo
r publication or distri
bution