-
- Novice
- Posts: 5
- Liked: never
- Joined: Jul 27, 2023 6:27 am
- Contact:
SMB - Best practice B&R V12 / Hyper-V / 2 VMs without license violation MS
We are having several internal discussions about using und installing B&R V12 for several Setups, where the costs are a problem and the customers won´t buy a second Server 2022 licence for setting up a third VM, respecting the licence for Server 202 std.
We know, it´s a license violation against Microsoft to install the full b&r V12 on the Hyper-V Server. And it´s also a bad chooise to install such a software with another database on a hyper-v host.
My best practice for cost effektiv would be:
- Hyper-V without any other Software
- B&R V12 will be full installed (Postgres) inside VM1 from DC01 Domain Controller with 8GB Ram and 2 V-Cores
- VM2 will carry our productive Orcale 19 / 11 Database software solution
- Backup repository is USB HDD oder RDX attached to Hyper-V Server, Backup Proxy is Hyper-V, sometimes a NAS, no internal HDD, 5 HDDs for Backups Mo-Fr
The Backup Job runs at night 1 times a day for all vhdx drives.
This setup isn´t following the best practice for a Domaincontroller. But I see no really alternative with the same performance and minimal impact to the System. We also need as much as possible ram for the vm2
best practice, if the customer is having a third VM3 for Terminal Server or has a separate Server 2022 Essential License:
- Setting up a Backup VM with only Veeam inside.
Both ways will do a backup only for the Hyper-VB VMs. A Backup for the Host is not wanted. Boths ways use Hyper-V Manger for doing the backup, no agents inside the VMs.
Any comments and recommendations to my Solution are welcome.
Thx a lot!
We know, it´s a license violation against Microsoft to install the full b&r V12 on the Hyper-V Server. And it´s also a bad chooise to install such a software with another database on a hyper-v host.
My best practice for cost effektiv would be:
- Hyper-V without any other Software
- B&R V12 will be full installed (Postgres) inside VM1 from DC01 Domain Controller with 8GB Ram and 2 V-Cores
- VM2 will carry our productive Orcale 19 / 11 Database software solution
- Backup repository is USB HDD oder RDX attached to Hyper-V Server, Backup Proxy is Hyper-V, sometimes a NAS, no internal HDD, 5 HDDs for Backups Mo-Fr
The Backup Job runs at night 1 times a day for all vhdx drives.
This setup isn´t following the best practice for a Domaincontroller. But I see no really alternative with the same performance and minimal impact to the System. We also need as much as possible ram for the vm2
best practice, if the customer is having a third VM3 for Terminal Server or has a separate Server 2022 Essential License:
- Setting up a Backup VM with only Veeam inside.
Both ways will do a backup only for the Hyper-VB VMs. A Backup for the Host is not wanted. Boths ways use Hyper-V Manger for doing the backup, no agents inside the VMs.
Any comments and recommendations to my Solution are welcome.
Thx a lot!
-
- Product Manager
- Posts: 9822
- Liked: 2598 times
- Joined: May 13, 2017 4:51 pm
- Full Name: Fabian K.
- Location: Switzerland
- Contact:
Re: SMB - Best practice B&R V12 / Hyper-V / 2 VMs without license violation MS
Hello Torsten
Installing Veeam on the domain controller (or HyperV server) is not recommended by Veeam. The Veeam server should run on a dedicated physical machine (or virtual).
Also never run the backup server on the same production VMs which must be protected. From a security perspective a bad idea. An attacker having access to the domain controller will be able to also access the backup server with all it's non-immutable or non-airgapped backup data.
If you cannot use a backup server because their is no windows license left, consider using Veeam Agents to protect the environment. You are talking about customer, so you must be a service provider. Use your rental license to manage those Veeam Agents for your customer. Only disadvantage, you loose application item restore without a Veeam Backup & Replication server.
I don't have any other recommendation than that.
https://helpcenter.veeam.com/docs/backu ... on-servers
Fabian
Installing Veeam on the domain controller (or HyperV server) is not recommended by Veeam. The Veeam server should run on a dedicated physical machine (or virtual).
Also never run the backup server on the same production VMs which must be protected. From a security perspective a bad idea. An attacker having access to the domain controller will be able to also access the backup server with all it's non-immutable or non-airgapped backup data.
If you cannot use a backup server because their is no windows license left, consider using Veeam Agents to protect the environment. You are talking about customer, so you must be a service provider. Use your rental license to manage those Veeam Agents for your customer. Only disadvantage, you loose application item restore without a Veeam Backup & Replication server.
I don't have any other recommendation than that.
https://helpcenter.veeam.com/docs/backu ... on-servers
Best,Coexistence with Mission-Critical Production Servers
We do not recommend you to install Veeam Backup & Replication and its components on mission-critical machines in the production environment such as Microsoft Hyper-V Server, Domain Controller, Microsoft Exchange Server, Small Business Server/ Windows Server Essentials and so on. If possible, install Veeam Backup & Replication and its components on dedicated machines. Backup infrastructure component roles can be co-installed.
Fabian
Product Management Analyst @ Veeam Software
-
- Novice
- Posts: 5
- Liked: never
- Joined: Jul 27, 2023 6:27 am
- Contact:
Re: SMB - Best practice B&R V12 / Hyper-V / 2 VMs without license violation MS
Hello Fabian,
yes i am a service technician for a Veeam service provider.
I know hardening is a good thing...
yes i am a service technician for a Veeam service provider.
I know hardening is a good thing...
-
- Enthusiast
- Posts: 71
- Liked: 14 times
- Joined: Jul 06, 2018 3:44 am
- Full Name: Moopere
- Contact:
Re: SMB - Best practice B&R V12 / Hyper-V / 2 VMs without license violation MS
Hello Torsten73,
You are referring to the Windows Server (and previous versions) licensing whereby a 2022 physical server with the Hyper-v role is granted license to run 2x Windows Server 2022 VM's on that same physical server right? If I've understood correctly then I believe the license also grants the running of certain applications on the physical server without violating the license agreement nor removing the granted 2x VM servers. Here is section 3.d of the Server 2019 EULA which is probably similar to the 2022 EULA (but please do check).
-----------------------
"Windows Server Standard
i. For each server to which you have assigned the required number of core licenses as provided in Section 3.b., at any one time you may run the server software in:
· one physical operating system environment,
· up to two virtual operating system environments, and
· any number of operating system environments instantiated as Windows Server Containers without Hyper-V isolation.
ii. If you run all permitted instances at the same time, the instance of the server software running in the physical operating system environment may be used only to:
· run hardware virtualization software,
· provide hardware virtualization services,
· run software to manage and service operating system environments on the licensed server.
iii. If you want to run additional instances of the server software as set forth in this Section 3.d., you may need to acquire additional licenses to the server as described in Section 3.b."
-----------------------
Its probably up for argument as to whether backup software falls within the domain of "run software to manage and service operating system environments on the licensed server." - I have seen it argued so and I've got a memory that earlier version of Windows Server (2012?) specifically lay out this exact scenario - don't quote me though, please do you own research.
For those that feel strongly for the argument against: Think about the ramifications of even running a backup agent on the physical server of your Hyper-v host. Insofar as intent and purpose, a backup agent is a special purpose management application. If you then add a singular purpose front end to that agent, a management interface, does this change the nature of what you are doing with the backup application?
You are referring to the Windows Server (and previous versions) licensing whereby a 2022 physical server with the Hyper-v role is granted license to run 2x Windows Server 2022 VM's on that same physical server right? If I've understood correctly then I believe the license also grants the running of certain applications on the physical server without violating the license agreement nor removing the granted 2x VM servers. Here is section 3.d of the Server 2019 EULA which is probably similar to the 2022 EULA (but please do check).
-----------------------
"Windows Server Standard
i. For each server to which you have assigned the required number of core licenses as provided in Section 3.b., at any one time you may run the server software in:
· one physical operating system environment,
· up to two virtual operating system environments, and
· any number of operating system environments instantiated as Windows Server Containers without Hyper-V isolation.
ii. If you run all permitted instances at the same time, the instance of the server software running in the physical operating system environment may be used only to:
· run hardware virtualization software,
· provide hardware virtualization services,
· run software to manage and service operating system environments on the licensed server.
iii. If you want to run additional instances of the server software as set forth in this Section 3.d., you may need to acquire additional licenses to the server as described in Section 3.b."
-----------------------
Its probably up for argument as to whether backup software falls within the domain of "run software to manage and service operating system environments on the licensed server." - I have seen it argued so and I've got a memory that earlier version of Windows Server (2012?) specifically lay out this exact scenario - don't quote me though, please do you own research.
For those that feel strongly for the argument against: Think about the ramifications of even running a backup agent on the physical server of your Hyper-v host. Insofar as intent and purpose, a backup agent is a special purpose management application. If you then add a singular purpose front end to that agent, a management interface, does this change the nature of what you are doing with the backup application?
-
- Enthusiast
- Posts: 71
- Liked: 14 times
- Joined: Jul 06, 2018 3:44 am
- Full Name: Moopere
- Contact:
Re: SMB - Best practice B&R V12 / Hyper-V / 2 VMs without license violation MS
Oh, I should add to my post above. Personally I'm not a big fan of running anything on Hyper-v hosts that doesn't have to absolutely be there to make the system work. To this end then I'll happily run a Veeam agent but would be less happy running the full Veeam B&R installation - not for licensing reasons, I'm happy enough I'm covered there, but for stability, maintenance and performance reasons.
-
- Veeam ProPartner
- Posts: 561
- Liked: 103 times
- Joined: Dec 29, 2009 12:48 pm
- Full Name: Marco Novelli
- Location: Asti - Italy
- Contact:
Re: SMB - Best practice B&R V12 / Hyper-V / 2 VMs without license violation MS
Such small customers are best suited for a full cloud deploymentTorsten73 wrote: ↑Jul 28, 2023 12:30 pm We are having several internal discussions about using und installing B&R V12 for several Setups, where the costs are a problem and the customers won´t buy a second Server 2022 licence for setting up a third VM, respecting the licence for Server 202 std.
We know, it´s a license violation against Microsoft to install the full b&r V12 on the Hyper-V Server. And it´s also a bad chooise to install such a software with another database on a hyper-v host.
My best practice for cost effektiv would be:
- Hyper-V without any other Software
- B&R V12 will be full installed (Postgres) inside VM1 from DC01 Domain Controller with 8GB Ram and 2 V-Cores
- VM2 will carry our productive Orcale 19 / 11 Database software solution
- Backup repository is USB HDD oder RDX attached to Hyper-V Server, Backup Proxy is Hyper-V, sometimes a NAS, no internal HDD, 5 HDDs for Backups Mo-Fr
The Backup Job runs at night 1 times a day for all vhdx drives.
This setup isn´t following the best practice for a Domaincontroller. But I see no really alternative with the same performance and minimal impact to the System. We also need as much as possible ram for the vm2
best practice, if the customer is having a third VM3 for Terminal Server or has a separate Server 2022 Essential License:
- Setting up a Backup VM with only Veeam inside.
Both ways will do a backup only for the Hyper-VB VMs. A Backup for the Host is not wanted. Boths ways use Hyper-V Manger for doing the backup, no agents inside the VMs.
Any comments and recommendations to my Solution are welcome.
Thx a lot!
- Microsoft 365 for email , OneDrive / Sharepoint for File Sharing, Teams for Collaboration / Videocall
- Desktop PC / Notebook connected to Azure AD
- a single VM in Microsoft Azure for the ERP (both ERP and Terminal Server if the ERP is not web-based), not joined to any domain to lower costs, maybe Azure AD Domain Services but is +150 eur/month
- Acronis Backup Cloud to Cloud for Microsoft 365 backup (mail, OneDrive / Sharpoint, Teams)
No more internal Servers
Marco
Marco
-
- Enthusiast
- Posts: 56
- Liked: 2 times
- Joined: Nov 10, 2020 8:07 pm
- Full Name: Joe G
- Contact:
Re: SMB - Best practice B&R V12 / Hyper-V / 2 VMs without license violation MS
You have a licensed Oracle DB running on a VM and you don't have enough resources to buy an additional MS Windows server license???? Hmmmm
Well, you could run a Linux proxy, file store and tape server in a Linux VM on Hyper-V. Then you have a VEEAM server running somewhere else to control that Veeam Proxy/Repo/Target over the WAN or on some other Windows Host.
Well, you could run a Linux proxy, file store and tape server in a Linux VM on Hyper-V. Then you have a VEEAM server running somewhere else to control that Veeam Proxy/Repo/Target over the WAN or on some other Windows Host.
-
- Product Manager
- Posts: 9822
- Liked: 2598 times
- Joined: May 13, 2017 4:51 pm
- Full Name: Fabian K.
- Location: Switzerland
- Contact:
Re: SMB - Best practice B&R V12 / Hyper-V / 2 VMs without license violation MS
@SmokinJoe
Linux proxies are not involved in Hyper-V VM backups.
The proxy component runs default on the Hyper-V server itself as an On-Host proxy.
Best,
Fabian
Linux proxies are not involved in Hyper-V VM backups.
The proxy component runs default on the Hyper-V server itself as an On-Host proxy.
Best,
Fabian
Product Management Analyst @ Veeam Software
-
- Enthusiast
- Posts: 56
- Liked: 2 times
- Joined: Nov 10, 2020 8:07 pm
- Full Name: Joe G
- Contact:
Re: SMB - Best practice B&R V12 / Hyper-V / 2 VMs without license violation MS
I would suggest you leave the hypervisor alone and run a dedicated VM for a proxy/repo/tape. On host proxy means if your proxy is compromised so is your hypervisor and all VM's including your precious Oracle DB and Authentication via Active Directory.
-
- Product Manager
- Posts: 9822
- Liked: 2598 times
- Joined: May 13, 2017 4:51 pm
- Full Name: Fabian K.
- Location: Switzerland
- Contact:
Re: SMB - Best practice B&R V12 / Hyper-V / 2 VMs without license violation MS
For Hyper-V there are two proxy types:
- On-Host Proxy, which is the default and recommended. Almost any customer runs it.
- Off-Host Proxy, which requires you to buy another physical machine where you have to install Hyper-V. Virtual backup proxies for HyperV backup do not exist.
- On-Host Proxy, which is the default and recommended. Almost any customer runs it.
- Off-Host Proxy, which requires you to buy another physical machine where you have to install Hyper-V. Virtual backup proxies for HyperV backup do not exist.
Product Management Analyst @ Veeam Software
-
- Novice
- Posts: 5
- Liked: never
- Joined: Jul 27, 2023 6:27 am
- Contact:
Re: SMB - Best practice B&R V12 / Hyper-V / 2 VMs without license violation MS
Hello Marco,m.novelli wrote: ↑Jul 31, 2023 7:56 am Such small customers are best suited for a full cloud deployment
- Microsoft 365 for email , OneDrive / Sharepoint for File Sharing, Teams for Collaboration / Videocall
- Desktop PC / Notebook connected to Azure AD
- a single VM in Microsoft Azure for the ERP (both ERP and Terminal Server if the ERP is not web-based), not joined to any domain to lower costs, maybe Azure AD Domain Services but is +150 eur/month
- Acronis Backup Cloud to Cloud for Microsoft 365 backup (mail, OneDrive / Sharpoint, Teams)
No more internal Servers
Marco
Marco
Yes, I understand but I have to follow the sales contracts our customers has been sold. I won´t discuss about such solutions in this topic, it´s maybe a good point of view for other users but not at the moment for me.
-
- Novice
- Posts: 5
- Liked: never
- Joined: Jul 27, 2023 6:27 am
- Contact:
Re: SMB - Best practice B&R V12 / Hyper-V / 2 VMs without license violation MS
Hello Noname,Moopere wrote: ↑Jul 31, 2023 4:00 am Hello Torsten73,
You are referring to the Windows Server (and previous versions) licensing whereby a 2022 physical server with the Hyper-v role is granted license to run 2x Windows Server 2022 VM's on that same physical server right? If I've understood correctly then I believe the license also grants the running of certain applications on the physical server without violating the license agreement nor removing the granted 2x VM servers. Here is section 3.d of the Server 2019 EULA which is probably similar to the 2022 EULA (but please do check).
-----------------------
"Windows Server Standard
i. For each server to which you have assigned the required number of core licenses as provided in Section 3.b., at any one time you may run the server software in:
· one physical operating system environment,
· up to two virtual operating system environments, and
· any number of operating system environments instantiated as Windows Server Containers without Hyper-V isolation.
ii. If you run all permitted instances at the same time, the instance of the server software running in the physical operating system environment may be used only to:
· run hardware virtualization software,
· provide hardware virtualization services,
· run software to manage and service operating system environments on the licensed server.
iii. If you want to run additional instances of the server software as set forth in this Section 3.d., you may need to acquire additional licenses to the server as described in Section 3.b."
-----------------------
Its probably up for argument as to whether backup software falls within the domain of "run software to manage and service operating system environments on the licensed server." - I have seen it argued so and I've got a memory that earlier version of Windows Server (2012?) specifically lay out this exact scenario - don't quote me though, please do you own research.
For those that feel strongly for the argument against: Think about the ramifications of even running a backup agent on the physical server of your Hyper-v host. Insofar as intent and purpose, a backup agent is a special purpose management application. If you then add a singular purpose front end to that agent, a management interface, does this change the nature of what you are doing with the backup application?
we had the same thoughts. But unfortunately it´s wrong. We have learned it hard ... We have proven this point with a Microsoft license specialist from Tarox.
Installations for any other software on the hyper-v host needs one server 2022 license.
-
- Novice
- Posts: 5
- Liked: never
- Joined: Jul 27, 2023 6:27 am
- Contact:
Re: SMB - Best practice B&R V12 / Hyper-V / 2 VMs without license violation MS
This is our way for new Veeam customer contracts. It also means, the user must buy a third server 2022 essential license. This makes the point on costs again expensiver.
Of course it would be much better to use a backup server or a server with a second hyper-v for it, but this is way to expensive for small Business solutions. I am talking hier about 3-5 Clients.
A Veeam installation on the hyper-v is more a problem than installing it on a dedicated vm on the same host.
Again the question at all, what makes more sense, if no addition license for Server 2022 is possible and no additional VM is possible:
- Installing Veeam B&R inside of VM Domain Controller (would be my way)
- Installing Veeam B&R on Hyper-Visor (has been the actual way)
- Installing only an agent inside of all VMs (lightweight but poor to monitor, only e-mails possible, task and resources are difficult)
- Installing Veeam B&R inside any VM (poorest solution)
-
- Enthusiast
- Posts: 71
- Liked: 14 times
- Joined: Jul 06, 2018 3:44 am
- Full Name: Moopere
- Contact:
Re: SMB - Best practice B&R V12 / Hyper-V / 2 VMs without license violation MS
Fair enough I won't argue with a clarification you are happy with.
The only thing I'll add is that I usually have to argue EULA clauses when I'm being audited by Microsofts license compliance agents. My point in mentioning this is that compliance people, or sales people more generally, have a vested interest in selling licenses to you ... or trying to scare you into buying something you may not need to remain in compliance with license terms.
Ultimately though, of course, buy as many licenses as you need to keep your legal people happy.
-
- Service Provider
- Posts: 19
- Liked: 4 times
- Joined: Sep 24, 2020 9:09 am
- Full Name: Martin Old
- Contact:
Re: SMB - Best practice B&R V12 / Hyper-V / 2 VMs without license violation MS
If you're a service provider, deploy your own Veeam Service Provider Console and have them report into that, that's what we do.
Highly, highly recommend not installing Veeam B&R on an HV host or a DC, that's for certain!
Who is online
Users browsing this forum: Baidu [Spider] and 7 guests