It’s that time of year again! The flowers are blooming, my allergies have come out of hibernation, and a new VB365 technical preview is out!
This technical preview focuses on three of the biggest upcoming features coming with VB365 v8: Primary Job Immutability, Linux Proxy support, and Proxy Pools! These are all incredible features that will greatly benefit both end-users and service providers. To go through them, we’ll first have to perform a fresh installation of VB365 and look at some of the under-the-hood changes that help make these new features possible.
Installing VB365 and Adding Linux Proxies
When performing a fresh installation of the release, the first thing to notice is that during the prerequisites check is that .NET 8 is now required for VB365. Beginning with .NET 5, Microsoft has combined .NET Framework, the traditional Windows .NET platform, and .NET Core, a cross-platform framework, into a single codebase. With each release, new functionality or functions previously limited to either .NET Framework or .NET Core have been added, allowing development teams to begin gradually migrating their traditional Windows-only applications to ones that can also be used on Linux and macOS. This framework update is likely a large part of how proxy services can now run on Linux servers.
The second thing to notice is that as part of the VB365 installation, a PostgreSQL server and NATS server are installed. These two services facilitate metadata tracking and data exchange. PostgreSQL replaces SQLite, allowing for better scalability and performance for large or multi-tenant data footprints.
Once VB365 is installed, we can go ahead and add an M365 tenant as we would in v7 today. The only change to note here is that Legacy Authentication has been deprecated, so new tenants cannot be added using the protocol. This should be a non-issue, as Microsoft has been deprecating and disabling Legacy Authentication on tenants for several years now.
Before we add a repository and configure jobs, we will want to add new Linux proxies and configure a proxy pool. The proxy service can run on RHEL (8.6 to 9.2) or Ubuntu (20.04 and 22.04 LTSes). For this demonstration, Ubuntu 22.04 was used.
First, we need to ensure that the Linux server can resolve the DNS name of the VB365 server. If this cannot be done via a DNS server, it can be done by editing /etc/hosts. Next, .NET Runtime 8.0.1 or higher needs to be installed. The below command will update all system packages and install the latest .NET Runtime 8 release (8.0.2 at the time of writing).
Sudo apt-get update && sudo apt-get upgrade -y && sudo apt-get install -y dotnet-runtime-8.0
Finally, SSH needs to be enabled on the Linux server.
Back in VB365, we add a proxy by browsing to Backup Infrastructure > Backup Proxies > Add Proxy. Then, we select whether to add a Windows or Linux proxy.
Next, we specify the DNS name or IP address of the Linux server. If a non-default port will be used for communication, it can be specified here, as can a description.
Next, an SSH connection is specified. In this case, an account called “administrator” was created during OS installation and upon initial login via SSH, it does not have root privileges. So, under Advanced, “Elevate specified account to root” was specified. For security, a private key can be generated and required for SSH connections.
Since we do not have the SSH key fingerprint saved to the VB365 server for this demo, a warning will pop up asking us if the server can be trusted, which we must accept.
Before service installation, VB365 will ask for one more piece of information: a service account to run the service under. This can be one of three options:
- A Veeam default account (veeamvboproxy) – this will be created and set with the proper permissions on the Linux server
- A custom service account – This can be a new or existing account on the server. With the checkbox enabled Veeam will create and set permissions for the account if needed
Finally, VB365 will install, configure, and start the proxy service on the Linux server if all pre-requisite checks are passed.
Creating and Managing Proxy Pools
Now, we can create a backup proxy pool. For large installations, proxy pools will enable much better scalability and maintenance of VB365 components. We can create one by browsing to Backup Infrastructure > Backup Proxy Pools > Add Proxy Pool.
First, we have the give the proxy pool a name and description.
Then, we have to select which proxies to add to the pool. There are a few limitations:
- The default proxy (installed on the VB365 server during initial installation) cannot be added to a pool.
- Proxies can only be added to a single proxy pool at a time.
Once we click finish, the proxy pool is created. Backup jobs utilizing the proxy pool will now have processing tasks load balanced across the proxies in the pool, and proxies can be put into “Maintenance Mode”, allowing for tasks like Windows updates to occur with minimal interruption of service.
To set a proxy into maintenance mode, we browse the proxy pool, select the proxy inside of it, then click “Maintenance Mode”.
Similarly to when we installed the proxy service, we must specify SSH credentials to enable maintenance mode.
In this example, we are only placing a single proxy into maintenance mode, but there is the capability to select multiple at the same time if the proxies share the same SSH credentials.
After confirming our selection, VB365 will perform an operation to set maintenance mode on the proxy or proxies.
Once the operation is complete, we get a brief status screen indicating whether the operation succeeded.
After closing out of this, we can see that the proxy is now in maintenance mode.
To disable maintenance mode, the same steps are performed.
Primary Repository Immutability
Now, we can create some backup repositories. This process is slightly different than previous versions. Instead of creating an object repository, and then creating a local repository for cache that is linked to the object repository, we merely create an object repository and link it to a proxy or proxy pool.
In addition, immutability settings receive their own screen with greater capabilities than before. This new screen appears after setting the retention policy settings.
On this new screen, we can notably set a custom immutability period and choose between Governance and Compliance modes. In most cases, Compliance mode is recommended, as Governance mode allows an S3 account administrator or the storage vendor to delete backups, making a compromised account a potential attack vector for malicious actors.
The other notable change to immutability, albeit not pictured, is that it is no longer limited to only backup copy jobs. This means we can extend past the traditional 3-2-1-1-0 rule and host multiple immutable copies of data. Retention policies can also vary between the primary and secondary repositories, allowing for more cost-effective tiered storage of M365 backups without worry of a slower RTO.
These new features enhance Veeam’s already industry-leading capabilities and should be a great benefit to all VB365 users, whether they utilize their own server, Veeam Data Cloud, or a VCSP.