Product Review

by Jason Boche, VCDX #34

Veeam Backup
& Replication v5

Executive Summary
The datacenter is among a companys most sacred resources. Sophisticated
server and network equipment, along with software, vastly improves
efficiency and scalability in just about any business vertical, eliminating
manual processes that existed decades ago. . .
Regardless of what goes on in todays datacenter, that data is one of
a companys most valuable assets. This data must be protected and
readily available if the business wishes to remain in business. . . . In the
simplest terms, this means a reliable backup of the data should exist
somewhere that can be used to recover in a timely manner. It is at this
point where data protection goals should be outlined. Because there are
so many intrinsic variables that provide input into a comprehensive data
protection strategy, there is no one design fits all package. However, by
leveraging some of the attributes of a VMware virtualized datacenter,
Veeam Backup & Replication v5 offers multiple data protection solutions
in a single SKU that will scale to the needs of many environments in any
business vertical.

Data Protection
for Virtualized Environments
Traditional methods of backing up data on physical servers and arrays worked well
enough with smaller data sets and for the short term. However, several issues began to
surface as industry and technology evolved and businesses and customer expectations
grew. Data sets were growing rapidly with the success of collaboration tools such as
email messaging, file servers, and databases. Wear and tear of tape and mechanical
devices revealed situations where data could no longer be restored from a tape that had
gone bad. Aging and failure of tape drives resulted in tech refresh, which ushered in
new tape drive technology into the datacenter that wasnt compatible with the existing
tape rotation. While data continued to grow, customers continued to demand less
down time and quicker recovery time. Progressive business growth and expansion
increased the number of servers that had to be backed up and restored in a shrinking
window. Last but not least, regulatory guidelines were instituted for industries including
banking, government, and healthcare that impact requirements for data availability,
protection, and retention.
The adoption and success of virtualization in the datacenter introduce opportunities
that can address some of the complexities of data protection mentioned previously.
Virtual servers dont need to follow a lengthy and difficult rebuild process. Rather,
they can be restored from a point in time image level backup. Virtual servers operate
on top of standardized virtual hardware eliminating the risks and headaches of trying
to restore a server on a different hardware platform type. Encapsulated virtual server
images are portable, which adds flexibility to recovery options. Best of breed virtual
backup solutions are agentless, which eliminates backup failures as a result of agent
problems. Purchasing individual backup agents for each protected asset on the network
can add up quickly. Choosing an agentless architecture has an opportunity to be less
expensive. Most virtualized environments are going to be back ended by shared storage,
which presents opportunities for data replication and geographic data protection. The
virtualization standard has encouraged new backup products from several vendors that
are tailored for virtualized environments. Extensible data protection APIs (application
programming interfaces) are exposed by the hypervisor that track changed blocks
that need to be backed up versus unchanged blocks that dont need to be backed up
repeatedly. This enables an efficient transfer of backed up data to other disk resources.

Options
There are a few approaches to choose from for protecting data in a virtualized
environment. The approaches are stackable meaning they can be combined to provide
better protection. The user experience is a critical factor in evaluating data protection
solutions.
Any time that current data is unavailable can be considered a form of down time on
some scale. When down time occurs, recovery is measured primarily by two metrics:
Recovery Time Objective (RTO) and Recovery Point Objective (RPO). RTO is the
amount of elapsed time allowed by the business or an SLA to recover data. RPO is the
point in time to which data must be recovered. Like RTO, RPO is also negotiated with
the business and is formally considered an SLA. The organization might define one or
the other but will most likely define both. The obvious benefit of addressing both is
restricting down time as much as possible. What might not be so obvious is that RTO
and RPO are competing priorities. Fine tuning both to accommodate the business in
the best possible way will always lead to exponentially higher data protection costs.
And of course, cost should also be a factor in the decision on which backup solution
or combination of solutions to choose. Lets take a look at some of the approaches to
choose from for protecting data in a virtualized environment.

The File Level Approach

This is the tried and true backup methodology used for many years prior to
virtualization. Backup software is installed on one or more backup servers. Agents are
installed inside each virtual machine (VM), and each VM is backed up remotely by the
backup server on a file level basis.

Pros

Historically familiar and proven

Useful for day to day restores (RPO advantage)
Traditional backup types can be performed such as full, differential, and
incremental
Index/catalog of protected files for search/version comparison capability

Cons

Per agent cost

OS platform support for agent installation
Overhead of agent resource utilization in guest OS
Agent issues cause backup slowness or failures
Doesnt lend itself well to disaster recovery (RTO disadvantage)

The Image Level Approach

This is a unique method of backup enabled by the encapsulated nature of VMs. Each
virtual disk tied to the VM is backed up as a single file, along with the VM configuration
itself.

Pros

No backup agent cost or dependency

Guest OS type is abstracted from backup; maximum OS compatibility
Leverages purpose built host resources for backup processing, not guest VM
Lends itself well to disaster recovery (RTO advantage)

Cons

Inconsistent offering of indexes or catalogues of protected files for search/version

comparison capability
Can have an RPO disadvantage for day to day restores
Restore may be complicated, even for file-level objects

The Storage Solution Approach

This traditionally enterprise storage-based method of data protection isnt new.

However, vendors have taken the data replication concept and mixed in the benefits that
virtualization brings to the table to come up with hybrid solutions. Virtual machine data
is replicated from point A to point B. In the event of a disaster at point A, services can
be brought back online using the replica at point B.

Pros

No backup agent cost or dependency

Guest OS type is abstracted from backup; maximum OS compatibility
Leverages purpose built infrastructure resources for replication, not guest VM
Lends itself well to disaster recovery (RTO advantage)
Offers continuous data protection (RPO advantage)
Moves large amounts of data well

Cons

Traditionally requires expensive replication software

Requires double the costly storage for replica data
Requires specific storage configuration
Sites separated by distance require adequate circuit for replica data transmission
No index/catalog of protected files for search/version comparison capability
Lack of application-aware consistency features
Doesnt lend itself well to day to day restores (RPO disadvantage)
Lack of full, differential, or incremental backup choice

The Veeam Solution

Veeam was founded in 2006, a time when virtualized backup solutions had already started
being established and making a name for themselves. Veeam Backup & Replication v5
was released in 2010 and is a disaster recovery solution for VMware infrastructure that
consolidates backup, replication, as well as file level recovery in one product. Whereas
replication is often tied to enterprise storage, which can be a costly endeavor, Veeam bakes it
into its flagship backup software offering an affordable replication solution for businesses of
all sizes.
The Veeam Backup & Replication architecture is the key to its power and flexibility. There
are multiple components, some of which are mandatory and provide core functionality,
and some that are optional based on the business or deployment need. Components can be
consolidated onto a single server, and some can be distributed among multiple servers for a
tiered and more scalable approach. All components, core and optional, are included in the
base Veeam Backup & Replication package.
The Veeam Backup Server is a Microsoft Windows based core component and fills several
roles including:
Shell - This is the main user interface or GUI used to control the application.
Backup Service - This is a Windows service installed on the backup server that
coordinates jobs.
Manager - This is a background process on the backup server activated for each job that
controls agents on both source and target hosts.
vPower NFS - This is a purpose built NFS server used for SureBackup Recovery
Verification, Instant VM Recovery, and U-AIR.
Guest File System Catalog - This is a searchable index of protected files within the guest
VM operating system.
PowerShell snap-in (optional) - Unleash the utility of PowerShell combined with custom
Veeam cmdlets to automate backup and replication tasks.
U-AIR wizards - These are used for object or item level restores from any application
running on a VM such as Microsoft Active Directory or Exchange.
Veeam Backup & Replication communicates with ESX(i) hosts via agents to process various
jobs. These non-persistent agents are controlled by the Veeam Manager, which is a core
backup server component. ESX(i) hosts are independent from the Windows based backup
server. These agents differ from in-guest backup agents in that there is no need to license,
manage or deploy them.
Job history and other relevant data is stored in a Microsoft SQL Server database. SQL Server
can be integrated on the backup server itself, or maintained remotely for a more robust tiered
approach. Microsoft SQL Server 2005 Express Edition conveniently ships with Veeam Backup
& Replication if no existing SQL Server options exist.
The Veeam Backup Enterprise Manager is an optional component that federates or provides
single pane of glass management of multiple or distributed Veeam Backup Servers through a
web browser interface. Larger environments with more than one backup server will quickly
realize the value this component offers towards scalability. The Backup Enterprise Manager
also includes the Indexing Service, which is responsible for replicating and consolidating job
catalogs, in addition to integration with Microsoft Search Server.

Last but not least, the Veeam Backup Search Server Integration Service is installed on an
optionally deployed Microsoft Search Server. The Search Server invokes updates of index
databases and also satisfies custom search queries and filters from the Veeam Backup
Enterprise Manager.
One of the challenges of any data protection solution is the validation of the protected data.
This was predominantly a problem with failure prone tape media and tolerance calibration
issues with tape drives. Businesses and datacenter administrators rested easy knowing their
data was safe on tape backup. However, in too many cases, it was a false sense of security.
When it came time to restore data in the event of file or disaster recovery exercises, it was
suddenly discovered that the data could not be recovered at the most inopportune time.
This wasnt always a tape related problem, either. It can be a process or documentation issue
as well. At a minimum this is a time consuming annoyance. On the other hand, it could
quickly lead to a failure to fulfill customer or contractual obligations. New in Veeam Backup
& Replication v5 is Veeams patent-pending SureBackup Recovery Verification. With this
new vPower technology, protected data and its recovery can be verified automatically
not through checksums or hashes, but literally by restoring applications and associated
data in an isolated sandbox and then powering on the environment proving that its
intact. Custom scripts can be run against the environment for further assurance. Once the
validation is complete, the environment is torn down as quickly as it was instantiated and
again is all automated. What sets this approach apart from other solutions is that its not
just a traditional file restore process. Rather, through integration with the virtualization
framework, entire servers, files, or application objects can be validated and/or recovered
through a simple wizard driven interface. Whats even better is that recovering large amounts
of data doesnt have to take a long time as it once did. Veeams Instant VM Recovery, another
vPower technology new in Backup & Replication v5, leverages disk-based backups to run a
live VM or tiered application. The comparison often made is to that of a spare tire. The spare
tire is a known good, it mounts quickly and easily, and it will get you to your destination,
bailing you out of a potentially bad situation.
Veeams scalability is enabled by its award
winning architecture. As the virtual
infrastructure and number of virtual assets
that need to be protected grows, Veeams
modular approach allows additional backup
servers and other components to be integrated
into the solution. The Backup Enterprise
Manager provides centralized management for
distributed backup servers or geographically
dispersed datacenters. Integration with
VMware vSphere Changed Block Tracking
and vStorage APIs for Data Protection reduces
valuable ESX(i) host resource utilization and
the overall time required to process backup
jobs. In larger environments with shrinking backup windows and near-continuous data
protection requirements, these scalability touch points are essential on many levels: reliable
protection, performance, and efficiency to name a few. Multi-threading improvements in the
code assure that each processor on the backup server will be utilized for maximum backup
and inline data deduplication and compression throughput.

Backup
Veeam Backup & Replication v5 employs a couple of tactical approaches to backing up
data. One is the reversed incremental backup (RIB). In the RIB method, a full backup is
first performed and written to a full backup .vbk file. All backups that follow the full are
incremental backups. Changed data from the incremental backups is injected into the
initial full backup .vbk file. The result is that the full backup .vbk file is always up to date
with the most current backed up data. A reversed incremental backup file is also created
with the .vrb extension. The RIB method performs forever-incremental backups. Veeam
recommends RIB for disk-based backup. The reason for this is that RIB conserves disk
space. It achieves this by storing only a single instance of a full backup rather than a
series of regularly scheduled full backups that would result in significantly larger disk
usage. Data retention policy is supported by the reversed incremental backup .vrb files.
A number of .vrb files will be retained, and as each .vrb file extends beyond the data
retention policy, it is considered expired and is deleted.
The other backup type is the incremental backup (IB). Again, the first backup will be
a full backup written to the .vbk file. Subsequent backups are incremental backups,
which are saved to an incremental backup .vib file. The IB method is recommended for
disk-to-disk-to-tape where tapes are stored offsite to satisfy internal disaster recovery
or regulatory requirements. The reasoning behind this is that only daily changed data
needs to be stored offsite and the quickest way to achieve that is by writing the smaller
incremental backups to disk and then ultimately to tape. When using the IB method,
Veeam Backup & Replication v5 can automate the creation of synthetic full backups on
any day you choose. This combines the incremental features of the IB method with the
RIB method that provides the fastest recovery time (best RTO) to the most current data
(best RPO).
Both backup methods offer adjustable rates of inline data deduplication and
compression to make the best use of storage (both disk and tape), to reduce elapsed
backup and restore time, and to optimize the size of data with respect to available local,
LAN, or WAN bandwidth. Data deduplication eliminates the redundant storage of
duplicate blocks as well as empty or 0 byte blocks, commonly referred to as white space
on disk or zero page reclaim.
Compression stacks with deduplication by further reducing the size of data stored on
disk (and optionally tape). Deduplication and compression both rely on the backup
server processor performance. One caution to observe with compression is that where
it saves on storage and network bandwidth utilization, it costs extra CPU cycles on
the backup server and can ultimately increase backup time. The quantity and speed of
processor cores improve deduplication and compression, as well as reduce backup time
when these multi-threaded technologies are enabled. Augment increased compression
levels with faster processor architectures and bump up the core count.
One of the caveats inherent to image level backups early on is that they were point in
time backups of crash consistent data. Image level backups did not lend themselves
well to IO that was in flight at the point of backup. Improvements have been made
with efforts from multiple vendors. VMware Tools has the ability to quiesce the guest
operating system, ensuring all writes are committed to disk before the point in time
backup is performed. Microsoft offers integrated Volume Shadow Copy Service (VSS)

technology in its Windows operating systems, which is exposed to 3rd party backup
vendors to accomplish the same task of quiescing the operating system in addition to
applications. Veeam Backup & Replication v5 not only supports quiescing to provide
file or application consistent backups, it supports both integration methods previously
described.
Either of the previously discussed backup methods enables the use of another one of
Veeams new features called U-AIR or Universal Application-Item Recovery. U-AIR
extends the power of Veeams solution by recovering data at the application object level.
For instance, how convenient would it be to be able to restore an item from Microsoft
Active Directory such as a user, group, or maybe a Microsoft Exchange mailbox, but
without extra overhead work? U-AIR is highly durable as it is easy to maintain and
will work seamlessly with new applications or future upgrades. This feature can also
be combined with SureBackup Recovery Verification to automate the validation of
application objects protected by Veeam.
Lastly, both backup methods take advantage of VMware vSphere Changed Block
Tracking (CBT). This gives Veeam fast-tracked information on which blocks of data
have changed, meaning they need to be backed up, and which have not and can be
safely skipped. This has been in Veeam since version 4. CBT is an exposed VMware
vStorage API for Data Protection that empowers VMware and 3rd party backup
vendors to perform backups quicker.

Replication
Early on I talked about different data protection options. The last option in the list
to cover is replication. Most often, replication of data from storage location A to
storage location B requires compatible storage types on either end, storage replication
software from an array vendor, or 3rd party replication software such as Double-Take.
Storage replication can be historically both complicated and expensive given the array
dependencies. Veeam Backup & Replication v5 integrates with VMware vSphere,
abstracts the traditionally costly array dependencies, and bundles replication into its
flagship data protection product at no additional cost. Replication is performed at the
VM level and can be accomplished between any network connected vSphere hosts
having like or different storage. What this means is that data can be replicated from a
fibre channel datastore to an NFS datastore, or from NFS to iSCSI. EMC to NetApp.
NetApp to Hitachi, Hitachi to StarWind, etc. The value of hardware, protocol, and even
storage vendor abstraction quickly makes architectural and budget sense by providing a
tremendous amount of flexibility in the product.
You probably wont be using replication as an efficient means to perform day to day file
or application object restores. With that in mind, replication shouldnt be thought of as
a backup and restore methodology replacement. Rather, replication is a complement
to traditional backup and restore that lends itself to disaster recovery by reducing both
RPO and RTO.
Veeam offers asynchronous and near-continuous data protection (near CDP). Veeam
replication jobs are created and scheduled in the same familiar Veeam Backup &
Replication v5 interface much like backup jobs are. Instead of choosing a backup
method, an alternate remote host and datastore are identified as the replication target
for a protected VM or container of VMs. Lastly, the job schedule is chosen, which

dictates the frequency of the replication, which can be anywhere from a single instance
to a job that runs back to back continuously (this is near CDP). It is important to note
that this is not a synchronous replication solution that will queue transactions and
provide true CDP. For that you should consult your storage or application vendor.
Restoring from a replicated VM is image level recovery, usually at a remote site, as it
is with other replication solutions. One advantage Veeam replication has is that it can
integrate its quiescing hooks into replication jobs to produce application consistent
recovery images. Another is its use of VMwares Changed Block Tracking in replication
jobs to reduce bandwidth consumption and provide the most optimal RPO.

Whats missing?
As feature rich as Veeams solution is, what could it possibly be missing that customers
might want? One item comes to mind: Data protection for physical assets. Veeam
does an outstanding job protecting VMs. However, the majority of datacenters across
the globe are not 100% virtualized. Businesses still have a need to provide coverage
for rack mount, blade, and white box servers. In some organizations, client endpoint
protection is also required. Today, Veeam does not offer backup, restore, or replication
for physical machines. A complementary backup solution from Symantec, CommVault,
or other vendor is needed, which requires that customers work with multiple backup
vendors to achieve a platform agnostic level of data protection. Most traditional backup
solutions are agent based, which pulls in associated disadvantages. A unified solution
from a single vendor has advantages in product and feature integration, as well as a
single point of contact. The number of assets that are not virtualization candidates is
slowly diminishing. But until that gap is eliminated completely and datacenters are
100% virtualized, organizations will continue to deal with physical machine backup.
This is an untapped opportunity that I think customers are waiting for Veeam to take
advantage of. I cant reliably speak on behalf of all customers but I can speak for myself.
After running Veeam in my lab for several months, backup of physical servers and
workstations is where improvement is needed.

10

Summary

Veeam has staked a solid claim in the data protection for the virtualized
datacenter space. Veeam Backup & Replication v5 consolidates
various backup, restore, and replication protection options in a single
package. Integration with VMware vSphere CBT and vStorage APIs
for Data Protection leverages purpose built hypervisor functionality
for maximum efficiency and performance. The innovative and awardwinning features Veeam showcases in v5 represent clear leadership
and demonstrate a strong commitment to virtualized data protection.
Whether you are actively seeking a data protection solution or you
already have one, you owe it to your business and to yourself to give
Veeam Backup & Replication v5 a try to see how it compares.

11

About The Author

Jason Boche is an IT industry veteran, a VMware
Virtualization Evangelist, and a blogger with nearly 15
years of professional experience. Boche maintains a top-10
VMware blog at boche.net, has twice been named a VMware
vExpert, is the Minneapolis Area VMware User Group Leader,
is a frequent VMware/VMTN Communities Roundtable
podcaster, and is a contributor/moderator at the VMware
VMTN Communities as well as the Petri IT Knowledgebase.
Boche holds the following technical certifications: VCDX3
(#34), VCDX4, VCAP4-DCA (#14), VCAP4-DCD (#35),
VCPx3, MCSEx3, MCSAx2, MCP, CCAx2, A+.

About the Sponsor

Veeam Software, an Elite VMware Technology Alliance partner, develops innovative

products for virtual infrastructure management and data protection. Customers
can reduce costs, minimize risks, and fully realize the promise of virtualization with
Veeam.
Veeam is an international company with North American headquarters in
Columbus, Ohio USA; European headquarters in Reading, Berkshire UK; and APAC
headquarters in Sydney, Australia. Veeam has more than 16,000 customers worldwide
and is currently adding new customers at the rate of 700 per month. The companys
free FastSCP tool is used by more than 150,000 VMware professionals, making it the
most widely used tool to help manage VMware.
The company was founded in 2006 by the team previously behind Aelita Software,
well known for its Windows Server management solutions. In 2008, Veeam acquired
nworks, adding solutions that bridge the gap between VMware and enterprise
management systems from Microsoft and HP.
Veeam is rapidly expanding its presence and its partner network around the world
and will continue to offer innovative and practical solutions to help IT professionals
better manage their virtual infrastructure. Today the company focuses on managing
VMware, but as customer requirements grow, Veeam will support other virtual
environments.

12