After initially deploying the VEEAM for AHV Appliance there are some more steps to accomplish. I will list them in a chronological order and then go into more detail of each step.
Configuration steps on the VEEAM backup server:
• Define user credentials to access the VEEAM Backup and Replication Server
• Grant access permissions on the VEEAM Backup Repositories
Configuration steps on the NUTANIX Cluster:
• Define user credentials to access the NUTANIX Cluster API
• Configure Protection Domains for Backup
Configuration steps Appliance:
• Add NUTANIX AHV cluster to the appliance
• Add VEEAM Backup and Replication Server to appliance
• Configure Appliance settings (network, NTP, security a.o.)
• Configure backup jobs
Pre-configuration steps on the VEEAM backup server
Define user credentials to access the VEEAM Backup and Replication Server
Connect to the VEEAM Backup and Replication management server via RDP or directly via an external console installation.
Log-in with required credentials. You should have Admin rights on the VEEAM Console
Select „Users and roles“ in the General Menu of the console (top left corner)
Type in the username (AD or local user)
Select Role „VEEAM Backup Administrator“
Then klick „OK“ 2 times.
Now the user is available to use for accessing the VEEAM Server from the AHV Appliance.
Grant access permissions on the VEEAM Backup Repositories
You need to grant access permissions to the VEEAM Repository which you will use to save the backup data from the AHV Cluster on.
To grant access permissions, do the following:
1. In Veeam Backup & Replication, open the Backup Infrastructure view.
2. In the inventory pane, click the Backup Repositories node or the Scale-out Repositories node.
3. In the working area, select the necessary backup repository, click Set Access Permissions on the ribbon or right-click the backup repository and select Access permissions.
4. In the Access Permissions window, specify to whom you want to grant access permissions on this backup repository:
○ Allow to everyone — Setting access permissions to Everyone is equal to granting access rights to the Everyone Microsoft Windows group (Anonymous users are excluded).
For security reasons, the option is not recommended for production environments.
○ Allow to the following accounts or groups only — select this option if you want only specific users to be able to store backups on this repository.Click Add to add the necessary users and groups to the list.-> This should be your favorite option 🙂
Pre-configuration on the NUTANIX Cluster
Define user credentials to access the NUTANIX Cluster via the REST API
Log-in to PRISM Web UI with a user that has „USer-Admin“ Role.
Select the grey Gear icon in the top right corner of the UI
Then select „Users and Roles“ on the left hand site
Now it depends which user you want to add. A local NUTANIX Cluster User or a Domain Account which needs to be mapped to a cluster role.
Tipp: Use a domain service user which can be mapped to the „Cluster Admin“ Role.
Select „Role mapping“
Select „+New Mapping“
Select Type „user“ or „Group“ if the user you want to map is in a admin-group or similar.
Select Role „Cluster Admin“.
->> The „viewer“ Role is not enough because VEEAM needs higher user rights when doing restores.
Type in the user or group name in the „Values“ field
Then klick „Save“
The user-mapping is now created and you can log-in with its credentials. Maybe you want to try to log.in after doing the role mapping.;)
Configure Protection Domains on the AHV Cluster
In PRISM navigate to „Data Protection“
Click „+ Protection Domain“ in the upper right corner of the screen:
And select „Async DR“. Now the „Create Proptection Domain“ Wizard opens.
Define a Name for the new PD. Then click the blue Create Button.
The „entity“ Windows opens
Now select the VM (or VM’s) which need to be protected in this PD.
Do not specify a consistency Group. As this PD will not be triggered by NUTANIX Snapshot schedules. CG will only assure parallel snapshot processing if they are triggered from inside the NUTANIX Cluster.
de-select „Auto protect related entities“
After all selections have been made, click on the blue „Next“ Button.
Now the scheduler windows opens.
Tipp: Do not specify a scheduler option here because the VEEAM Appliance scheduler will trigger the PD snapshots. If you define a scheduler the Nutanix cluster will do its own snapshot schedule outside your backup window.
The PD will be created. It is now visible in PRISM under the Data protection overview. Select the „Table view“ to have a more detailed view.
Configuration of the VEEAM 4 AHV Appliance
Add NUTANIX Cluster to AHV appliance.
To add a Nutanix cluster to the Veeam Availability for Nutanix AHV infrastructure, do the following.
1. Log in to the proxy appliance web UI.
2. In the main menu, click the gear icon and select Manage Nutanix Clusters.
3. Click the Add button on the toolbar.
4. Specify the Nutanix AHV cluster settings:
1. In the Cluster name or IP field, specify the IP address or FQDN of the Nutanix AHV server.
2. In the Port field, specify a port which will be used by the proxy appliance to communicate with Nutanix AHV (default port: 9440).
3. [Optional] In the Description field, specify a description of the Nutanix cluster for further reference.
4. In the User Name and Password fileds, specify credentials to connect to the Nutanix AHV cluster.The account which you want to use to connect to the Nutanix cluster must have the Cluster Admin role permissions.
–> This is the user, which we created earlier in this blog.
5. Click Save.
Add VEEAM Backup and Replication Server to appliance
To add Veeam backup server to the proxy appliance infrastructure, do the following:
1. At the top right corner of the main menu, click the gear icon and select Manage Veeam Servers.
2. Click Add.
3. In the Add Veeam Server window, specify connection settings for the backup server:
1. In the DNS Name or IP field, specify the FQDN or IP address of the backup server.
2. In the Port field, specify a port which will be used by the backup server to communicate with the proxy appliance. Default port: 10006.
3. [Optional] In the Description field, specify a description for the backup server.
4. In the User Name and Password fields, specify credentials to connect to the backup server.
->> The user needs administrator rights on the backup server. This user has been specified earlier in this blog.
5. Click Add.
The server shows up in the „Managed VEEAM B&R server “ view
Backup files are stored in the backup repository, in the folder with the same name as the username used in backup server settings.
If you change the username for the backup server, on the next run of a backup job a new backup chain will be created. Old backup chain will remain in the folder created for the previous user.
If you want to continue the old backup chain, do the following:
1. In the backup repository server, transfer old backup files to the folder with new backup files.
2. In the Veeam Backup & Replication console, rescan the backup repository. For more information, see Rescanning Backup Repositories.
Configure Appliance settings (network, NTP, security a.o.)
Time Zone Settings
At the Time zone tab of the Appliance Settings section, you can edit time zone settings.
1. At the top-right corner of main menu, click the gear icon and select Appliance Settings.
2. At the Time zone tab, click Settings.
3. In the Select the time zone list, choose the time zone of your region.
4. Specify the synchronization mode:
○ NTP: Time of the proxy appliance will be synchronized with the specified NTP servers.
->> best practice is to use the same NTP servers than you use for your NUTANIX Cluster
○ Host: Time of the proxy appliance will be synchronized with the time on guest OS of the host where the proxy appliance is installed.
5. [For NTP mode] Specify required NTP servers in the NTP Servers text field.
6. Click Save.
If you change the time zone, Veeam Availability for Nutanix AHV does not recalculate the starting time of scheduled jobs.
Configure Backup Jobs
After all required settings are finished you can configure your first backup job. The backup jobs can backup VMs based on different approaches:
– Single or multiple VMs
– NUTANIX Protection Domain
Pro Tipp: Use NUTANIX Protection Domains. This integrates best with NUTANIX backup features. And reduces the risk of „orphaned“ 3rd party snapshots“.
Click on Backup jobs in the top menu
Now click „Add“
The Job Wizard opens
Type in the Name and maybe a description at your convenience
Now you must assign VMs and/or PD’s to backup.
Click “ + Add“
Now you are presented with the Protection Domains AND VMs on the NUTANIX Cluster
Set a checkmark onb „Dyanamic“ Mode. So only the PD’s show up
Select your PD or PD’s which you created earlier. In my case it is the „VEEAM-Demo“ PD
The click „Add“
The PD is now added to the backup job. This assures that all VMs, which belong to this PD, will be backup up during the next job run.
Now select the backup target (repository) to which you will save the backup files
Now configure the scheduler and the retention points
Review the summary and click „Finish“
Now your backup job is ready for use. And will start on the next scheduled time.
The „sometime bad-thing“: orphaned 3rd party snapshots:
In some cases the backup process does not clean up the NUTANIX snapshots after the backup process finishes.
Those snapshots cannot be managed through the NUTANIX PRISM Console Or the VEEAM Backup appliance.
So best practice is to call NUTANIX Support to clean up those snapshots.
Other useful information can be found here:
http://vknowledge.net/2018/12/28/nutanix-ahv-how-to-get-rid-of-orphaned-3rd-party-backup-snapshots/ (BLOG hosted by my colleque Mario)
You can identify if orphaned or aged 3rd party snapshots are present if PRISM raises a warning message like this:
Those snapshots do not appear under „local snapshots“ in PRISM UI:
Click on Data protection and then select „async DR“
You can now see all your defined Protection Domains. Click the PD and select „local snapshots“.
Orphaned snapshots DO NOT appear in this view!.
This ends Part II of this Blog series.
Thank you for reading.
The blog series continues on part III. Performance expectations and tuning for VEEAM for AHV
Availability for NUTANIX AHV FAQ