Architecture Changes and best practice

[theviking84]

We have the following infrastructure.

Local vsan vcenter 6.7 environment
Vmware Cloud on AWS environment
One off esxi hosts at remote sites over fiber.

Everything is VMs running on all this vmware.

Current Veeam setup is the following.

1. All in one veeam physical server with local disks for storage. Remote sites are backed up via proxy at those sites and sent to this physical server repo.
2. Even the VMC cloud environment is just pointed at vCenter from the on prem veeam server and backed up via nbd using the on prem all in one box as the proxy. performance isn't great.
3. Tape is leveraged but it looks like they are using "file to tape" instead of "backup to tape". The actual vbk/vib files are sent to tapes. It seems weird like you wouldn't even know what is on what tape where as I think the "backup to tape" provides better features?
4. Only NTFS is used and so the merges/synthetic fulls take forever.

Bottom line, I need to improve all of this. So below is my initial plan... Please give me some feedback on this and any ideas on if this would be OK.

New plan

new veeam server becomes a VM, and it runs in VMC rather than on prem. (that part sound ok? it won't need much power, it will just be the brain of all operations)

1.ON PREM STUFF-- To back up the on prem vms, purchase new physical dell server with plenty of internal storage. This will be a PROXY AND REPOSITORY to veeam. Use REFS this time. On prem and remote site vms are all backed up to this repo. This repo is extended via SOBR to an object storage like wasabi/backblaze b2 and all backups copied out there. Use object lock api if using backblaze b2. Now on prem is backed up in two spots.

2. VMC cloud stuff--- To back up the vmc cloud vms, we already have the actual veeam server existing in vmc as a vm. So it also acts as proxy and probably uses HOTADD to back up these vmc vms. Then it will send this either to on prem to the aforementioned server (but on a different folder/repo), OR to a EC2 windows vm with plenty of space and refs drive. Once again this becomes the performance tier of a second SOBR. This is extended to Amazon S3 (to prevent huge costs of egress from aws I guess?) Now we have cloud vms backed up twice in diff places. I read performance can be good going to ec2 and it all stays in amazon. Maybe utilize a different availability zone or whatever its called, so that both items are not in the same failure place.

So overall, new veeam "server' is a vm in vmc.. new physical server on prem as a proxy/repo. cloud vm ec2 as a repo for the vmc cloud stuff. 2 sobrs extending each of these setups to object storage...

Does this all sound OK? I worry if there is any big reason the veeam server can not be a vm in VMC like connectivity goes down shortly if it stops everything, or it will just resume when it can and that's fine... Please let me know what you think and if there is a better idea for this. It's a fresh chance to start up things the right way for a company.

[HannesK]

Hello,
yes, you can put the new backup server in VMC. There is no real difference where it runs

1. sounds good. Except that I do not know the network speed between VMC an on-prem. The recommended way is to have backups on-site (which you plan in 2 as far as I see) and do a backup copy job to central location. But yes, if you have enough bandwidth, why not.

2. I recommend reading https://www.veeam.com/kb2414 If you configure it correctly, then there are no costs between VMC and EC2 / S3. You could also think about a Linux VM with XFS instead of REFS

No matter where you place the backup server... if the connection between the locations goes down, then the jobs will retry or fail.

All in all: sounds good

Best regards,
Hannes

[theviking84]

Thank you Hannes! So a couple more quick questions.

1. Is there any reason to prefer linux vm with xfs vs refs? The only big one I can think of is in V11 we can make the data immutable on a linux repo? I assume nothing like that will be possible for a windows refs repo?
2. So for the VMC vms, my plan is ec2 vm repo, and then that is extended to s3 with sobr. So there is no "on prem" copy of that data. But its in 2 places. That should be fine? That way it is all cloud to cloud to cloud for any backup/restore for specifically the vmc vms.
3. I read that there is a limitation on linux/other os file restores in the above step 2 configuration.. We do have some linux vms along with our windows. So I would not be able to perform file restores back to linux vms in VMC then? It says the workaround is to have another backup copy that is somewhere else. If I don't want to use a backup copy to on prem due to egress charges, do I have any other option here? Like can the veeam server know to use a proxy vm taht is on prem to do the flr/nfs and then the restore can still go to the vmc linux vm in the end? (what i am referencing here in question 3 is under the "solutions" area of your linked KB in your reply... under "other os file recovery"

[HannesK]

1. yes that one and maybe licensing costs for Windows
2. sounds good
3. that one will be solved in V11. There you can define a Linux machine that handles the Linux file level recovery.

[theviking84]

Awesome, thank you for the answers Hannes!