@Veeam #V7’s Killer Feature

/ seanpmassey

Of all the features that have been added to the latest version of Veeam, there is one that really stands out as the killer feature.  This feature is available in all of the licensed versions of Veeam, and there are no restrictions on the base functionality.  This feature wasn’t widely heralded from what I can tell.

That feature, in my opinion, is the Backup Copy Job.  As I mentioned in my last post, I wanted to dedicate a little more time to this feature.

But I have a confession to make.  I want to make it clear that I don’t know what features are in Commvault, NetVault, Symantec, Avamar or other backup solutions.  Similar features probably do exist.  I do know that other software vendors have had GFS rotation for a long time, but I don’t know enough to say how it ties in with their virtualization backup or their offsite capabilites.  I also just want to focus on Veeam’s implementation.

So why am I making a big deal out of this if I think other vendors may have this capability?  Because this is what a lot of customers have been asking for for a long time.

In previous versions of Veeam, you couldn’t do any sort of backup rotation.  Well, that’s not entirely true.  It would be more accurate to say that there wasn’t any built-in functionality for doing GSF rotation, and their support forums have a number of hacks that add this capability by using PowerShell or recommending multiple backup jobs on varying schedules to handle this.

By setting up GFS rotation and building it into a new method for utilizing offsite storage, Veeam has built a powerful tool for backing up virtual environments and ensuring that your data is safely protected offsite without having to break the bank on expensive backup storage.

First Thoughts on @Veeam #V7

/ seanpmassey

Veeam released the latest version of their backup software a week ago on August 15th.  I’ve been looking forward to this release as they’ve included some features that many customers have wanted for some time such as:

  • Grandfather-Father-Son backup rotation as part of a Backup Copy Job to secondary storage
  • Export Backups to Tape
  • vSphere Web Client Plugin
  • Built-In WAN Acceleration

The full list of enhancements and features can be found here.

$Work uses Veeam as the primary backup solution, so I set up a test environment to try out some of these new features before upgrading.  $Work is only licensed for the Standard Edition, and while the evaluation license is for the Enterprise Plus feature set, I will only be testing what I can use in my production environment.  So unfortunately, I won’t be trying out the WAN Acceleration feature or U-AIR.

First Thoughts

Installation of V7 and setting up jobs was a breeze.  There were a few small changes to the process compared to previous versions, like having to set up credentials to access VCenter and Windows servers in a credential vault, but those changes were relatively minor and saved time later.  In previous versions, I would have to go into my password vault each time I wanted to create a backup job that included windows servers.  This takes care of that.

Not much has changed with setting up new backup jobs.  They have added a screen for setting up a secondary storage site and backup rotation, which makes it easy to add backup jobs to a backup copy job if you already have one set up.  One of the best changes on various jobs screens, in my opinion, is that the backup job statistics screen is now accessible on the main screen just by selecting a backup job.  It is no longer buried in a context meu.

Previous versions of Veeam backed up servers sequentially if there was more than one server per backup job.  That’s changed in this edition.  Veeam will now backup multiple servers per job in parallel.  This will cut down backup times significantly.  This option isn’t enabled if you are upgrading from a previous version, but it can easily be enabled by going into the options menu.

I really like the Backup Copy job option.  There is a lot to this feature, and I want to dedicate more time to it in a separate post.

The timing of this release is very good.  We are a Veeam customer at $work, and we’ve just started to reevaluate our disaster recovery plan and capabilities.  Some of these features, especially the exporting backups to tape and GFS rotation, are capabilities that we wanted to get.  We currently back up directly to an offsite repository, so the backup copy job feature may be one of the best additions to this product.

My VMworld Schedule

/ seanpmassey

I’ll be attending my first VMworld at the end of the month.  My schedule focuses mainly on three areas:  Automation (PowerCLI and Puppet), VMware View, and networking.

Monday

VSVC4944  —  PowerCLI Best Practices – A Deep Dive 11:00 AM

NET1000-GD  —  vSphere Distributed Switch with Vyenkatesh Deshpande 12:30 PM

VAPP5613  —  Successfully Virtualize Microsoft Exchange Server 2:00 PM

VCM7369-S  —  Uncovering the Hidden Truth in Log Data With vCenter Log Insight 3:30 PM

Tuesday

SEC5755  —  VMware NSX with Next-Generation Security by Palo Alto Networks 11:00 AM

EUC4764  —  What’s New and Next for VMware Horizon View 1:00 PM

EUC5434  —  Enterprise Architecture Design for VMware Horizon View 5.2 2:30 PM

BCO5362  —  Veeam Backup & Replication v7 Deep Dive 4:00 PM

VCM5271  —  VMware and Puppet: How to Plan, Deploy & Manage Modern Applications 5:30 PM

Wednesday

VSVC5931  —  PowerCLI What’s New? Administrating with the CLI Was Never Easier 8:00 AM

EUC5249  —  PCoIP: Sizing For Success 10:00 AM

VSVC5511  —  Deploying vSphere with OpenStack: What It Means to Your Cloud Environment 11:00 AM

VAPP5932  —  Virtualizing Highly Available SQL Servers 12:30 PM

EUC4629  —  ThinApp 101 and what’s new in ThinApp next version 2:30 PM

EUC1006-GD  —  View with Andre Leibovici 4:00 PM

 

I don’t have any Thursday sessions on my schedule.  I have two good reasons for this.  The first is that the few sessions that I wanted to attend were already full.  The other reason is that I plan on sitting for the VCP on Thursday morning.  I plan to spend whatever time I have left after that talking to vendors or visiting a friend in San Diego.

Looking for a Better Social Media Client

/ seanpmassey

I’m looking for a better social media client for keeping up on Twitter and Facebook. Since Apple does not allow home screen widgets in iOS, I would like to find an app that allows me to easily keep up with both networks on the go. I’m looking for the following features in a new client:

  • Support for both twitter and Facebook from within a single application
  • Support for the built-in twitter and Facebook accounts
  • Ability to post to either network from within other apps like Safari

 

Newsblur…or How I’ll Survive The Google Reader Apocalypse

/ seanpmassey

In case you haven’t heard, Google announced that they would be ending their Google Reader feed aggregation service on July 1st.  As many other users of the Google Reader service have done by now, I started to look for alternatives to keep track of the 150+ blogs that I follow.

The Reader service is, at least until July 1st, a convenient way to keep track of multiple blogs across multiple devices.  Any replacement for Google Reader would need to be usable on my iPad, my phone, and from a web browser.  A native app or a good mobile website, two things that Google Reader lacked, would be a definite plus.  Google Reader did have a mobile website, but I considered it unusable.  And while there was a nice ecosystem of mobile apps that sprung up around the Google Reader API, none of the ones that I came across were developed by Google. 

One of my other requirements for a replacement is something that I do not have to host myself.  While there options like Tiny Tiny RSS are a valid replacement option, I don’t want to have to host or manage it myself.

A few blogs had some recommendations for possible Google Reader replacements, and the one that stood out was a program called Newsblur.  Newsblur is an online RSS aggregator with a nice web interface and iOS and Android apps.

It is also open source.

After looking at Newsblur, I decided that this was my Google Reader replacement and bought a premium subscription.  A free subscription option does exist, but you are limited to 12 feeds.

Why I like Newsblur

There are a few things that I really like about Newsblur.  I like that it has several styles for consuming blog content.  If you prefer a “river of news” style, that is an option.  If you prefer to select and read each post individually, you can select each post.  There is also an option to bring in the full text of a blog post on those that only provide a snippet similar to the readability app on the iPad.

One of the other things that I really like about Newsblur is the iPad app.  The iPad app’s interface is very similar to the web interface with one nice feature added in -the ability to quickly move between articles and having them marked as read by swiping to the left or right.  This is nice when dealing with some blogs like Ezra Klein’s Wonkblog or Hack-a-Day that post extremely frequently.

What I don’t like

One of the major drawbacks of Newsblur right now is performance.  This has improved significantly has they have been adding capacity to handle the flocks of people leaving Google Reader, but there are still periods where the mobile app loads slowly or throws up time-out errors.  I expect that these will be resolved soon.

I’ve also had some issues with sharing an article directly to Facebook from the iPad.  In order to work around this, I have to open the blog post in Safari and then share it from there.  This might be an issue with the Facebook app and not with River of News.

Happy New Year

/ seanpmassey

Happy New Year!

I’m not one for resolutions, so i won’t be writing a post on what I resolve to do this year. But I have some exciting stuff that I’m working on for 2013 such as:

  • An article on how I automated user account creation using PowerShell.
  • Some original science fiction that I’ve been kicking around in my head.
  • Some book and/or application reviews
  • No politics. My Facebook friends might appreciate this.

Now to start the year off right, here is this amazing bit of astrophotography courtesy of Phil Plait at the Bad Astronomy blog at Slate.

 

Notes from the Field

/ seanpmassey

Remember to Update your CRLs (if you have an Offline Root CA)

I had an interesting issue crop up two weeks ago in my VMware View environment –  it basically stopped accepting all the certificates from my internal CA as valid.  The logs showed that they were failing on a revocation check, and I had to disable revocation checking on both of my connection brokers after opening a case with VMware.  View 5.1 requires valid certificates on the connection brokers and VCenter, and if those certificates expire, are revoked, or are unable to be checked against a revocation list, the system will choke on them.

A similar issue reared its ugly head on my Exchange Server today when I had to replace an expiring certificate.  I received a similar error in my Exchange 2010 Management Console, and a little digging led me to some tips to better troubleshoot this issue.  It turns out that the issue was an expired revocation from my Offline Root CA, which has been…well…offline for a while, that needed to be updated. Once I updated the list and copied it to the distribution point, all of the issues I was having cleared up.

The tips in this post helped greatly when troubleshooting this issue: http://social.technet.microsoft.com/Forums/en-US/winserversecurity/thread/348a9b8d-8583-488c-9a96-42b892c4ae77/

Windows Server 8–Installation and First Impressions

/ seanpmassey / 1 Comment

The long awaited (at least by this IT guy) public beta for Microsoft’s next generation server operating system, Windows Server “8” was released on Leap Day.  A previous development release was available to MSDN subscribers in September 2011, but this will be the first opportunity for a lot of IT professionals to jump in and take a look.

Downloading

The Windows Server “8” beta can be downloaded from Microsoft’s TechNet site in ISO and VHD format.  A Live ID is required to access the beta downloads.  Like Windows Server 2008 R2, it only comes in a 64-bit edition, so you will need access to 64-bit hardware to try it out.

Installing

Windows Server “8,” like the Windows 8 consumer preview, will run on VMware’s ESXi.  However, before you can install it in ESXi 5, you will need to install patch ESXi500-201112001 from the VMware patch repository.  (You can install the patch by following these directions.)
Once you have the patch installed, you will need to choose either a Windows 7 or a Server 2008 R2 as the operating system type when setting up the VM in ESXi.
If you’ve installed Windows Server or Windows 7 before, you won’t see any major changes or surprises in this installation program.  The same basic graphical installer is used from previous versions of Windows.

User InterfacE

The first thing you’ll notice about Windows Server 8 is that the Server Manager from previous versions of Windows Server has evolved and replaced the old Server Manager console with a new Server Manager dashboard.  This new interface can act as a single pane of glass for managing the local server as well as any remote servers (although older versions of Windows will need to install the Management WTR tool in order to be managed).

The Server Manager Dashboard in Windows Server 8. (Click to enlarge)
The Start Menu on Windows Server 8 uses the Metro Interface that is found on consumer Windows 8 operating system.  While this is a significant change, I find it to be an improvement.  I like it because it allows access to all of the tools for applications on the server without having to dig through various menus to find them.

The Metro-style Start Menu in Windows Server 8.  (Click to Enlarge)
The color scheme on the UI looks to be a pleasant light-blue color.

New Features

According to Microsoft, there are hundreds of new features in Windows Server 8.  Some of these features are listed on the Windows Server 8 Technet page.  A brief summary of some of the more popular features that are found on the Technet page or in the technology press are:

  • Built-in NIC Teaming:  No need to use 3rd-party tools to team network cards.
  • Significant Improvements to Hyper-V:  Storage VMotion Live Migration, multiple migrations at one, using SMB shares for VM storage, and the ability to do live migrations without having to setup a failover cluster.
  • PowerShell 3.0 and PowerShell Intellisense
  • Virtualization-Safe Domain Controllers:  When on supported hypervisors, Domain Controllers will be able to better detect and heal USN Rollback as well as supporting Domain Controller cloning.
  • File Storage Deduplication
  • IP Address Management:  IPAM is now a feature that one can install on Windows Server.
  • AD Recycle Bin GUI:  There is now a graphical interface for the AD Recycle Bin, which makes recovering accidentally deleted objects easier.
  • Server Core GUI:  Server Core is now the default install mode for Windows Server, and it includes an optional GUI that can be toggled off and on as needed.

Conclusion

A few years ago, Server 2008 was a huge (and arguably disruptive) change for Windows Administrators.  Server 8 looks to be a continuation and refinement of those changes while adding several new features to the Windows Server arsenal.

Nervepoint Access Manager

/ seanpmassey

Account lockouts and password resets are two things that IT support personnel frequently deal with.  In my experience, these two tasks make up a large chunk of help desk tickets.

Self-service account management tools do exist, but many of these tools are expensive, and the cost can put them out of reach for small businesses and non-profits.

That is where Nervepoint Access Manager(abbreviated NAM) comes in.  NAM is a Linux-based virtual appliance that provides web-based self-service password reset and account unlock utilities.


Download and Setup
NAM can be downloaded from the Nervepoint website.  The download file is a TAR that contains the VMware vmx and vmdk files, so you will need a program like 7-zip to extract it.  Once downloaded, you will need to upload these files to a datastore in your VMware environment and add the virtual machine to your inventory.

Once the VM is powered on, it will grab a DHCP address.  My test network is small, so I was able to easily find it and log into the administrative web interface to configure my network adapter.  This may be an issue in larger environments or in data centers without DHCP, but there is a community forum post that describes how to configure the network adapter from the console.

Configuring access to Active Directory is fairly easy too.  Opening your web browser and browsing to the Nervepoint appliance will bring up a first-time setup screen.  It will use DNS to detect any Active Directory domains in your environment and connect to them.  You will also need to set up a service account that has permissions to change passwords on any OUs that contain users.

In order to successfully connect to an Active Directory domain, it will need to have LDAP over SSL configured.  For larger environments, this won’t be a problem as they will likely have an Active-Directory integrated PKI environment set up.  For environments that don’t have PKI, it will require at least one Enterprise CA and a Windows Server Enterprise license or a 3rd-party certificate.

Once configured, it is fairly easy for end-users to use.  They will need to log in to configure their answers to the questions that will be used to verify their identity.  Password changes and account unlocks are simple affairs – a user only needs to answer three of the five questions correctly to perform a password reset.


Nervepoint Pros
Despite being a beta, there are several things I like about the Nervepoint appliance.  It is a fairly small VM that uses less than a gigabyte of RAM.  It is suitable for production use in smaller environments, and it is very easy to use.


Nervepoint Cons
Even though I like this appliance a lot and would consider deploying it in my production network, there are a couple of areas for improvement.

For starters, there is very little documentation.  There are no install or administrator guides, and the forums don’t have a lot of information yet.  There is a FAQ section of the website, but it doesn’t have a lot of information in it either.  There is no read-me or license information included with the appliance either.
The VM doesn’t have the VMware tools installed.  I believe that this is something that should have been done by the developers before shipping the appliance.  It’s not a huge deal, but it would help with managing the VM.

I don’t have the ability to customize the security questions that my employees are asked or set the number of questions they must answer correctly.  The ability for administrators to customize these settings may be important in some environments.

And finally, the distribution method for this appliance leaves something to be desired.  The VM is downloaded from the Nervepoint website, and it took multiple attempts to correctly import the virtual machine into my test environment.  A better option might be to package the appliance as an OVF template and list it on the VMware marketplace.


Conclusion
Despite the cons, the Nervepoint Access Manager is a fairly decent little Self-Service Account Management appliance, and I would strongly consider deploying it in my production network in the future.

Edit:  It was brought to my attention by the developers of this product that the license and the default questions can be changed during the initial setup.  I did not have these two items in my notes, and I apologize for the error.

Another Great Article on Career Development…

/ seanpmassey

In my last post, I mentioned that I follow a few blogs through Google Reader.  One of those blogs is the Ask the Directory Services Team blog on Microsoft Technet Site.

Normally, this blog is filled with answers to some very technical questions on Active Directory and related technologies.  One of their more recent entries, however, was focused on the author’s career development philosophy

This would be a great read for any college student entering the work force, and although some of the tips may seem like common sense, a lot of rookie (and sometimes experienced) IT pros can sometimes have trouble some of these basic tips. 

For instance, I know that I have trouble filling the that conversational dead space while working with others.  This is obvious when I work with other introverts.

I’ll also add that admitting your mistakes gets easier as you get older and gain confidence.

The blog ends with a truism that applies to any career: “I used many synonyms in this post, but not once did I say “job.” Jobs end at quitting time. A career is something that wakes you up at midnight with a solution. I can’t guarantee success with these approaches, but they’ve kept me happy with my IT career for 15 years. I hope they help with yours.”