In the previous chapter, we covered an overview and the design of RecoverPoint for Virtual Machines (RP4VMs) on VxRail, including network, hardware, and software requirements, and some failure scenarios. When you plan to enable Continuous Data Protection (CDP) features and fast data recovery, RP4VMs is a good option.
Previous chapters of this book discussed the Dell and VMware features on a VxRail cluster, such as VxRail cluster expansion, a VMware stretched cluster, and RP4VMs. This chapter will discuss the third-party backup and recovery software Veeam Backup and Replication (VBR), which can provide data protection for virtual machines (VMs) and physical machines. You will see an overview and the benefits of VBR and learn about designing integration with VxRail and VBR.
This final chapter of the book covers the following main topics:
VBR is data protection software that can deliver ransomware protection and data recovery for your enterprise data, including data stored on VMware vSphere, Microsoft Hyper-V, Nutanix Acropolis Hypervisor (AHV), and cloud platforms (Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP)). VBR contains the following components:
This section will discuss the following topics:
The next subsection will discuss which machines can be protected with VBR.
The latest version of VBR is v11a, which was released in July 2022. It supports data protection for the following platforms:
Figure 10.1 shows the architecture of a simple deployment of VBR. There is a VBR server that contains three components: a backup proxy server, a backup repository, and a VBR console. The VMs on three VMware ESXi hosts are protected by a VBR server. This is a simple deployment of VBR; all of VBR’s components and database are running on a single machine. This deployment is suitable for a small-scale VMware environment:
Figure 10.1 – A simple deployment of VBR
Now, we will discuss the backup flow in a simple deployment of VBR. The following is the backup flow, also illustrated in Figure 10.2:
Figure 10.2 – The backup flow in VBR
Figure 10.3 shows the architecture of an advanced deployment of VBR. There is a VBR server with a console, and a database server, which can be a physical machine or a VM. The backup repository is a storage server or storage appliance where all backup files are kept, including the VM copies and metadata for replicated VMs. The backup proxy server can be a physical machine or a VM. This is the advanced deployment of VBR; all VBR components are separated into different hosts. This deployment is suitable for a large-scale VMware environment:
Figure 10.3 – The advanced deployment of VBR
Now, we will discuss the backup flow in the advanced deployment of VBR. The following is the backup flow, also illustrated in Figure 10.4:
Figure 10.4 – The backup flow in VBR
Figure 10.5 shows the architecture of VBR. There are two locations: the production site and the remote site. In the production site, there are four core components: the VBR server, the backup proxy server, the backup repository, and WAN Accelerator. WAN Accelerator is a Veeam technology that optimizes the transfer of data to remote locations between WAN connections. You can enable this feature when you need to set up off-site backup copy jobs and VM replication. The VMs are replicated to the VMware ESXi host from the production site to the remote site:
Figure 10.5 – The replication architecture of VBR
Now, we will discuss the VM replication flow in VBR. The following is the replication flow between the two sites, also illustrated in Figure 10.6:
Figure 10.6 – The replication flow in VBR
After going through the preceding scenarios, you have got an overview and understood the backup flow of VBR. We will discuss the 3-2-1-1-0 backup rule in the next subsection.
To protect your data, you should ensure your data is stored safely. In this section, we will discuss the 3-2-1-1-0 backup rule, which denotes the following:
Figure 10.7 also provides an explanation of the 3-2-1-1-0 backup rule. This backup rule is recognized as the best practice by Veeam. If we follow this backup rule, we can minimize the risk of data loss and a single point of failure (SPOF):
Figure 10.7 – The 3-2-1-1-0 backup rule (copyright from Veeam)
Veeam software contains two license options, including Veeam Availability Suite and VBR. Both options are part of the Veeam Universal License (VUL), which is available as a subscription or perpetual option. Table 10.1 shows a comparison of Veeam licenses:
Supported Features |
Veeam Availability Suite |
VBR |
Virtual platform, including VMware vSphere, Microsoft Hyper-V, and Nutanix AHV |
Supported |
Supported |
Physical platform, including Microsoft Windows, Linux, AIX, Oracle Solaris, Mac, and NAS |
Supported |
Supported |
Cloud platform, including AWS, Azure, and GCP native backup and recovery |
Supported |
Supported |
Application support, including Microsoft SQL, Exchange, Oracle, MySQL, PostgreSQL, and SAP |
Supported |
Supported |
Advanced application recovery on Veeam Explorer |
Supported |
Supported |
Veeam One |
Supported |
Not supported |
VUL |
Supported |
Supported |
Veeam Backup for Microsoft 365 |
Licensed separately |
Licensed separately |
Veeam Disaster Recovery Orchestrator |
Optional add-on license |
Optional add-on license |
Table 10.1 – Veeam license comparison
VUL is a portal license that supports moving easily across different workloads—for example, VMware vSphere, Microsoft Hyper-V, Windows, and cloud platforms. Table 10.2 shows a summary of VUL’s supported workloads:
Example Workloads |
Details |
Cloud platform |
Microsoft Azure, GCP, AWS, IBM Cloud, Kubernetes |
Virtual platform |
VMware vSphere, Microsoft Hyper, Nutanix AHV, Red Hat Virtualization |
Physical platform |
Microsoft Windows, Linux, Unix, macOS, NAS |
Applications |
Microsoft Exchange and SQL, Oracle, SAP Hana, PostgreSQL, Kubernetes |
Software as a Service (SaaS) |
Microsoft 365, Microsoft Teams, Salesforce |
Unstructured data |
NAS, SharePoint |
Table 10.2 – A summary of VUL’s supported workloads
Important note
Kubernetes, Microsoft 365 (including Teams), and Salesforce require a separate license.
VBR v11 contains different backup modes, including reverse incremental, forever forward incremental, and forward incremental. Now, we will discuss each backup option.
Figure 10.8 shows the backup chain for reverse incremental backup. This backup methodology contains the last full backup file (vbk) and a set of reverse incremental backup files (vrb). For example, you can configure the backup as follows. If you choose this backup mode, it will add all new restore points to the backup chain and rebuild the full backup file:
Figure 10.8 – Reverse incremental backup
Figure 10.9 shows the backup chain for forever forward incremental backup; this backup methodology contains the first full backup file (vbk) and a set of forward incremental backup files (vrb):
Figure 10.9 – Forever forward incremental
If the backup job of your workload cannot create VM snapshots or storage snapshots by VBR, you can choose the Veeam Agent backup. VBR also supports the data backup of physical machines, including Microsoft Windows, Linux, Unix, and Mac. You can use VBR to manage Veeam Agent for physical machines. There is no Veeam proxy server when you execute the Veeam Agent backup—it is recommended to use a separate NIC using a backup network so that it does not saturate production traffic. The only exception is when the backup from the storage snapshots feature is enabled. Figure 10.10 shows the architecture of the Veeam Agent backup:
Figure 10.10 – The architecture of the Veeam Agent backup
Table 10.3 shows the supported features of Veeam Agent on Windows, Linux, and Mac:
Veeam Agent for Windows |
Veeam Agent for Linux |
Veeam Agent for Mac | |
Backup modes |
Volume-level backup, file-level backup, and the entire machine |
Volume-level backup, file-level backup, and the entire machine |
User data |
Destination |
Local storage, shared folder, and Veeam backup repository |
Local storage and shared folder |
Local storage, shared folder, and Veeam backup repository |
Application-aware processing |
Active Directory, Exchange, SQL, Oracle, and SharePoint |
Oracle, PostgreSQL, and MySQL |
N/A |
Custom recovery media |
Supported |
Supported |
N/A |
Built-in snapshot and changed block tracking (CBT) |
Supported |
Supported |
N/A |
File indexing |
Supported |
Supported |
N/A |
Data encryption |
Supported |
Supported |
Supported |
Backup cache |
Supported |
N/A |
N/A |
Transaction log processing for Microsoft SQL and Oracle |
Supported |
N/A |
N/A |
Table 10.3 – A comparison of Veeam Agent for Windows, Linux, and Mac
The next section will discuss an overview of VxRail with VBR.
In previous chapters of this book, we mentioned that VxRail bundles some data protection software, such as VMware vSphere Replication, vSAN stretched clusters, and Dell EMC RP4VMs. If you do not use these data protection features on a VxRail cluster, you can use third-party data backup and recovery software—for example, VBR. Figure 10.11 shows a sample architecture of VxRail with VBR:
Figure 10.11 – A sample architecture of VxRail with VBR
In the configuration shown in Figure 10.11, there are four Veeam components—the VBR server, the VBR console, the backup proxy server, and the backup repository one VxRail cluster with four nodes, and one embedded vCenter Server instance. We can create a backup job to protect the VMs on the VxRail cluster with the VBR server. All backup images of VMs will be stored in the backup repository. In this scenario, the backup proxy server is a virtual host that can be deployed into the VxRail cluster. The VBR server is a VM that runs outside of the VxRail cluster. Table 10.4 shows a summary of each component in Figure 10.11:
Components |
Details |
VBR server |
A backup server is a VM that is installed outside of the VxRail cluster. |
VBR console |
This is the management console of the VBR server that is installed on VBR. |
Backup proxy server |
This is a VM that is installed on the VxRail cluster. |
Backup repository |
This is SAN storage or a local storage server. |
VxRail cluster |
VxRail All-Flash, Hybrid, or NVMe nodes. |
VMware vCenter Server |
VxRail embedded vCenter Server instance. |
Table 10.4 – A summary of each component in Figure 10.11
Now, we will discuss the other scenario of VxRail being used with VBR: as a disaster recovery (DR) solution across two sites.
Figure 10.12 shows a sample architecture of VxRail with VBR across two sites:
Figure 10.12 – A sample architecture of VxRail with VBR across two sites
In the configuration in Figure 10.12, there are six Veeam components, including the VBR server, the VBR console, two backup proxy servers, two backup repositories, one VxRail cluster with four nodes, and one embedded vCenter Server instance per site. We can create VM replication jobs and replicate the VMs from the production site to the remote site. All replication images of VMs will be stored in the backup repository at the remote site. In this scenario, the backup proxy server is a virtual host that can be deployed into the VxRail cluster. The VBR server is a VM that runs outside of the VxRail cluster. The network traffic of the replication link is 10 GB between the two sites. Table 10.5 shows a summary of each component in Figure 10.12:
Sites |
Components |
Details |
Production site |
VBR server |
A backup server is a VM that is installed outside of the VxRail cluster. |
VBR console |
This is the management console of the VBR server that is installed on VBR. | |
Backup proxy server |
This is a VM that is installed on the VxRail cluster. | |
Backup repository |
This is SAN storage or a local storage server. | |
VxRail cluster |
VxRail All-Flash, Hybrid, or NVMe nodes. | |
VMware vCenter Server |
VxRail embedded vCenter Server instance. | |
Remote site |
Backup proxy server |
This is a VM that is installed on the VxRail cluster. |
Backup repository |
This is SAN storage or a local storage server. | |
VxRail cluster |
VxRail Hybrid nodes. | |
VMware vCenter Server |
VxRail embedded vCenter Server instance. |
Table 10.5 – A summary of each component in Figure 10.12
After going through the preceding two scenarios in Figures 10.11 and 10.12, you got an overview of VxRail with VBR. VxRail can easily be integrated with VBR, which can deliver data protection and DR features on the local site or a remote site. The next section will discuss the key benefits of VxRail with VBR.
Important note
If you enabled a vSphere Replication session on a VxRail cluster in a local site or two sites, it is not recommended to enable Veeam VM replication on the VxRail cluster because both can deliver VM replication based on the Recovery Point Objective (RPO) requirements in a local site or two sites.
When you integrate VxRail with VBR, you enjoy all the key benefits of VBR in the VxRail cluster. VBR v11 can deliver the following key features:
CDP is a new feature that is available on VBR v11. It is used to protect critical workloads with near-zero RPOs. It can minimize data loss and recover data with the latest state or point in time (PIT). It supports short-term retention (crash-consistent), long-term retention (application-aware or crash-consistent), and permanent failover and failback. Veeam CDP is similar to Veeam VM replication (Replica). Table 10.6 shows a feature comparison of Veeam CDP and Replica:
Features |
CDP |
Replica |
Failover and failback |
Supported |
Supported |
Planned failover |
Not supported |
Supported |
Failover plan |
Supported |
Supported |
SureReplica |
Not supported |
Supported |
File-level recovery |
Not supported |
Supported |
Network throttling |
Supported |
Supported |
Preferred networks |
Supported |
Supported |
Automation |
Supported |
Supported |
CloudConnect |
Not supported |
Supported |
Table 10.6 – A feature comparison of Veeam CDP and Replica
This feature is used to keep your data safe with malware-safe storage repositories for your backups to prevent malicious encryption and deletion. You can keep your backups and copies safe for the designated retention period.
Important note
A hardened repository is only supported on the Linux platform; it is not supported on the Microsoft Windows platform.
This feature is used to reduce the cost of long-term archives, replace manual tape management, and achieve end-to-end (E2E) backup life cycle management.
You can easily recover the workloads of failed SQL and Oracle databases from Instant VM Recovery in the production environment. You can access the data directly by instant recovery of NAS, then copy the data into the production environment. Table 10.7 shows a comparison of instant recovery between SQL and Oracle:
Instant Recovery |
SQL Database |
Oracle Database |
Cluster configuration |
Supported |
Not supported |
Application-aware |
Supported |
Supported |
Archive tier |
Not supported |
Not supported |
Automatic storage management |
N/A |
Supported |
Table 10.7 – A comparison of instant recovery between SQL and Oracle
VBR v11 provides a powerful feature that can be integrated with Veeam Service Provider Console v5, and it supports the following features:
After going through this section, you should now understand the key features of VBR v11. The next section will discuss the design of VxRail with VBR.
This section discusses two design scenarios of VxRail with VBR—that is, data protection of VMs in a local VxRail cluster and two VxRail clusters across two sites.
If you plan to design the data protection and recovery of VMs in a local VxRail cluster, you need to consider and collect the following information:
Figure 10.13 shows a sample design of VxRail with VBR on a site:
Figure 10.13 – A sample design of VxRail with VBR on a site
In this configuration, a standard VxRail stretched cluster with four nodes is used. Table 10.8 shows the hardware configuration of each VxRail node. Each P670F node installed one 800 GB solid-state drive (SSD) (Cache tier), four 7.68 TB SSDs (Capacity tier), and two quad-port 10 GB Ethernet adapters:
VxRail model |
VxRail P670F |
CPU model |
2 x Intel Xeon Gold 5317 3G, 12C/24T |
Memory |
512 GB (8 x 64 GB) |
Network adapter 1 |
Intel Ethernet X710 Quad Port 10GbE SFP+, OCP NIC 3 |
Network adapter 2 |
Intel X710 Dual Port 10GbE SFP+ Adapter, PCIe Low Profile cards |
Cache drive |
1 x 800 GB SSD SAS drive |
Capacity drive |
4 x 7.68 TB SSD SAS drives |
Table 10.8 – A sample configuration of VxRail P670F
Each VxRail P670F and VMware component contains the following software:
VxRail software release |
7.0.380 build 27609715 |
VMware ESXi edition |
7.0 Update 3d build 19482537 |
VMware vCenter Server |
7.0 Update 3d build 19480866 |
VMware vSAN |
7.0 Update 3d build 19482537 |
Table 10.9 – VxRail software releases
Table 10.10 shows the software editions of VBR:
Components |
Physical Machines/VMs |
Hardware and Software Editions |
VBR server |
VM |
VBR v11a |
VBR console |
N/A |
Bundled with VBR v11a |
Backup proxy server |
VM |
Bundled with VBR v11a |
Backup repository |
Physical machine |
Bundled with VBR v11a |
VxRail cluster |
Physical machine, VxRail cluster with four P670F nodes |
VxRail software 7.0.380 |
VMware vCenter Server |
VM, embedded vCenter Server instance |
VMware vCenter Server virtual appliance 7.0 U3d build 19480866 |
Table 10.10 – Software editions of VBR
Each VxRail P670F installed one 800 GB SSD and four 7.68 TB SSDs; you can create a vSAN disk group with one 800 GB SSD as the cache tier and four 7.68TB SSDs as the capacity tier. Since P670F is an All-Flash model, it can support RAID-1, RAID-5, and RAID-6 site protection. Now, we will discuss the network settings of each VxRail P670F.
Each VxRail P670F has six 10 GB network ports, as shown in Figure 10.14. Ports P1 and P2 are used for the ESXi and VxRail management networks and VM networks, respectively. Ports P3 and P4 are used for the vSAN and vMotion networks. Ports P5 and P6 are used as backup networks for VMs:
Figure 10.14 – Rear view of VxRail P670F
For the network design of the VxRail cluster, you can refer to Table 10.11, which shows the network layout used for a VxRail cluster:
Network Traffic |
NIOC Shares |
VMkernel Ports |
VLAN |
P1 |
P2 |
P3 |
P4 |
Management network |
40% |
vmk2 |
101 |
Standby |
Active |
Unused |
Unused |
vCenter Server management network |
N/A |
N/A |
101 |
Standby |
Active |
Unused |
Unused |
VxRail management network |
N/A |
vmk1 |
101 |
Standby |
Active |
Unused |
Unused |
vSAN network |
100% |
vmk3 |
200 |
Unused |
Unused |
Active |
Standby |
vMotion network |
50% |
vmk4 |
100 |
Unused |
Unused |
Standby |
Active |
VMs |
60% |
N/A |
N/A |
Active |
Standby |
Unused |
Unused |
Table 10.11 – The network layout of VxRail
For the network design of the VBR server, you can refer to Table 10.12, which shows the network layout used for a VBR server:
Network Traffic |
NIOC Shares |
VMkernel Ports |
VLAN |
P5 |
P6 |
Backup network for VMs |
100% |
N/A |
101 |
Active |
Standby |
Table 10.12 – The network layout of a VBR server
When you deploy VxRail with VBR, certain licenses are required. Table 10.13 shows a summary of all bundled software licenses on VxRail P670F and Veeam:
Software Name |
License Edition |
Quantity |
Remark |
VMware vSphere |
VMware vSphere Enterprise Plus per CPU |
4 |
N/A |
VMware vSAN |
VMware vSAN Enterprise per CPU |
4 |
You can choose vSAN Advanced or above |
VMware vCenter Server |
VMware vCenter Server Standard instance |
1 |
N/A |
Veeam Availability Suite Universal Subscription |
Veeam Availability Suite Universal Subscription License. Includes Enterprise Plus Edition features. 30-instance pack. |
30 |
Assume there are 30 VMs running on this VxRail cluster |
Table 10.13 – A summary of all bundled software licenses on VxRail P670F
With this, you have learned the low-level design of VxRail with VBR, as illustrated in Figure 10.13. The next section will discuss the design of VxRail with VBR across two sites.
Figure 10.15 shows a sample design of VxRail with VBR across two sites:
Figure 10.15 – A sample design of VxRail with VBR across two sites
In this configuration, it is a standard VxRail cluster with four nodes installed in production and remote sites. Each P670F installed one 800 GB SSD (Cache tier), four 7.68 TB SSDs (Capacity tier), one quad-port 10 GB Ethernet adapter, and two PCIe dual-port 10 GB Ethernet adapters. For VxRail software and network requirements, you can reference the low-level design of VxRail with VBR on a site shown in Figure 10.13.
For the network settings of each VxRail P670F, each VxRail has eight 10 GB network ports, as shown in Figure 10.16. Ports P1 and P2 are used for the ESXi and VxRail management networks and VM networks, respectively. Ports P3 and P4 are used for the vSAN and vMotion networks. Ports P5 and P6 are used as the backup networks for VMs, and ports P7 and P8 are used as the replication network for VMs:
Figure 10.16 – Rear view of VxRail P670F
Table 10.14 shows the network layout used for a VBR network:
Network Traffic |
NIOC Shares |
VMkernel Ports |
VLAN |
P5 |
P6 |
P7 |
P8 |
Backup network for VMs |
100% |
N/A |
101 |
Active |
Standby |
Unused |
Unused |
Replication network for VMs |
100% |
N/A |
400 |
Unused |
Unused |
Active |
Standby |
Table 10.14 – The network layout of the VBR network
After going through the preceding two scenarios, you have learned the low-level design of VxRail with VBR, shown in Figures 10.13 and 10.15. The next section will discuss some data recovery scenarios of VxRail with VBR.
This last section will discuss some data recovery scenarios of VxRail with VBR, including VM recovery, faulty vCenter Server, faulty backup repository VM replication, and instant recovery.
Figure 10.17 shows a sample architecture of VxRail with VBR in a single site. VBR protects the VM, and the backup images of this VM are stored in the backup repository. If the VM is corrupted in the VxRail cluster, how do we recover the data of this VM? You can restore the VM backup images based on its RPO settings from the backup repository with VBR:
Figure 10.17 – The architecture of VxRail with VBR in a single site
The next section will discuss another failure scenario, shown in Figure 10.18.
Figure 10.18 shows a sample architecture of VxRail with VBR in a single site. What is the impact on VBR if the embedded vCenter Server instance is unavailable in the VxRail cluster? All backup jobs will be stopped when the vCenter Server instance is not available. It is the best practice for the VMware vCenter Server to be protected by vSphere Availability in case the vCenter Server instance is unavailable:
Figure 10.18 – The architecture of VxRail with VBR in a single site
The next section will discuss another failure scenario, shown in Figure 10.19.
Figure 10.19 shows a sample architecture of VxRail with VBR across two sites. In this configuration, the VM runs on an HQ VxRail cluster, and the VM is replicated to the DR VxRail cluster by Veeam VM replication. If the VM is corrupted in the VxRail cluster, how do we recover from this VM? You can execute a Veeam failover plan to recover the VM (replica) in the DR VxRail cluster:
Figure 10.19 – The architecture of VxRail with VBR across two sites
The next section will discuss another failure scenario, shown in Figure 10.20.
Figure 10.20 shows a sample architecture of VxRail with VBR in a single site. VBR protects the VM, and the backup images of this VM are stored in backup repositories A and B. One copy of the data is stored in backup repository A, while another copy of the data is stored in backup repository B. If the VM and backup repository A are corrupted at the same time, how do we recover from this VM? You can also recover the VM in the VxRail cluster from backup repository B because it is the second copy of the VM:
Figure 10.20 – The architecture of VxRail with VBR in a single site
The next section will discuss another failure scenario, shown in Figure 10.21.
Figure 10.21 shows a sample architecture of VxRail with VBR in a single site. VBR protects the SQL VM, and the backup images of this VM are stored in backup repository A. If one of the databases is corrupted in this SQL VM, what is the fastest method of recovering this corrupted database? You can execute instant recovery of this SQL VM and restore the corrupted database into this SQL VM:
Figure 10.21 – The architecture of VxRail with VBR in a single site
After going through the preceding scenarios, you should understand the expected results on VxRail with VBR.
In this last chapter, we covered an overview and the design of VxRail with VBR, including the network, hardware, and software requirements, and some failure scenarios. VBR is a good solution for data protection and recovery and is fully integrated with Dell VxRail systems.
After going through all the chapters of this book, you should now have a good overall impression and understand the architecture of Dell VxRail 7 systems. You have also learned about the design and best practices of cluster expansion, stretched clusters, VMware Site Recovery Manager (SRM), RP4VMs on VxRail, and VBR.
As we conclude, here is a list of questions for you to test your knowledge regarding this chapter’s material. You will find the answers in the Assessments section of the Appendix:
Figure 10.22 – The architecture of VxRail with VBR in a single site
Figure 10.23 – The architecture of VxRail with VBR in a single site
Figure 10.24 – The architecture of VxRail with VBR in a single site
Figure 10.25 – The architecture of VxRail with VBR in a single site