Veeam Backup & Replication v8

for VMware: General Overview

Components

Deployment Methods

Features

Simple Deployment

The Veeam Backup Server is a Windows-based physical

or virtual machine (VM).
Coordinates backup, replication, recovery verification
and restore tasks;
Controls job scheduling and resource allocation;
Configures and manages backup infrastructure components
and specifies global settings for the backup infrastructure.

Data security is an important part of the backup strategy.

Information must be protected from unauthorized access,
especially if the backup of sensitive VM data goes to offsite locations or is archived to tape. To keep data safe, data
encryption should be used. In Veeam Backup & Replication,
encryption works at the job level and can be enabled for
backup jobs, backup copy jobs, tape jobs and VeeamZIP.

Server Roles

Veeam
Backup Server
Backup

To take the workload off the Veeam backup server,

Veeam Backup & Replication uses backup proxies.
A Veeam Backup Proxy is an architecture component that
sits between the data source and target, and is used to process
jobs and deliver backup traffic. In particular, the backup proxy
tasks include retrieving VM data from the production storage,
compressing and sending it to the backup repository. The role of
a backup proxy can be assigned to a dedicated Windows server
(physical or virtual) in the environment (by default Veeam backup
server takes the role itself ).

Cloud Connect is a feature of Veeam Backup & Replication

that can be used by Service Providers who subscribed to the
Veeam Cloud Provider Program (VCP) to offer their customers Backup Storage as a Service. Every Veeam Backup &
Replication v8 customer can buy this feature from their
service provider of choice. Its a great tool to send backups
offsite.

Replication
Source
VMware Host

Target
VMware Host

Advanced Deployment

Veeam
Backup Server

A Veeam Backup Repository is a location used by

Veeam Backup & Replication jobs to store backup files. Technically, a backup repository is a folder on the backup storage. Due
to the distribution of different repositories and the limitation on
number of parallel jobs for each one, the load across the backup
infrastructure is balanced.

WAN

Veeam Backup & Replication has 4 free Veeam Explorers

included in the product. All of them are used for granular
restore of specific objects directly from Veeam backups.
Every Veeam Explorer has a familiar, easy-to-use interface
and allows users to quickly locate the items they need. The
list includes:

Veeam Explorer for Microsoft Exchange

Veeam Explorer for Microsoft Active Directory

Veeam Explorer for Microsoft SQL server

Veeam Explorer for Microsoft SharePoint

Offsite

WAN Acceleration
Source
VMware Host

Veeam Backup Enterprise Manager is an optional component

intended for distributed enterprise environments with multiple
Backup Servers. Veeam Backup Enterprise Manager federates
Veeam Backup Servers and offers a consolidated view of these
servers through a web browser interface. All Veeam Backup
Server jobs can be managed and controlled through a single
pane of glass.

Target
VMware Host

Distributed Deployment

Veeam Backup
Enterprise Manager

Veeam Backup Enterprise Manager also enables an option to

search for Windows and Linux guest OS files in all current and
archived backups across the whole backup infrastructure and
restore these files in one click.

Veeam Backup & Replication offers Virtual Lab technology

in order to guarantee recoverability of virtual data. Virtual Lab
is an isolated virtual environment (no impact on production)
where Veeam verifies VMs and tests backups in automatic
mode. Moreover, Veeam is able to check VMs, which are dependent from others, using the notion of application group.

Veeam
Search Server

Virtual Lab includes:

On-Demand Sandbox
SureBackup
SureReplica

Veeam Backup Servers

Backup Server

Backup Proxy

End-to-end encryption

Veeam Cloud Connect

There are a few components deployed on Veeam Backup Server:

Requirements
Physical or virtual Windows server
(Windows 2003 SP2 or later);
2 GB RAM plus 200MB per each concurrent job;
2 CPU cores.

Data encryption transforms data to an unreadable, scrambled

format with the help of a cryptographic algorithm and a secret
key. If encrypted data is intercepted, it cannot be unlocked and
read by the eavesdropper. Only intended recipients who know
the secret key can reverse encrypted information back to a
readable format.

Veeam Cloud Connect is a technology in Veeam Backup &

Replication that lets Service Providers (SP) configure cloud repositories storage locations in the cloud, and expose cloud
repository resources to their customers.

Veeam Backup Service

The Veeam Backup Service is a Windows service that coordinates
operations performed by Veeam Backup & Replication such as
backup, replication, recovery verification and restore tasks. Veeam
Backup Service runs under account with administrative privileges
or local system account (default option since v8).
Veeam Backup Shell
The Veeam Backup Shell provides an application user interface
and allows users to access the applications functionality.
Veeam Backup Catalog Service
Veeam Backup Catalog Service is a Windows service that manages
a guest OS file system index for VMs and replicates system
index data files to enable a search through guest OS files. Index
data is stored in the Veeam Backup Catalog a folder on the
Veeam Backup Server. The Veeam Backup Catalog Service running
on the Veeam Backup Server works in conjunction with search
components installed on Veeam Backup Enterprise Manager and
(optionally) a dedicated Microsoft Search Server.
Veeam Backup SQL Database
Veeam Backup SQL Database is used by Veeam Backup Service,
Veeam Backup Shell and Veeam Backup Catalog Service to store
data about the backup infrastructure, jobs, sessions and so on. The
database instance can be located on a SQL Server installed either
locally (on the same machine where the Veeam Backup Server is
running) or remotely.
Veeam Backup PowerShell Snap-In
Veeam Backup PowerShell Snap-In is an extension for Microsoft
Windows PowerShell. Veeam Backup PowerShell Snap-in adds
a set of cmdlets to allow users to perform backup, replication
and recovery tasks through the command-line interface of PowerShell or run custom scripts to fully automate operation of Veeam
Backup & Replication.

Takes the workload off the Backup Server processing jobs. Retrieves VM data from the production storage, compressing and
sending it to the backup repository.
Configuration modes
SAN mode a machine used as a backup proxy should have
direct access to the storage on which VMs reside or the storage where VM data is written. This way, the backup proxy will
retrieve data directly from the datastore, bypassing LAN.

Cloud
gateway

SSL

Backup
repository

SSL

WAN

Veeam
Backup server
Cloud repositories

1
2
3

Unencrypted
data

Network mode can be assigned to a machine on the network closer to the source or the target storage with which the
proxy will be working. In this case, VM data is being transported over LAN using NBD protocol.

Encrypted
data

Veeam Installer Service is an auxiliary that is installed and

started on any Windows server once it is added to the list of
managed servers in the Veeam Backup & Replication console.
This analyses the system, installs and upgrades necessary
components.

Veeam Transport is responsible for deploying and coordinating executable modules that act as data movers and perform
main job activities on behalf of Veeam Backup & Replication
such as communicating with VMware Tools, copying VM files,
performing data deduplication and compression and so on.

Windows server with local

or direct attached storage
The storage can be:
Local disk
Direct attached disk-based storage
iSCSI SAN LUN
Fibre Channel SAN LUN

Veeam Backup Enterprise Manager is a management and reporting component that allows to manage multiple Veeam Backup &
Replication installations from a single web console.

Linux Server with local, direct

attached storage or mounted NFS
The storage can be:
Local disk
Direct attached disk-based storage
NFS share
iSCSI SAN LUN
Fibre Channel SAN LUN

Veeam Backup
Enterprise Manager

SSL

Tape media

WAN
accelerator
(optional)

Secret key

Services
The following light-weight components are installed:

Backup Enterprise Manager

Deduplicating storage appliance

EMC Data Domain
ExaGrid
HP StoreOnce

Service provider
Customers

HotAdd mode the backup proxy can be a VM with HotAdd

access to VM disks on the datastore. This type of proxy also
enables LAN-free data transfer.

Backup Repository

CIFS (SMB) share

SMB share does not support Veeam transport services, therefore
data to the SMB share is written from a Windows-based proxy
server. By default, this role is performed by a backup proxy that is
utilized by the job for data transport.

In Veeam Backup & Replication, encryption works at the job

level and can be enabled for the following types of jobs:

Backup jobs

Backup copy jobs

Tape jobs: Backup to tape jobs and file to tape jobs
VeeamZIP

Veeam Backup & Replication does not offer its own cloud
for storing VM data. Instead, it uses service providers storage
resources to configure cloud repositories storage locations
in the cloud. Users who want to store their data in the cloud
can connect to the SP and write their VM backups to cloud
repositories.

Veeam Backup & Replication uses the block cypher encryption

algorithm. Encryption works at the source side (unless admin
runs a backup copy job via WAN accelerators). Veeam Backup
& Replication reads VMs or file data, encodes data blocks, transfers them to the target side in the encrypted format and stores
the data to a file on the repository or archives the data to tape.
Data decryption is also performed on the source side: Veeam
Backup & Replication transfers encrypted data back to the
source and decrypts it there. Beside the job-level encryption,
Veeam Backup & Replication allows to encrypt network traffic
going between the primary site and the disaster recovery site.
For network traffic encryption, Veeam Backup & Replication
uses the 256-bit Advanced Encryption Standard (AES).

Veeam Explorers

WAN
accelerator
(optional)

Backup
repository

Veeam Backup & Replication

Creates a storage abstraction layer and virtually
partitions storage resources of a cloud repository;
Establishes a secure channel to transfer VM data
to and from the cloud repository;
Offers data encryption capabilities to protect
users data at rest.
Users can perform the following operations:
1. Back up VMs to the cloud repository;
2. Copy VM backup files to the cloud repository;
3. Restore VM data from the cloud repository;
4. Perform file copy operations between
the users side and the cloud repository.

Virtual Lab

Physical or virtual machine

Veeam
Backup Server

Staging Microsoft
SQL Server
Backup of Microsoft
SQL server

VM replica snapshots
VM replicas
Backup
repository

Veeam
Backup Server

Veeam Explorer
for Microsoft SQL Server

Target Microsoft
SQL Server

Veeam Explorer for Microsoft SQL Server

Veeam
Backup Server

Veeam
Backup Server

In the case of distributed backup infrastructure when a number

of Veeam Backup & Replication instances are installed on different
servers, Veeam Backup Enterprise Manager acts as a single
management point, allowing to perform backup and replication
jobs across the entire backup infrastructure and providing enhanced reporting options.
With Veeam Backup Enterprise Manager, backup administrator can:
Manage jobs across a number of Veeam Backup Servers;
View on-going reporting data for all jobs;
Receive email notifications about the status of all jobs;
Search for VMs and guest OS files (Windows, Linux)
in current and archived backups;
Perform web-based recovery operations;
Centrally monitor license usage and update them.

Veeam enables the virtualization of the four largest Tier-1 infrastructure applications: SQL, AD, Exchange, and SharePoint. The
Veeam Explorers give administrators more powerful tools and
better options for handling the challenges of data protection and
recovery. They can restore items within their backup files to their
running virtual machines and perform granular export for any
needs. Each Veeam Explorer supports a corresponding database:
.MDF Database from SharePoint, .DIT DB from Active Directory,
.EDB DB from Exchange and .MDF Database from SQL Server.
Typical process on how Veeam Explorer works:

The backup administrator uses Veeam Backup & Replication

restore options to extract a database file from the Servers
backup file through mounting it to the Veeam backup server;
Veeam Explorer obtains specific server hierarchy information
(instances and databases) and presents it to the user in a
native interface.
Explorer facilitates browsing, search and provides users with
all available restore options (entire restore, granular object
restore, export sought-for information into required format).

ESX(i) host

Virtual lab

In most cases, a VM works in cooperation with other services and

components. To verify such a VM, Veeam Backup & Replication uses
the notion of application group. Typically, the application group
contains at least a domain controller, DNS server and DHCP server.
In the virtual lab, Veeam Backup & Replication starts a verified VM
and VMs from the application group. A virtual lab does not require
provisioning of additional resources. It can be deployed on the
existing ESX(i) host in a virtual environment. The virtual lab is fully
fenced off from the production environment. The network
configuration in the virtual lab mirrors the network configuration
of the production environment.
The SureBackup job aggregates all settings and policies of a recovery verification task such as application groups and virtual labs, VM
backups that should be verified in the virtual lab and so on.
To ensure that the VM replica is functioning properly, Veeam Backup & Replication performs SureReplicaautomatically booting the
VM replica to the necessary restore point in the isolated environment. It then performs tests against it, powers the VM replica off
and creates a report on the VM replica state.