How to leverage Veeam-Agent to protect physical servers from update failures

In a virtualized world, physical servers have become quite rare. However, some systems like hypervisors or storage-virtualizers need to be physical for obvious reasons.
If you have to upgrade or patch these systems, you’ll keep your fingers crossed and hope they will come up fully functional after the upgrade. You may wish to have a convenient backup or snapshot, like you’re used to in the virtualized world.

Veeam Agent

Actually there is already a solution for the Problem: Veeam Agent for Windows (aka „The Agent formerly known as Veeam-Endpoint“, or TAFKAV).  😉

This software does a very good job since it was released in April 2015. I’ve installed it on countless customers workstations so far. It protects my homelab, my notebook and also some difficult to replace installations on customer sites. The ability to use an existing Veeam-Backup repository makes it even more useful in an enterprise environment.

Veeam Agent 2.0 comes in three flavours: The free version, the Workstation version and the Server version. Workstation offers a similar set of features as the free version, but offers 24/7 support and centralized management. The server version offers application consistent backups including log-truncation.

Securing a DataCore Host with Veeam Agent

A DataCore cluster is a perfect example to show how Veeam-Agent makes updating much more convenient and secure.
DataCore storage-virtualizer runs on Windows Server hosts which are usually kept isolated from the rest of the network. I.E. no domain membership, different VLAN etc. Therefore we usually left the systems alone and installed only DataCore updates, but no Windows Updates. Recent threats like WannaCry have shown that it is important to also install Microsoft updates on a regular basis. For our use case we don’t even use scheduled backups. You can restore a Datacore host that is a couple of months old – as long as you have saved the configuration (= standard procedure before updates).

Procedure

In the following paragraphs I will name the two DataCore hosts SDS1 and SDS2.

Stop DataCore host SDS1

To make sure that the installation of the agent won’t interfere with your production storage, you should stop the DataCore host in the console.

Setup Veeam Agent

Once your DataCore host ist gracefully stopped, you may start installing Veeam-Agent for Windows 2.0. The installer will also install required additional Windows components. The installer will ask you if you wish to add a license. If you have a valid license for a server agent you may use it, but it also works in the free edition. Reboot server if required by installer.

Create Veeam-Agent boot media for SDS1

A backup is useless if you don’t have a tool to recover it. Therefore the agent asks you to create a customized boot image (USB or ISO) for your protected server. Do it now – or you’ll forget it! 😉

Create backup job

After you’ve created your boot media it is time to configure a backup job. In the described scenario we don’t need anything but the host’s system volume. Just select Volume-Based-Backup and check your system disk (usually c:).

There is no need to define a schedule. We only need this right before and right after update procedures. It is also important to keep your Datacore host in a consistent state while backing up. That’s because we’ve stopped the server before.

I like to have Agent-backups in my Veeam-Repository, but you can configure any other target as well.

Trigger job

Now it’s time to start the backup job.

Start DataCore Server SDS1

After the job has completed sucessfully you can start Datacore server SDS1 again. Wait for all vDisks to be in sync and full redundancy of you initiator paths.

Repeat setup procedure on host number two (SDS2)

  • Setup Veeam Agent (reboot if required)
  • Create Veeam-Agent boot media for SDS2
  • Create backup job
  • Trigger job
  • Start SDS2, wait for vDisk sync

Patching procedure

Now that we have Veeam-Agent-backups of both our DataCore hosts, we can start to apply patches, system-updates or whatever. Follow the recommended procedure of your software vendor.

If something goes terribly wrong and you should end up with a BSOD or else, you’ll be able to restore the physical system.

 

 

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert.

I have neurons: * Time limit is exhausted. Please reload CAPTCHA.