Monitoring and reporting for Veeam Backup & Replication, VMware vSphere and Microsoft Hyper-V in a single System Center Operations Manager Console
Post Reply
D@ni
Novice
Posts: 6
Liked: 1 time
Joined: Aug 22, 2019 7:12 am
Full Name: Daniel
Contact:

Future of Veeam MP

Post by D@ni »

Hi guys,

the last update of the Veeam MP (8.0 U6) was released more than one year ago (Aug. 30, 2018 to be exactly). We are wondering how the future of this product looks like?
There have been no improvements at all in more than one year. Even if MP8.0U6 is supported with the latest vSphere and SCOM version, we expect some new features, better speed and more security with this product.

Are there any news someone can share?
Are there other customers with more or less the same thoughts?

Many thanks in advance!

Cheers,
Daniel

Alec King
VP, Product Management
Posts: 1071
Liked: 239 times
Joined: Jan 01, 2006 1:01 am
Contact:

Re: Future of Veeam MP

Post by Alec King » 2 people like this post

We are currently building v9.0 of the Veeam MP for System Center. Planning to ship it later this year. Closer to the release we will confirm all the new fixes and features.
Hope that helps! :)

wishr
Veeam Software
Posts: 1818
Liked: 206 times
Joined: Aug 07, 2018 3:11 pm
Full Name: Fedor Maslov
Contact:

Re: Future of Veeam MP

Post by wishr » 2 people like this post

Hi Daniel,

We would really appreciate it if you could share a bit more info on what features including those related to security you'd like to see in the next MP versions.

Thanks in advance!

D@ni
Novice
Posts: 6
Liked: 1 time
Joined: Aug 22, 2019 7:12 am
Full Name: Daniel
Contact:

Re: Future of Veeam MP

Post by D@ni » 1 person likes this post

Hi guys,

Thank you very much for your quick answers! Following some points we discussed internally we would love to see in a future Veeam MP release:

- Security
o Collector Server now only work with NTLM as authentication protocol. Would be great to have Kerberos Support as we have disabled NTLM on all our Servers by default
o Collector UI (Web interface) works on custom Port 4430 instead of 80 or 443 (our security policies only allow "standard" ports for web applications by default)
o Collector UI (Web interface) works only with http instead of https (with custom certificate signed by our internal CA)

- Monitoring
o Basic Monitoring for other VMware Products like NSX Manager, vRNI, vRLI (would be enough to have just basic checks like http/s availability)
o The monitor “Datastore Unknown Files Analysis” should show the unknown files in the Alert Description. At the moment we have to search ourselves for the files or use other tools for that (like RVTools)
o Possibility of using multiple accounts for the Monitor “Run As Account for vCenter Failover functionality failed validation for one or more hosts” as we have one SCOM instance for three completely different vSphere environments
o More accuracy or Filter possibilities on the “Morning Coffee Dashboard” – now it shows all the different infrastructures as one infrastructure. However, we have much less load on our test environment than on the productive environment. So the numbers shown on the Dashboard are not really accurate/specific

- Performance
o Bit more speed for showing dashboards like “Morning Coffee”, “All Datastores” or “Cluster Capacity Forecast”

- Reporting
o A Report showing the load specific VMs (for example based by a vSphere Tag or a Folder within vCenter) generates in total -> This would help us showing our customers how much load their VM generates in total (for cost and support purposes)

I hope this helps a bit. I am looking forward to your feedback and the upcoming Veeam MP Version! :-)

Have a nice weekend,
Daniel

wishr
Veeam Software
Posts: 1818
Liked: 206 times
Joined: Aug 07, 2018 3:11 pm
Full Name: Fedor Maslov
Contact:

Re: Future of Veeam MP

Post by wishr »

Hi Daniel,

Thanks a lot for sharing these. Great list. We've noted all of them and will discuss what can be done in the future.

I would like to specifically comment a few points/ask a few questions.
Collector Server now only work with NTLM as authentication protocol. Would be great to have Kerberos Support as we have disabled NTLM on all our Servers by default
- Could you please share the approach you have used to disable NTLM within your environment? Guides, configuration details, all the possible detailed information are welcome.
Collector UI (Web interface) works on custom Port 4430 instead of 80 or 443 (our security policies only allow "standard" ports for web applications by default)
- While this has not been tested by our QC team, currently, it should be possible to configure the ports on the Internet Information Services (IIS) end.
Collector UI (Web interface) works only with http instead of https (with custom certificate signed by our internal CA)
- While this has not been tested by our QC team, currently, it should be possible to upload a custom SSL certificate and then configure HTTPS and desired ports on the IIS end.
More accuracy or Filter possibilities on the “Morning Coffee Dashboard” – now it shows all the different infrastructures as one infrastructure. However, we have much less load on our test environment than on the productive environment. So the numbers shown on the Dashboard are not really accurate/specific.
- Have you tried to create a custom Morning Coffee Dashboard scoped down to each environment using our Infrastructure Summary widget and SCOM groups?
The monitor “Datastore Unknown Files Analysis” should show the unknown files in the Alert Description. At the moment we have to search ourselves for the files or use other tools for that (like RVTools)
- Have you tried using Scan Datastore for Unknown Files Task? If so, why it is not convenient for you?
Bit more speed for showing dashboards like “Morning Coffee”, “All Datastores” or “Cluster Capacity Forecast”
- Could you please clarify these a bit. If you had support requests opened regarding these difficulties, please let us know the corresponding case IDs so we could take a look at the details.

Thanks!

D@ni
Novice
Posts: 6
Liked: 1 time
Joined: Aug 22, 2019 7:12 am
Full Name: Daniel
Contact:

Re: Future of Veeam MP

Post by D@ni »

Hi there,

Thank you very much for your answer and please excuse my late reply. I will try to respond accordingly.
Could you please share the approach you have used to disable NTLM within your environment? Guides, configuration details, all the possible detailed information are welcome
Here is a Link to MS Docs which says following:
NTLM and NTLMv2 authentication is vulnerable to a variety of malicious attacks, including SMB replay, man-in-the-middle attacks, and brute force attacks.
This is one of the reason why we decided to disable NTLM(v2) by default. If possible, all our application in our company should use Kerberos as authentication protocol. Internal Security allows to use NTLM(v2) if Kerberos is not possible, but we have to report frequently some statements of the application company (in this case Veeam) why Kerberos is not supported and when it will be available.
While this has not been tested by our QC team, currently, it should be possible to configure the ports on the Internet Information Services (IIS) end.
While this has not been tested by our QC team, currently, it should be possible to upload a custom SSL certificate and then configure HTTPS and desired ports on the IIS end.
We are aware that the Veeam Collector UI runs on a "simple" IIS website and that we have the possibility to change those settings you mentioned. However, we do not know if this is supported and if Support would still assist in case of fault/crash. And as far as I have seen there is no documentation/KB article from Veeam regarding such settings. Am I right?
Have you tried to create a custom Morning Coffee Dashboard scoped down to each environment using our Infrastructure Summary widget and SCOM groups?
No, I did not. I was not aware that something like this is possible (to create easy). Is there any documentation you can reference to it? This would be great!
Have you tried using Scan Datastore for Unknown Files Task? If so, why it is not convenient for you?
Yes, we already tried this way. However, the Task reports not exactly the same result as its states on the "Alert Description". As our First Level manages the alerts, it would be great if the "Unknown Files" would directly appear in the Description. With this, the First Level could resolve the alert themselves. By now they open a ticket to us (Second Level). And as mentioned, we than have to use other Tools (like RVTools) to see which files exactly the alerts correspond to.
Could you please clarify these a bit. If you had support requests opened regarding these difficulties, please let us know the corresponding case IDs so we could take a look at the details.
I did not find any archived cases regarding "speed" of dashboards.
Situation is that I tell our First Level guys to keep an eye on the "Morning Coffee" Dashboard. They than reply that they need a few coffee to drink before the Dashboard appears :wink: But yes, maybe we can shrink such dashboards to specific environments, this would maybe help already to speed things up (see above).
At the moment it takes around 220 Seconds before the Morning Coffee Dashboard shows any data.

I am looking forward to hear from you!

Daniel

wishr
Veeam Software
Posts: 1818
Liked: 206 times
Joined: Aug 07, 2018 3:11 pm
Full Name: Fedor Maslov
Contact:

Re: Future of Veeam MP

Post by wishr »

Hi Daniel,

Thank you for your reply. I apologize for delayed response. Please find my comments below.

1. NTLM and Kerberos
Am I right assuming that you have disabled NTLM globally on the DC level? We definitely consider Kerberos support for the next versions (no ETA yet), I just wanted to get more details on how the implementation is done in your particular case so we could perform some tests in an environment with a configuration similar to yours.

2. Custom ports and HTTPS support for VES UI
Correct, this has not been verified by our QC team yet and thus, not supported officially yet, but I've tried changing the ports myself and it worked (did not have a chance to give HTTPS a try, though). There is a variety of guides on how this can be done on the internet. Here are a few examples: 1, 2. You may give it a try in a test environment and then, in case of no issues roll out to production. We are planning to verify and support such configurations in the future - I will update this thread once we will have news to share with the community in this regard.

3. Custom "scoped" Morning Coffee Dashboard
You should first split your environments into groups, based on your needs, then create a new dashboard with our widget. Please refer to this UG section for more info.

4. Unknown Files tracking
The difference between the task and the monitor is the following. The monitor pulls the data using WMware API, but unfortunately, the API does not provide a functionality to show what are exactly the "garbage" files and where are they located. That's why we have our own script with a unique and wise logic to track down garbage files. The aforementioned task launches the script. The reason why we have not implemented the script into the monitor is simple: the script is quite "heavy" and can generate a lot of unnecessary load on Operations Manager if we run it frequently, let's say every few minutes, especially if you have a lot of unknown files. This is why we have separated the task and the monitor, so the common use-case scenario is to use the monitor for operational alerting while the task supplements it as an on-demand tool.

5. Morning Coffee Dashboard performance
Do you mean that 220 seconds is the amount of time required to reflect the environmental changes or just to load up the dashboard itself? We need a bit more details to be able to say whether this behavior is normal or not, but I would suggest you give "scoped" Morning Coffee widgets a try first. Please let us know if the performance becomes better after this and we will decide what should be the next steps.

I hope it helps. Please let me know if you have any questions or additional comments.

Regards,
Fedor

Post Reply

Who is online

Users browsing this forum: No registered users and 1 guest