Cisco HyperFlex integration details and Q&A

With Veeam Backup & Replication 9.5 Update 2 we launched our integration with Cisco HyperFlex. The integration leverages our Backup from Storage Snapshot technology to optimize the data transfer for Veeam backups as well as replications. Since then I got a lot of positive feedback and questions around the integration. That’s why I want to answer the most common questions in this blog post. A brief overview on the integration itself was already done by my colleague Michael Cade earlier this year.

Besides this blog post we already started the work on an implementation and best practice guide so stay tuned and check our website regularly.

Why does Veeam integrate into Cisco HyperFlex?

The main reason why Veeam started to integrate into storage arrays, regardless if it is Cisco HyperFlex or any other storage we support, is to avoid or at least minimize the time of VMware Redo-Log Snapshots (native VMware VM Snapshots).

If you run a VM backup without the integration, the workflow will always create a VMware Redo-Log Snapshot; Veeam will read all data while VMware redirects all writes into the Redo-Log File and after the backup/replica is done, the VM Snapshot will be deleted as shown in the graphic below on the left side. Especially the VM snapshot delete can take a lot of time and consume serious amounts of storage resources until done.

Cisco HyperFlex integration

Using the Cisco HyperFlex integration means avoiding VMware VM Snapshots completely. As you can see on the right side in the graphic above, the workflow will create a Cisco HX Snapshot; Veeam reads all data out of the Snapshots and after the backup/replica is done Cisco will delete the HX Snapshot which has almost no impact in the VM or the rest of the production.

With that the Veeam integration into Cisco HyperFlex is the only one where no more VMware Snapshots are needed at all.

What are the requirements and which Veeam features can be leveraged with Cisco HyperFlex?
Before going ahead and trying the integration please be aware of the following requirements. 50% of the questions and errors I get are due to the fact that at least one of the following requirements is missing:

  • VMs reside on a Cisco HyperFlex 2.0 or newer cluster (HX version < 2.0 are not supported)
  • Veeam Backup & Replication 9.5 Update 2 or newer is installed on the backup server
  • License for Veeam Backup & Replication Enterprise Plus Edition is installed on the backup server
  • Cisco HyperFlex storage system is added to the Veeam storage infrastructure and the vCenter server is added to virtual infrastructure
  • Backup proxy is properly configured in the backup infrastructure
  • VM must not have any existing VMware native Snapshot before the first job kicks off
  • The “Enable backup from storage snapshots option is selected in the job settings
  • When using Backup from Storage Snapshot over NFS:
    • Veeam Proxy server has access to the Cisco HyperFlex NFS Backend
    • Required VMware Firewall Ports are open for IOVisor Backup (see Helpcenter article)

As of today Veeam supports Backup from Storage Snapshots with Cisco HyperFlex. All other storage related features like Veeam Explorer for Storage Snapshots, OnDemand Sandbox from Storage Snapshots, Snapshot only job…etc. are not supported. Of course, you can use all regular Veeam features leveraging the Veeam backup.

How do I configure the Cisco HyperFlex integration?

The Cisco HyperFlex integration is like any other Veeam Storage Integration. For us Cisco HyperFlex is not a HyperConverged system but seen as a storage system. That’s why you need to navigate to “Storage Infrastructure” within your Veeam Backup & Replication installation to add the Cisco HyperFlex system. After selecting “Add Storage” you will be promoted with the following wizard:

1. Select “Cisco HyperFlex”

Cisco HyperFlex integration

2. Add the Cisco HyperFlex Management IP address of the Data Platform

Cisco HyperFlex integration

a) To find the needed IP address simply open the advanced Cisco HX settings within your VMware Webclient

Cisco HyperFlex integration

b) The needed IP can be found here

Cisco HyperFlex integration

3. Define the login credentials for the management

Cisco HyperFlex integration

4. Optional: Define Veeam Proxies to be used for this cluster

Cisco HyperFlex integration

5. Finish the wizard

Cisco HyperFlex integration

After finishing the wizard, you will see the following dialog that adds the Cisco HyperFlex system to the Veeam installation.

Cisco HyperFlex integration

If you see any warning message here the reason is most likely that your Veeam proxy server doesn’t have the needed backend NFS data access or the VMware Firewall ports are not opened. More details in the next questions.

What access is needed on the Veeam Proxy to get Backup from Storage Snapshots working?

The Veeam integration with Cisco HyperFlex works with all available data transport modes.

Cisco HyperFlex integration

No matter if you use NFS (1, 2) as the transport protocol by accessing the backend Cisco HyperFlex data network or if you use the regular transport modes Hot-Add (3) and NBD (4), Veeam will always leverage a Cisco HyperFlex Snapshot as a source.

For NBD and Hot-Add, no additional configuration is needed. After the Cisco HX system is added to the Veeam installation Cisco HX snapshots will be automatically used.

For NFS as transport mode there are two ways to access the data:

  • Backup from Storage Snapshots over IO Visor on ESX(i) hosts (1): The IO Visor is a Cisco HyperFlex software module that runs on every ESXi host that is part of the Cisco HyperFlex cluster. It presents HyperFlex NFS datastores to the ESX(i) hosts and optimizes the data paths in the HyperFlex cluster. The backup over IO Visor is the preferred method as it provides the high speed of VM data reading and balances the load across the HyperFlex cluster.
  • Backup from Storage Snapshots over HyperFlex Controller Cluster IP (2): In this processing mode, all traffic is handled by a single HX controller that holds the HyperFlex Controller Cluster IP.

Cisco HyperFlex integration

No matter which NFS mode you use, the Veeam Proxy will need access to the backend NFS data network of Cisco HX. The graphic above shows which networks are accessed by the Veeam proxy server. I’m used to saying, configure your Veeam proxy server with the same management and storage access like what you would do with an additional ESXi host.

The HyperFlex Controller Cluster IP does not require any additional confirmation as all needed communication will be handled by Veeam and Cisco APIs.

For the IOVisior backup you need to open specific VMware Firewall ports as the Veeam proxy server needs to access a module running within the VMware ESXi. Information on how to open the needed ports is listed in the next question.

How do I open the needed VMware Firewall Ports?

The Cisco HyperFlex IO Visor is a software component that runs on all ESXi hosts within a Cisco HyperFlex cluster. It works as an NFS server for Veeam traffic.

You need to allow NFS traffic from the backup proxies to ESXi hosts. As Cisco IO Visor based NFS communication uses dynamic ports, you need to create an ESXi firewall rule with inbound ports 0-65535 and the backup proxy IP addresses as allowed IP addresses.

You can do this in three ways:

  • Create a VMware ESXi host VIB host extension file that creates the firewall rule, install/enable it on all hosts and set the backup proxy IP addresses as allowed ones. For more information, see KB article 2291.
  • Use a predefined VMware ESXi host extension VIB file from the Veeam Community GitHUB project. For more information, see KB article 2298.
  • Use ESXi command line interface to create a temporary firewall rule (until the next ESXi host reboot). For more information, see KB article 2299.

Conclusion

As you can see the integration is very powerful and there are a lot of details when it comes down to the configuration. Veeam Backup & Replication 9.5 Update 2 offers Availability for Cisco HyperFlex 2.0 by providing both an optimized backup and replication workflow to lower the recovery time and point objectives (RTPO) to < 15 minutes for ALL applications and data running on top of it.

Here are some useful links, including our newly released Cisco Validated Designs:

Advertisements

VeeamON 2017 – Experience availability

2017-03-22 11_57_06-VeeamON 2017 - Experience Availability!

As we are getting closer and closer to the world’s largest event entirely focused on Availability, Veeam’s VeeamON, I tried to put together the most important infos in one post.

What is VeeamON?
VeeamON is Veeam’s own availability conference and taking place in New Orleans May, 16th-18th this year. At VeeamON all is about availability and how to make sure your data is protected and ready for the digital transformation. It’s the world’s largest event that is purely focused on this topic and very unique in what you can get there. It’s the second one and with around 3000 attendees it will be even bigger then 2015.

Why to attend VeeamON?
There are several reasons to attend events like this. For me especially the networking and the chance to talk to experts is one of the key reasons to attend. Next to that it’s definitively worth to join to get all the announcements and previews on Veeam Availability Sutie v10. What makes VeeamON unique is the chance to participate in an VMCE/VMCE-ADO class before joining to conference and get both for a very attractive price.
Some more reasons to attend:

  • Learn how to capitalize on your existing virtualization, networking, storage and Veeam investments
  • Discover the latest cloud technologies and how you can leverage your existing assets as part of a comprehensive availability strategy.
  • Hear how Veeam and partners like Microsoft, VMware, Cisco, Hewlett Packard Enterprise, NetApp and many others work together to deliver innovations that optimize your data center
  • Network with peers, meet the best technical and business minds in the industry, and voice your opinion directly to the team responsible for the development of Veeam solutions
  • Learn best practices and how to avoid unnecessary downtime from the Veeam experts
  • Become a VMCE at a greatly discounted rate.  If you’re already a VMCE  register for our VMCE-Advanced, Design and Optimization (VMCE-ADO) class at the same great rate.

VeeamON 2017 – The sponsors
Another reason to join such an event is all the sponsors and vendors having a booth there. You can see all the integrations and get the latest information’s on the join alliance work.
This year Veeam got again the top partner joining the event. Some of them are:
Cisco   HPE   Microsoft   NetApp
and many more.

VeeamON Hard facts
Event date:                       May 16th – 18th
Event location:               New Orleans Convention Center
Breakout session:           80+ session on different topics and different levels
Attendees:                        more than 3000 expected
LabWarez:                         $10,000 top prize

VeeamON 2017 will take place in a special location. New Orleans is a unique blend of cultures that has so much to offer. I hope you’ll plan your agenda in such a way that you’ll have the chance to enjoy the Big Easy. Today, I will share with you several attractions that will definitely make your stay in New Orleans unforgettable.

To get all details and to register yourself please visit http://www.veeamon.com

As soon as the Breakout Session schedule is ready I will also create a blog on the must see sessions. In the meanwhile please let me know on any question and hope to see you at VeeamON 2017 in New Orleans.

VCC Series Post 3 – Veeam Cloud Connect Backup – End-Customer configuration

In this blog series you will learn step-by-step how to setup and configure Veeam Cloud Connect to offer Backup-as-a-Service.

This series contains 3 blog posts:
1. Veeam Backup & Replication installation (already posted)
2. Veeam Cloud Connect Backup – Service Provider configuration (already posted)
3. Veeam Cloud Connect Backup – End-Customer configuration (this post)

Read More »

VCC Series Post 2 – Veeam Cloud Connect Backup – Service Provider configuration

In this blog series you will learn step-by-step how to setup and configure Veeam Cloud Connect to offer Backup-as-a-Service.

This series contain 3 blog posts:
1. Veeam Backup & Replication installation (already posted)
2. Veeam Cloud Connect Backup – Service Provider configuration (this post)
3. Veeam Cloud Connect Backup – End-Customer configuration (will be posted on Feb. 6th)

Read More »

VCC Series Post 1 – Veeam Backup & Replication installation

In my new blog series you will learn step-by-step how to setup and configure Veeam Cloud Connect to offer Backup-as-a-Service.

This series contains 3 blog posts:
1. Veeam Backup & Replication installation (this post)
2. Veeam Cloud Connect Backup – Service Provider configuration (will be posted on Jan. 9th)
3. Veeam Cloud Connect Backup – End-Customer configuration (will be posted on Feb. 6th)

Read More »

Veeam 9.5 and NetApp: Enterprise performance and scalability for NetApp storage with

Veeam just released version 9.5 of Veeam Backup & Replication. In this blog post, I would like to share some of the new capabilities that 9.5 delivers with our NetApp ONTAP storage integration.

As this is not a major version release, we didn’t add any specific new features, however, there are several improvements with respect towards backup resource scalability, which is of particular importance in enterprise data center environments.

1. Automatic NetApp LIF selection for data traffic

With 9.5, we implemented an advanced way for the Veeam backup server to identify the correct Data LIF for the backup process.
img01-1-700x427In the above example, the VM is stored on an aggregate located on Node 4. With 9.5, we made sure that data LIF4, of node 4, is used to access and backup the VM, instead of using data LIF1 on node 1 and transferring the data over the back-end cluster network. With this new implementation, we avoid the potential for node 1, or the back-end cluster network, to run out of resources during a Veeam backup.

The new cluster aware LIF selection also follows the data in case it is moved to another aggregate on another node, thereby ensuring the optimized path is utilized by the Veeam proxy server to perform data movement.

This functionality is enabled by default and does not require any action from your side to utilize this new capability.

2. Proxy affinity rules for storage access

The second enhancement is a new way to define proxy affinity between your NetApp ONTAP systems and the Veeam proxy server.
img02-1-700x204By using proxy affinity rules, you can easily define Veeam proxy server assignments for each NetApp ONTAP system. If there are multiple NetApp systems and Veeam proxy servers in the same environment, it is recommended to assign affinity relationships to avoid situations where a Veeam proxy server is misaligned with an ONTAP system. This capability saves time in the job initialization process and optimizes proxy resource utilization in larger environments, enabling you to ensure that specific proxy servers are available for specific backup jobs. img03-1-700x275This also ensures that local proxies are only accessing local NetApp ONTAP systems when using network based access protocols like NFS or iSCSI. img04To configure the proxy affinity, simply go to “Storage Infrastructure” within your Veeam Backup & Replication console and select the NetApp cluster you want to modify. Open the advanced settings and select the backup proxies Veeam should use.

3. Protocol selection to optimize proxy data access

One very common user request that we have addressed with 9.5 is the option to assign a different protocol to the Veeam proxy server than the one being used by the VMware server. Before 9.5, you could use different REG-Keys to force the Veeam proxy to use a different protocol. img05-1-700x466Now with 9.5, you can easily deploy a configuration where VMware is accessing the ONTAP cluster by FC, while the Veeam proxy uses iSCSI for backup and replication and all of the other Veeam features. Since the LUN is the same block device, it can be accessed via FC, iSCSI or both, enabling you to leverage your existing 10 GB network to back up the data via FC or iSCSI (or vice versa).

Besides the benefit of defining a different access protocol, you can also reduce the time that the Veeam proxy needs to scan and access your NetApp data and start a job, as the overhead required to check all available protocols is eliminated. In short, it’s a very simple way to optimize your existing Veeam and NetApp installation. img06To configure the protocol selection, simply go to “Storage Infrastructure” within your Veeam Backup & Replication console and select the NetApp cluster you want to modify. Open the advanced settings and select the protocol to be used by the Veeam proxy host. As shown in the above example, only the licensed ONTAP protocol is available to use.

In summary, the enterprise enhancements available in 9.5 make the Veeam integration with ONTAP more flexible and scalable. This is another great example of Veeam product development implementing feature enhancements based on the direct feedback from our customers and partners.

For additional Veeam and NetApp best practices, I highly recommend the following documents and articles:

Enterprise datacenter Availability with NetApp cascaded SnapMirror and Veeam

Data Availability has become more and more important for today’s businesses. The NetApp Data ONTAP and Veeam combination provides a high Availability level for the Always-On Enterprise. By leveraging NetApp data protection features like snapshots, SnapMirror and SnapVault, Veeam is able to enhance recovery time and recovery point objectives, otherwise known as RTPO, for VMs and applications residing on NFS-, FC-, FCoE- and iSCSI-based arrays.

Some enterprise data centers are leveraging NetApp’s ability to cascade ONTAP systems to maximize Availability. In this blogpost, I explain the benefits of leveraging an ONTAP cascaded design with Veeam.

The environment

Let’s assume the customer has the following data center design and requirements:
1

  1. In the primary data center, a NetApp ONTAP system named RLPEDGE01, with a source volume called NFSVAULT
  2. On the secondary side, a NetApp ONTAP system RLPEDGE02, with a SnapVault destination Volume RLPNFS01_NFSVAULT_vault
  3. At the third side, a NetApp ONTAP system RLPEDGE03, with a SnapMirror destination volume RLPNFS03_NFSVAULT_mirror

The requirements include using SnapVault between RLPEDGE01 and RLPEDGE02, combined with application-consistent snapshots. Furthermore, the customer wants to use SnapMirror to replicate the SnapVault data to RLPEDGE03, which is in a co-location facility.

Veeam orchestration combined with NetApp protection policies

To build this configuration, NetApp ONTAP protection policies are combined with Veeam’s advanced storage integration and orchestration capabilities.
2

  1. Veeam creates an application-consistent backup of VMs. This includes the optional log truncation and snapshot creation within the VMware environment.
  2. Next, Veeam instructs the primary NetApp system (RLPEDGE01) to perform an array-based snapshot and subsequent orchestration.
  3. Next, the primary NetApp system will manage the SnapVault update to the secondary (RLPEDGE02) and retention policies of these snapshots within both primary and secondary systems.
  4. The NetApp ONTAP built-in protection engine handles the SnapMirror update between the secondary and the tertiary (RLPEDGE03) NetApp systems. Through this process, all snapshots on RLPEDGE02 will be mirrored to RLPEDGE03 and made available for restores.

The customer benefits here by being able to leverage Veeam’s native restore capabilities on any NetApp ONTAP platform in the environment. This includes the third NetApp system, RLPEDGE03, which is not part of the Veeam snapshot orchestration process. The restore functionality permits granular restores using Veeam Explorers for Storage Snapshots to perform file, item or VM image-based recoveries for Microsoft Active Directory, Exchange, SharePoint, SQL and Oracle. Veeam OnDemand Sandbox capabilities can also leverage NetApp snapshots to create isolated test environments for testing application updates, patches and other changes, without impacting the production environment.

Let’s get it done

To set up this configuration, follow these steps:

  1. Add all NetApp ONTAP systems to your Veeam Backup & Replication console
    3
  2. Create the SnapVault relationship between primary and secondary NetApp systems
    4
  3. Create a Veeam job to protect your VMs:
    1. Within the Veeam job set the desired SnapVault retention policies
      5
    2. If required, enable Application-Aware Processing
    3. Define a schedule for the job that meets the RPO of applications being protected

If you require any assistance creating a Veeam/NetApp backup job, you can find additional detail in the Best Practices Guide.

After Veeam Backup and NetApp SnapVault are configured and running, we can now set up the SnapMirror relationship to the third NetApp system. However, you should pair NetApp 2 and NetApp 3 and ensure that the proper SnapVault Mirrors (SVMs) are available and paired as well. In addition, create a DP Volume on the NetApp 3 SVM, which will be used as the destination target for the SnapMirror volume.

NOTE: Veeam assumes no warranty for any command. These commands should only be used as a reference. Exercise CAUTION when working in any production environment. All commands should be modified (cluster, volume, vservernames, etc.) to fit in your environment.

After the volume is created, you can create the SnapMirror policy and the SnapMirror relationship:

To create the SnapMirror policy run:

snapmirror policy create -vserver SVMNFS03 -policy VeeamSM -tries 8 -transfer-priority normal -ignore-atime false -restart always -type async-mirror

Add the rule to mirror all source snapshots: all_source_snapshots. This is mandatory, otherwise you will get an error that the SnapMirror label was not found:

snapmirror policy add-rule -vserver SVMNFS03 -policy VeeamSM -snapmirror-label all_source_snapshots -keep 1
snapmirror policy show

SnapMirror relation creation and initialization:

snapmirror create -source-path RLPNFS02:RLPNFS01_NFSVAULT_vault -destination-path SVMNFS03:RLPNFS03_NFSVAULT_mirror -type DP -throttle unlimited -identity-preserve false -vserver SVMNFS03 -policy VeeamMirror

snapmirror initialize -destination-path SVMNFS03:RLPNFS03_NFSVAULT_mirror

snapmirror modify -destination-path SVMNFS03:RLPNFS03_NFSVAULT_mirror -schedule 5min

snapmirror show

You can also check the SnapMirror relationship within the NetApp System Manager on the third NetApp to get the following screen view:
6Now that the SnapMirror relation has been initialized and running (in our case, every 5 minutes), check the Veeam interface to verify that snapshots on the third NetApp platform are available for restores.

Your Veeam interface should look similar to this:
7As you can see, all three NetApp systems are available, as well as the three volumes. When browsing the volumes on RLPEDGE02 and RLPEDGE03, we see the same number of available snapshots (one snapshot is the baseline image).
8With the configuration complete, we now have a cascaded SnapVault to SnapMirror relationship from which all Veeam restore capabilities can be used. One of the benefits of the direct integration Veeam provides is the ability to directly restore from array-based snapshots.

In the example below, we illustrate how an administrator can browse our NetApp system RLPEDGE03, view the VMs within that snapshot and perform all of the great recovery options that Veeam has available. In summary, this scenario illustrates how we’ve executed a single NetApp snapshot, which has been cascaded down to our tertiary device where we’re able to perform recovery. This process drastically reduces the load placed on the production environment during backup and recovery operations, which in turn, increases the RTPO for our applications and services.
9

What about Veeam Backup from Storage Snapshots?

Veeam Backup from Storage Snapshots is a unique technology that optimizes VM backup by leveraging Storage Snapshots as a source for the Veeam data stream. In the scenario that was just explained, you can fully leverage Veeam Backup from Storage Snapshots from the primary or secondary NetApp ONTAP storage device. Veeam orchestrates all the snapshots processes across these two storage systems.
10To complete the cascade process, and as mentioned earlier, the SnapMirror relation toward the third NetApp ONTAP system is handled by the data protection engine of ONTAP, and is not a part of Veeam orchestration.

Datacenter 4.0 – A reference architecture with Cisco, NetApp and Veeam

Today’s business relies on the IT department more than ever. The Internet of Everything (IoE) now requires a fully functioning datacenter to avoid business grinding to a halt, products not reaching the market and services disappearing. It is impossible to meet all user, customer or partner expectations without a fully functioning datacenter, which is the driving force for organizations to modernize and optimize their IT resources.

An important part of this modernization is standardizing predictable, repeatable and very stable data center reference architectures.

The reference architecture defines a technology design and deployment that addresses the specific requirements of a business need. This includes the blueprint and best practices for installation and configuration, which all work together in the most optimal state. The reference architecture defines which specific technologies and products are combined and how address them in a particular use case. The reference architecture is a template solution for enterprise IT.Read More »