Veeam Backup & Replication example

In this example we have VMware vSphere and Hyper-V in Veeam Backup & Replication.
vSphere And HyperV

In vCenter we can see two data center and the VMs running.

In Microsoft Hyper-V we have one Hyper-V server and VMs running.

Unfortunately we have deleted a VM. Ooops. But we can recover using Veeam Backup & Replication to recover the VM

VeeamVMrecover

Another VM recovered thanks to Veeam.

 

Veeam Explorer for Microsoft® Active Directory®

“Easy, fast, granular recovery of individual AD objects and entire containers.
And it’s absolutely FREE!” Veeam

Veeam Explorer is a part of Veeam Backup™ Free Edition

 

Veeam Explorer

“With Veeam Explorer™, you can look directly into your backups to zero in on the

exact items you need to recover and restore from:

NEW! Microsoft Active Directory: Restore individual Active Directory (AD)

objects quickly and export AD objects directly from an image-level backup for

use with the LDIFDE utility

ENHANCED! Microsoft Exchange: Get instant visibility into Exchange 2010 and

2013 backups, advanced search capabilities and quick recovery of individual

Exchange items (emails, contacts, notes, etc.), Online Archive mailboxes and

hard-deleted items

• Microsoft SharePoint: Browse SharePoint 2010 and 2013 backups and

databases, search for specific SharePoint files and quickly recover them

NEW! Microsoft SQL Server: Save time and restore SQL databases without

having to search for individual database files

ENHANCED! Storage Snapshots*: Recover single files or entire VMs from HP and

NetApp snapshots in 2 minutes or less—without staging or intermediate steps”

veeam_backup_8_free_edition_datasheet_en.pdf

 

 

Amazon Web Services (AWS) – PoC

  • Created an account – http://aws.amazon.com/
  • Setup a Windows 10 client
  • Installed using the download 3.4.3 x86 msi and ticked install paths.
    Tried x64 installed and had a few errors trying 3.5 version
  • The EB  Command Line Interface (CLI), used the following the guide
  • Followed the Amazon Install procedure below:

The Python Software Foundation provides installers for Windows that include pip.

To install Python 3.4, pip, and the EB CLI on Windows

  1. Install Python 3.4 from the downloads page of Python.org.
  2. Add the Python home and scripts directories to the Windows Path system variable:
    C:\WINDOWS\system32;C:\WINDOWS;C:\Python34;C:\Python34\Scripts
  3. Open the Windows Command Processor from the Start menu.
  4. Verify that Python and pip are both installed correctly with the following commands:
    C:\Windows\System32> python --version
    Python 3.4.3
    C:\Windows\System32> pip --version
    pip 6.0.8 from C:\Python34\lib\site-packages (python 3.4)
  5. Install the EB CLI using pip:
    C:\Windows\System32> pip install awsebcli
    Collecting awsebcli
      Downloading awsebcli-3.2.2.tar.gz (828kB)
    Collecting pyyaml>=3.11 (from awsebcli)
      Downloading PyYAML-3.11.tar.gz (248kB)
    Collecting cement==2.4 (from awsebcli)
      Downloading cement-2.4.0.tar.gz (129kB)
    Collecting python-dateutil<3.0.0,>=2.1 (from awsebcli)
      Downloading python_dateutil-2.4.2-py2.py3-none-any.whl (188kB)
    Collecting jmespath>=0.6.1 (from awsebcli)
      Downloading jmespath-0.6.2.tar.gz
    Collecting six>=1.5 (from python-dateutil<3.0.0,>=2.1->awsebcli)
      Downloading six-1.9.0-py2.py3-none-any.whl
    Installing collected packages: six, jmespath, python-dateutil, cement, pyyaml, awsebcli
      Running setup.py install for jmespath
      Running setup.py install for cement
      Running setup.py install for pyyaml
        checking if libyaml is compilable
        Microsoft Visual C++ 10.0 is required (Unable to find vcvarsall.bat).
        skipping build_ext
      Running setup.py install for awsebcli
        Installing eb-script.py script to C:\Python34\Scripts
        Installing eb.exe script to C:\Python34\Scripts
        Installing eb.exe.manifest script to C:\Python34\Scripts
    Successfully installed awsebcli-3.2.2 cement-2.4.0 jmespath-0.6.2 python-dateutil-2.4.2 pyyaml-3.11 six-1.9.0
  6. Verify that the EB CLI is installed correctly:
    C:\Windows\System32> eb --version
    EB CLI 3.2.2 (Python 3.4.3)

Install Python, pip, and the EB CLI on Windows

AWSome Day event in Manchester

Notes based on Amazon AWS – AWSome Day event in Manchester
These are unverified notes taken at the event. Detail may be incorrect, but hopefully provide a rough guide to AWS.

Covers AWS foundational services

  • Gain a deeper understanding of AWS core and application services
  • Learn how to deploy and automate infrastructure on the AWS
  • CloudAmazon certification / accreditation ., platform accredited. Easier to accredit PCI DSS. Platform already done. You only need to accredit application
  • AWS has different levels and costs of storage.
  • Aws.amazon.com/blogs/aws
  • Control the permissions of users and what they can spin up.
  • S3 storage for the Internet. http or https, natively online, highly scalable, fast and reliable and fast    Use case , OS, backups, databases
  • EFS – multi attachment points – currently in preview mode
  • AWS STORAGE GATEWAY backups. Local machine , virtual machine which interacts with the cloud
  • Import and export supported USB devices or snowball a rack of storage.
  • Move to the cloud -> EC2 auto scaling and ELB
  • Cloud metrics will help size your EC2
  • Trusted advisor basic is free (Cost optimisation advice)
  • Auto scaling – schedule the scaling up and down.
  • Scaling is free, you only pay for additional EC2s
  • Cloud watch auto enabled when you spin up an EC2 for the hyper visor
  • Tag each EC2 instance ( who built it, what’s does it do )
  • Security Security groups, instance firewalls, VPC – Subnet control
  • Cloud trail- enabled per region. This will monitor and track all Api calls. Everything in AWS is an API call.
  • RDS – managed by AWS, backups & HA ( multi AZ required for no down time during patching)
  • ElastiCache – put in front of an RDS for better performance
  • Visual OPS third party app can create a formation template . Give it read  access to map.. Give it write to create
  • Cloud formation template and snapshot. Can restore and recover from an outage. Cloud formation gathers info on all VMs, networks & users and the template can recreate the full environment
  • Amazon redshift – petabyte scale DB service
  • Dynamo DB – no limits, Fast using SSD disks
  • AWS Database
  • Amazon route 53 is now a DNS registrar
  • Most common issue is Security permissions as everything is blocked by default.
  • user accounts – individual AWS credentials
  • SSL endpoint – secure transmission
  • Purchasing on demand, reserved or spot instances
  • Oracle
  • AWS marketplace
  • EC2 VMs are tied to the location you created it under. You will not see the VM in another location.
  • Start up- only pay when you start using
  • Compute
  • A way of posting data to AWS.
  •  Volumes can be resized, snapshot and create a new volume of another. You can also shrink if required and data / space allows.
  • EBS elastic storage, snapshots, single attachment. Can be detached & attached to another location
  • Glacier storage.. Storage of stuff you hope you never see again but you need to keep., like tax documents for seven years. Costs more to retrieve the data back. Encrypted.
  • Lamba websites, takes uploaded images, watermarks and optimises and uploads
  • AWS Simple money calculator
  • Create unique buckets for each of your projects
  • Learn identity & access management
  • Amazon RDS. Managing the patching, high availability. Reduces engineer time spent wasted patching. It’s done automatically. Same as spinning up services in other Zones for resilience
  • Register for aws for free and get Ec2 free tier for a year
  • Aws.amazon.com/new

PowerActions for vSphere Web Client

PowerActions 1.5.0 is now available for vSphere 6.0 Web Client

http://blogs.vmware.com/PowerCLI/2015/06/good-news-poweractions-now-available-vsphere-6-0-web-client.html

“PowerActions integrates the vSphere Web Client and PowerCLI to provide complex automation solutions from within the standard vSphere management client.

PowerActions is deployed as a plugin for the vSphere Web Client and will allow you to execute PowerCLI commands and scripts in a vSphere Web Client integrated Powershell console.”

Download PowerActions 1.5.0 here
https://labs.vmware.com/flings/poweractions-for-vsphere-web-client

 

How to Disable Windows Defender

1) Open Control Panel
2) Open up Windows Defender
3) Click Tools on the top menu
4) Click on Options
5) Find the Administrator section, uncheck the box for “Use this program”
6) Click the Save button.

Now open services.msc

7) Select Windows Defender
8) Right click and select properties
8) Stop the service
9) Change Startup type to Disabled.

VMware vCenter 5 – NFC Server error

Issue

NFC Error

In vSphere 5 we moved an ISO from a local drive to a datastore using the VMware Infrastructure Client. Upon instigating the upload it immediately failed.

Error message :  Failed to log into NFC server.

Possible DNS issue with servers for the host?

Solution:
We found missing DNS entries for the ESXi hosts. The servers specified were referencing DNS IP addresses that had no entries for the ESXi hosts being administered.

Exporting and Importing an OVF file

Exporting a VM or Template to OVF file

1) Select the virtual machine select File > Export > Export OVF Template.
2) Type the Name of the template for the OVF Template
3) Map a drive. Transfer the file

On another vCenter – Deploy an OVF template

1) Open the vSphere Desktop Client.
2) On the top-left, click File
3) Select Deploy OVF Template.
Follow on screen instructions

Create or Remove A Static Route in a Microsoft Windows OS

Route traffic via a specific NIC and IP in most Microsoft Windows operating systems.

Quick guide to create a static route in windows or remove a static route in a windows OS.

List static routes
Administrator command prompt
route print

Create a Static Route
Administrator command prompt
Add example :
route add -p 192.168.10.31 mask 255.255.255.255 192.168.1.1 if 2 metric 5

“if” is the network card number to route through.
metric is calculating the fastest, most reliable, and least expensive routes
-p Persistent
ipconfig /all (Shows the NIC for “if” number.)

Deleting a Static Route
Administrator command prompt
Delete example :
route delete 192.168.10.31

Remote Desktop Server – Customisation and Useful GPO settings

User cannot change an expired user account password in a remote desktop session that connects to a Windows Server 2008 R2-based RD Session Host server in a VDI environment

Hotfix Download Available

https://support.microsoft.com/en-us/kb/2648402

  1. 1. Open the following file: %systemDrive%/windows/web/rdweb/pages/web.config
  2. Set the following value to TRUE: <!– PasswordChangeEnabled: Provides password change page for users. Value must be “true” or “false” –> <add key=”PasswordChangeEnabled” value=”false” />

 

 

Disable IE security in a GPO using reg change

https://4sysops.com/archives/disable-internet-explorer-enhanced-security-configuration-ie-esc-with-group-policy/

 

 

Set Trust sites

http://deployhappiness.com/managing-internet-explorer-trusted-sites-with-group-policy/

 

 

Setup SSO & disable remote app prompt  

http://social.technet.microsoft.com/wiki/contents/articles/2381.how-to-remove-the-access-messages-and-enable-the-single-sign-on-for-remoteapps.aspx

 

 

Deploying RD Session Host Servers or Farms

http://social.technet.microsoft.com/wiki/contents/articles/5466.deploying-rd-session-host-servers-or-farms.aspx

 

How to Remove the Access Messages and Enable the Single Sign On for RemoteApps

http://social.technet.microsoft.com/wiki/contents/articles/2381.how-to-remove-the-access-messages-and-enable-the-single-sign-on-for-remoteapps.aspx

 

 

Deploy Certificates by Using Group Policy

http://www.ervik.as/microsoft/windows-server-2008-r2/3321-how-to-configure-single-sign-on-for-remote-desktop-services

 

 

Enable RDC Client Single Sign-On for Remote Desktop Services

https://technet.microsoft.com/en-us/library/cc742808.aspx

http://blogs.msdn.com/b/rds/archive/2007/04/19/how-to-enable-single-sign-on-for-my-terminal-server-connections.aspx

https://technet.microsoft.com/en-us/library/cc742808.aspx

 

 

How to resolve the issue: “A website wants to start a remote connection. The publisher of this remote connection cannot be identified.”

http://blogs.msdn.com/b/rds/archive/2011/04/05/how-to-resolve-the-issue-a-website-wants-to-start-a-remote-connection-the-publisher-of-this-remote-connection-cannot-be-identified.aspx

 

 

Do you trust the publisher of this RemoteApp Program? prompt even though the Publisher is trusted?

https://social.technet.microsoft.com/Forums/windowsserver/en-US/f47bcba9-67bf-45d0-af3f-fd9b9982ee2a/do-you-trust-the-publisher-of-this-remoteapp-program-prompt-even-though-the-publisher-is-trusted

 

 

Create a Self-Signed Server Certificate in IIS 7

https://technet.microsoft.com/en-us/library/cc753127(v=ws.10).aspx

 

 

IT: How To Create a Self Signed Security (SSL) Certificate and Deploy it to Client Machines

http://www.howtogeek.com/107415/it-how-to-create-a-self-signed-security-ssl-certificate-and-deploy-it-to-client-machines/

 

 

 

 

 

Makecert.exe (Certificate Creation Tool)

https://msdn.microsoft.com/en-us/library/bfsktky3(v=vs.110).aspx

Tested example (sets the start date to 30.6.15 and the end dates is 20yrs+ later.

makecert.exe -r -pe -n “CN=rdscluster.test.world.com” -eku 1.3.6.1.5.5.7.3.1 -b 06/30/2015 -ss my -sr localmachine -sky exchange -sp “Microsoft RSA SChannel Cryptographic Provider” -sy 12 “E:\Media\Cert\rdscluster.test.world.com.cer”

 

 

About Digitally Signing RemoteApp Programs

https://technet.microsoft.com/en-gb/library/cc754499.aspx

 

 

Create RDS Farm – Check list

https://technet.microsoft.com/en-us/library/cc753891.aspx

 

 

Install the RD Connection Broker Role Service

https://technet.microsoft.com/en-us/library/cc732076.aspx

 

 

Add Each RD Session Host Server in the Farm to the Session Broker Computers Local Group

https://technet.microsoft.com/en-us/library/cc753630.aspx

 

 

Configure an RD Session Host Server to Join a Farm in RD Connection Broker

https://technet.microsoft.com/en-us/library/cc771383.aspx

 

 

Configure DNS for RD Connection Broker Load Balancing

https://technet.microsoft.com/en-us/library/cc772506.aspx

 

 

Limit Profile Size

http://www.techrepublic.com/blog/the-enterprise-cloud/limit-profile-size-with-group-policy/

 

Note Files deleted from a network share do not go to the recycle bin. They are deleted permanently

https://social.technet.microsoft.com/Forums/windowsserver/en-US/7119aafa-fe55-470c-ae20-568b80c5dcb4/files-deleting-over-the-network-share-drive-is-not-going-to-the-recycle-bin-it-permanently-delete?forum=winservergen

 

https://social.technet.microsoft.com/Forums/windowsserver/en-US/db181312-bc96-4c3d-b7d6-daa0250b5552/applying-quota-for-user-profile-in-terminal-server

 

Empty recycle bin at log off… GPO log off script –

User Configuration – POLICIES. WINDOWS SETTINGS – SCRIPTS – Logon/Logoff

Add Empty recycle bin batch

http://www.cryer.co.uk/brian/windows/batch_files/how_to_empty_recycle_bin.htm

e:

cd \$RECYCLE.BIN

del /s /q .

 

Types of profiles

http://blogs.msdn.com/b/rds/archive/2009/06/02/user-profiles-on-windows-server-2008-r2-remote-desktop-services.aspx?Redirected=true

 

 

User Configuration – Administrative Templates – System – Logon/Logoff

 

 

SHOW and HIDE ALL DRIVES

      1. A Create one policy for admins with show all drives https://support.microsoft.com/en-us/kb/231289
      2. Create a second policy for all users with hide all drives and a deny apply policy for admins https://support.microsoft.com/en-us/kb/816100
      3. Third policy has all the terminal server config details

 

 

Temporary Profiles Loading

http://social.technet.microsoft.com/wiki/contents/articles/3571.windows-user-profiles-service-event-1511-windows-cannot-find-the-local-profile-and-is-logging-you-on-with-a-temporary-profile.aspx