SureBackup : Granular Item Recovery

[m.novelli]

Granular item recovery in Veeam Sure Backup is a potential application killer for many Symantec, CA and TSM backup products... but I can't figure the process to recover a single item/mailbox from an Exchange Server (or from a SQL Server).

Should I power on the VM in a test virtual network and use a virtual client connected to that test network? So I need also a DC in that test virtual network?

I'm sure Veeam people invented something more sophisticated but I cant figure it out!

Marco

[Gostev]

Marco, at first I can recommend 2nd page of this thread, very good discussion there, and my replies will answer a lot of questions. You want to read this page in all cases.

But anyhow, it is good idea to spin this off into separate thread anyway, as the technology behind SureBackup provides a number of features and use cases, so it would be simply too much for a single thread.

Answering your question, yes you will need AD DC (even Global Catalog, to be precise) on the test network. We actually provide capability to create so called "Application Groups" will all dependencies, which you only need to setup once and stuff each group with backed up VMs on which the corresponding service is dependant. In case of Exchange, you will need at a minimum DNS, AD GC and actual Exchange server itself. Of course, Application Groups also give ability to define actual boot order and boot delays.

So basically when you need to recover a single item for some application (this will work for any application at all, not just some), you simply start up the Application Group to specific date (before the item was deleted), and then you will have a number of options:

1. Admin-driven restore. This will work for ANY application at all. You just connect to the application with its native management tool, and retrieve the data you need. Just to get the idea - in case of SQL Server, it is SQL Management Studio. In case of Exchange, you can use tools like ExMerge.

2. Self-user restore. This one is really powerful and works with any application with web front end, like Exchange or SharePoint (for instance). I have described this method in the above-referenced topic in this post.

3. Enhanced. Using special application-specific wizards in Veeam Backup (variation of option 1 for most common applications like AD or Exchange, but with simple point-and-click interface). Note that this will not work the way you would probably expect from other solutions available today, it will be much better. We have determined some significant issues, complexities and limitations of all current approaches, and we are addressing those. This part is the only thing I cannot provide further details on right now (for competitive reasons, this is our secret sauce).

[donikatz]

#2 above is a cool option and sounds like it may even be able to replace archival products for those with limited needs (i.e. no compliance requirements). Very interested to see how that turns out. My goal is to have backup admins not spend too much thought or more than a few clicks to restore objects. If the users can do it themselves -- even better (as long as there are granular permissions tied to directory services).

[Gostev]

Correct. Because we are talking about complete replica of your production (just from some point in past), all security is still in place. As a user, you still have to logon to OWA before you get access to your own mailbox.

[donikatz]

Are you just talking about presenting access to the OWA backup instance to the user? Not what I was thinking at all. I thought you'd meant there'd be a Veeam web layer presented to the users, where they could select restore of individual items to the production instance. If we're just talking about giving users access to backup OWA versions, how would they get objects restored in their entirety to production? Sounds like they couldn't, all they could do is read the info or copy/paste, which wouldn't be sufficient in most cases. We certainly couldn't give them ExMerge access. How would you project the workflow? Thanks

[Gostev]

Yes, I am talking just about presenting access to the OWA backup instance to the users. Of course, it is just the first step and in future versions we will be enhancing this with Veeam web-layer you are talking about, that would have searchable email index with Google like UI, and ability to restore emails back to the production server with a click of a button. But you should realize that even the OWA approach provides the most important thing: it gives users ability to recover 100% of information from the lost email item. And is not this the only key requirement of any recovery?

[donikatz]

Right, but they wouldn't have any way of getting objects back into their regular Inbox without copying/pasting into a new message, which wouldn't be good enough for most important messages in my experience (header info is gone). So in most cases, I would expect users still to come to IT for retrieval. Actually, in most Exch environments there is a pre-defined deleted items retention period (ours is 30 days), do really it is for backups older than that where admin intervention is required, and I don't see presenting users with Veeam backups older than that. However, I do see direct end-user backup instance access being very useful for some of our our dev web environments.

Anyhow, an intriguing part will be #3 Enhanced restores -- that might be where the real Exchange restore ease comes in. Looking forward.

[m.novelli]

Yes, I am talking just about presenting access to the OWA backup instance to the users. Of course, it is just the first step and in future versions we will be enhancing this with Veeam web-layer you are talking about, that would have searchable email index with Google like UI, and ability to restore emails back to the production server with a click of a button. But you should realize that even the OWA approach provides the most important thing: it gives users ability to recover 100% of information from the lost email item. And is not this the only key requirement of any recovery?

How can end users access this "recovery" network? It can't be connected to "production" network. Users should be skilled enough to connect with VI Client to a client VM in that "restore" network? That's not expected from a dumb user...

Marco

[Gostev]

Doni, that's right, the concept of option #3 is the closest to what you would expect for "traditional" item-level restores. Just better.

Marco - we take care of cross-network routing. The only thing users will need to use is their browser, and different HTTP address. Everything else remains the same, just like with every day OWA usage. No changes on client side either.

[mdornfeld]

Very cool on many fronts! I forwarded your video to my boss, so now you know in Day 1 of Q3 he'll be knocking on my door (ok, cube wall) asking for all these features to be working perfectly

On the topic of self-service restores...

1. I assume you've worked something out for generic windows file servers, or does it it only work for web fronted apps?
2. Will users only be able to see files that they should have access to?
3. Will it include an index to enable the user to see all of the various versions of the file they want to restore?

Thank you!
Matt

[Gostev]

Hello Matt, glad you you are liking this.

1. Option #2 for Granular Item Recovery is designed for web frontend apps only.

2. See 3.

3. Our first step toward self-service FLR from generic Windows file servers is adding guest file system indexing (by the way, remember you have requested this about 1 year ago in "Wishlist thread")?

Indexing is not a part of SureBackup umbrella, so today's announcement does not talk about it. But we will provide the ability to index Windows file servers in v5, as well as Google-like search UI in the Enterprise Manager to look for individual files.

With v5, this functionality will be not be user facing, but instead intended for administrator to use to quickly find files he needs to restore. But in the following releases, we plan to add "Restore to original location" feature in the same UI to enable unattended self-user restores. Of course, both the Search results displayed and the "Restore to original location" functionality would account for actual permissions on the file. In fact, for Search results this is already the case with v5.