Veeam Backup and Replication with Cloud Connect into Azure #ToTheCloud

Non sponsored article.

There is one company that always impresses me.  Veeam has  simple UI’s, cheap and clear pricing models and products that just work on first install.  This week I found with Cloud Connect, Veeam is always three steps ahead of its competitors.


What is Veeam Cloud Connect?  Veeam Cloud Connect establishes a SSL tunnel over the internet to Cloud Storage with no VPN required.

Why would I need Cloud Connect?  Firstly are you a customer, or are you a Veeam partner?

  • Customers have the ability to send their existing backups offsite to cheaper cloud storage and to remove the need for tapes.
  • Partners can license Veeam Cloud Connect connection through the Veeam Cloud Provider (VCP) program.  They will be able to build their own remote repositories designed to be multi-tenant and scalable.

Where is the remote repository?  It could be in a Partners datacenter, or Public Clouds.  This post will focus on transferring backup data to Azure storage.

Let’s Kick the Tires.

I went to the new Azure Portal at I selected New, Everything, Searched for Veeam, and deployed Veeam Cloud Connect for Service Providers.  **Unfortunatly this failed for me.  I am using a MSDN Azure subscription.  To deploy this Cloud Service you require a pay-as-you-go subscription.


I started following this deployment guide by Sam Boutros to manually deploy it (cost many extra hours 1-2 days with trial and error).

I deployed a VM in Azure (destination storage location), I also added a TCP endpoint of 6180.  I did not add any extra storage to my Azure VM for this test.  Then I installed Veeam Backup & Replication 8.


All required prerequisites are installed by the installer.


I then applied the latest patch which Veeam alerts you to install.  The first load after a reboot takes a few mintues.  The Veeam services are on a delayed start to allow for MSSQLExpress to start.


Then I obtained a free 1 month trial Cloud Connect license from my friendly local Veeam sales team in Sydney.  Once you apply this license you receive a new button down on the bottom left called Cloud Connect Infrastructure.


Then I generated a new self signed certificate as I received an error when I attempted to install my public trusted certificate (pfx).



I copied my certificate Thumbprint details to a text file (you will need them later on the source)

cert thumb

I then created a new Cloud Gateway and changed my public IP address, and my port.

4 - Copy

I then created 2 new users.  I set a quota to the resource that the users is able to access.

5 6

On my local source server (Windows 2012 R2) I then installed Veeam Backup & Replication 8.  Again I applied the latest Veeam patch.  I then applied the same licenses.  I went to Backup Infrastructure and right licked on Managed Servers to add my server.


I selected a Hyper-V host


I entered my local hosts address


I entered credentials and the ports were left as default.

I had lot’s of trouble with this, I tried to use Windows 8.1/10 Hyper-V host and unfortunately this is not supported, also I had some firewall wall issues.  Links you may need to refer to are below if you encounter similar issues.

Enable file and printer sharing           Disable UAC        Veeam Requirements

On your source host you can diagnose the logs here C:\ProgramData\Veeam\Backup\Setup and the source files that are uploaded to the host are here C:\Windows\Veeam\Backup\Upload.  There is only 1 suggestion I make to Veeam here, a simple port testing pool built-in would be handy.  The tool uses a pool range of ports not a specified port.  This is so each Host (source) can send its traffic on a separate dedicated port.





Then once this agent was installed and configured it alerted me that my Windows 2012 R2 Hyper-V host required some Microsoft patches.  I downloaded them and applied them.


You will now note in the Veeam console I now have an additional option on the top left Service Providers.


Then I went here and added my Veeam Cloud Connect host/service from Azure.


I entered my user account and my Thumbprint from the certificate (Azure Cloud Connection VM earlier).



Now you can see that I have my Service Provider


Veeam even has De-duplication and a WAN accelerator built-in for free!

Let’s configure the WAN accelerator.  Select WAN Accelerators and Add, change any ports and streams if necessary.


Select your WAN Cache.






Backup job– Let’s send backup data straight to the cloud.  Select Backup & Replication, Backup Job, Add your Virtual Server from your Host, Next.


Change your Backup repository from the default to your newly connected Cloud Repository, I changed my Restore points to keep only 4 copies on disk, Next.


Select your required schedule.


Finish, and the job runs successfully.


So we have added our Veeam Cloud Connect Service Provider.  We have installed Veeam Backup and Replication directly on my 1 Hyper-V host.  We can now send all backups directly to the cloud with transfer speed improvements up to 50 times faster with the WAN Accelerator.  Azure storage is cheaper than tapes.  We don’t have to worry about tapes, tape drives, tape libraries, tape schedules, and offsite storage facilities.  Data recovery will now be quicker.  So when someone asks you if you are in the cloud you can say “you are all in”.  A special thanks goes to Gnani Lavu from Veeam support in Sydney for his assistance.

I also expect more great news to come from the Veeam KickON in Russia this coming week so follow these on Twitter @Veeam_APAC @Veeam @VMDoug @Chas_clarke

Comments appreciated.

profile picAaron Whittaker @AaronW2003

Teaming, QOS, and Virtual Fabric Adapters

By Aaron Whittaker

Lab: This is all done on Windows 2012 server.
Teaming: assume I have a x4 (quad) 10gig card for this discussion and demonstration.  That will give you an aggregate of 40gig in a team.  This is great and can be pooled using tagged/untagged traffic with QOS!

(First demo will be in GUI but can be done in Powershell [PS], the second demo can only be done in PS)

Go To Server Manger, Local Server, Select Teaming,  Tasks, New Team, Insert a team name and select the nics.

Insert a team name and select the nics.

Once this is done, select the team, select Team Interface, Add Interface, Enter a name and an additional port.

At the end of this demonstration we now have the team of nics that has untagged (default) traffic and also an additional DMZ VLAN 200.

We could add this to a single Hyper-V virtual switch and everything would work as expected.  Are we done? No. There is no isolation (customers may not like DMZ on the same virtual switch) additionally there is no switch QOS settings. Delete the interface and Team and start again.

In PowerShell lets make the a team with the same adapters.

New-NetLbfoTeam “4x10GbE Team” –TeamMembers “Ethernet 2″,“Ethernet 4″,“Ethernet 5″,“Ethernet 6″ –TeamNicName “4x10GbE”

Now we create a Hyper-V Virtual Switch that binds to the NIC team, this switch has bandwidth management set by KB/S.

New-VMSwitch “LM40GbE switch” –NetAdapterName “4x10GbE Team” –MinimumBandwidthMode Absolute –AllowManagementOS $false

New-VMSwitch “Mgmt40GbE switch” –NetAdapterName “4x10GbE Team” –MinimumBandwidthMode Absolute –AllowManagementOS $false

Now we can make many Virtual Fabric Adapters for the Hyper-V host.  Create a virtual NIC in the management operating system for Live Migration, and Virtual Machines.

Add-VMNetworkAdapter –ManagementOS –Name “LiveMig” –SwitchName “LM40GbE switch”

Add-VMNetworkAdapter –ManagementOS –Name “VMs” –SwitchName “Mgmt40GbE switch”

Assign a VLAN to the virtual network adapters.

Set-VMNetworkAdapterVlan –ManagementOS –VMNetworkAdapterName LiveMig –Access –VlanId 100

Set-VMNetworkAdapterVlan –ManagementOS –VMNetworkAdapterName Mgmt –Access –VlanId 1

For QOS/BandWidth managment, I refered to this

The reason to utilize the Add-VMNetworkAdapter cmdlet is we can now have a dedicated Virtual Network Adapter for the Host to assign to the Virtual Switch.  We can then have full switch isolation while utilizing a shared pool resource (the nic team).  Now that we have different switches we can set different bandwidth polices for different pools of VMs or VLANS.

All comments/suggestions are welcomed.

Aaron @aaronw2003

January User Group: Empowering your People Everywhere with Enterprise Mobility

January Session Wednesday 28th- Empowering your People Everywhere with Enterprise Mobility

Enterprise Mobility is about connecting people with your resources, regardless of where they are, or what computing device they are using. Staff, contractors, suppliers and customers can all securely access the same enterprise mobility framework to gain access to only the information you intend for them.

Come along to learn more about how Enterprise Mobility can boost productivity, streamline processes and automate provisioning of information to your users. Experteq is a Microsoft partner specialising in Enterprise Mobility. Experteq has delivered many Enterprise Mobility solutions to Fortune 100 and Government organisations and utilizing Microsoft technology will demonstrate:

  • Enrolling a new user and managing the user lifecycle:
    • Automate the process of on-boarding and off-boarding Staff, Contractors, Suppliers and Customers
    • Automate the provisioning of services and resources to a user
    • Manage a user’s access privileges throughout their access to organisations
    • Provide self-service tools for users to reduce the load on IT support staff
  • Manage the proliferation of personal computing devices by:
    • Facilitating access to your business systems and data
    • Protecting the corporate information and data being consumed on these devices
    • Allow BYO computing device with little management overhead

Great prizes on offer!

Register Here

Presented by Experteq and Microsoft experteq

Intune Discovery: Kicking the Tires

The Intune cloud-based management service is a solution that helps you to manage your computers and mobile devices and to secure your company’s information.

With the proliferation of BYOD and BYOID’s, I wanted to “kick the tires” so here we go for a discovery.  Cooking time: 1 day.

My Microsoft ID’s had already been synced from On premise AD via AADSync.  See my previous post on this topic here.

I subscribed for a 30 Intune trial here which is for 30 days for 30 test licenses.

Then to utalise the Intune console I had to update my Silverlight version on my Microsoft Surface 3.  I logged in and I was presented with this console.  The Dashboard provides shortcuts to the initial tasks which are required.  I selected Add users.


I select several users and applied the Intune license as shown below.


Then I created a Group with all my licensed users.


Next we need to create a policy that we wish to push out to the users BYOD (Group).



I selected Computer Management, Windows Firewall Settings, Create and Deploy a Custom Policy.


It prompted me to deploy the policy.


Then I applied the Policy to a group


Then I downloaded my Client Software and attempted to apply it to my MSDN Windows 10 running in Azure.



It appeared to install but unfortunately Intune is not compatible with Windows 10 yet.  I received an error in the console and the agent was not running on the OS.  See this compatibility list here.



After I successfully loaded the agent on a Windows 8.1 machine in Azure, I loaded my firewall to see my Policy changes had applied.


Then I decided to scan using the Intune Endpoint Protection.  All of the definitions are defined within my Intune portal.


Next I wanted to remotely push some software.  I downloaded and run the Intune Software Publisher plugin.


Then I ran the wizard.


I selected SpotifySetup.exe and also selected a Spotify Icon.



I left everything else as default.



Then I selected upload.


I then applied the Software All Users.


Here is a summary of all my deployed software.


Back on the Windows 8.1 machine I opened the Intune Center tool from the right hand corner near the clock.

23 - Copy

Then I selected Get Applications from the Company Portal.  Here I had to authenicate (only the first time).  It even allowed me to reset my expired password.  Here you can see my Azure Active Directory Premium portal customisations have loaded.


I selected YES to the primary user of this computer.


Here you can see that Spotify was advertised on the main portal page.


If I select All Apps, Spotify is also advertised inside here and ready to install.


I selected Spotify and Install.


It now displays as installing.


Next I wanted to apply a minimum in Microsoft patches to my non domain devices.  This would be useful for a company that wants to ensure that a minimum level of patches are running on all machines that access their corporate data.  I approved all patches to All Devices back in the Intune console under groups.


Then back on the Windows 8.1 machine I  immediately prompted to install the newly approved patches.

Then I decided that I wanted to manage BYO mobile devices as well.  So i went to admin within the console, I selected Set Mobile Device Management Authority.



Then I Added a Device Enrollment Manager.


This is where I stopped.  I did not have a spare mobile device that I wished to wipe.

The Administrators Console dashboard has great visibility into the fleet’s health.  You can see the 1 error, this is my failed Windows 10 installation.  Clicking on each alert takes you straight to the reported area.


So as you can see there are a lot of great management features within Intune.  It has certainly come a long way in the last few years.  There are many features and perhaps your company will find this tool suitable for only 1 or 2 specific tasks, rather than using every feature that is available.  This is a very feature rich tool which does everything except refill your coffee cup.

profile picAaron Whittaker @AaronW2003

Ignoring VM’s with Stop Start Automation tasks in Azure

Thanks for yesterdays positive comments/questions and retweets.  To follow up after yesterdays post on creating Automated tasks in Azure we will modify the scripts and see what has happened.

Firstly to answer a question, yes you can ignore certain servers if they need to remain on or off.  The only issue I see is if a server is created and to be ignored by this script you will need to update the script each time another server is added to your Azure subscription.

Can you just use group memberships? @Simonster

Let’s change my scripts so Win10Az remains on or off, and must be stopped/started manually (normally).  So go back to Automation, stop script, author, draft, edit, change this line from

Get-AzureVM | where{$_.status -like ‘Stopped*’ } | Start-AzureVM


Get-AzureVM | where{$_.status -like ‘Stopped*’ -and $_.Name -ne ‘Win10Az’} | Start-AzureVM

This is highlighted in the screen grab below.


I ran the stop script and confirmed that only my BenWin10 server powered off.

I then added a similar line of code for my starting script, which you can see below.  I also selected the Start button on this screen.


Then once the start script had finished (90 seconds) I went back to my Virtual Machines view and as below you could see that only BenWin10 was starting up.  Win10Az was ignored when either script ran.



One last point, below is a screen shot of my scripts dashboard, from here you can easily see when the servers were on or off.  This is a great view to ensure your script is working as excepted.



profile pic Aaron Whittaker @AaronW2003


Reducing your monthly Azure spend through Automation tasks

Azure has an Azure automation engine to allow you to author and run automated tasks with little scripting experience required.  These tasks are in a Runbook (PowerShell workflows).  This allows you to talk to VM’s at the infrastructure level and also inside VM’s operating systems including Linux VM’s.  At the time of writing there were 119 templates to use.

Let’s get some extra value out of having VM’s in Azure.  Let’s automatically turn off our dev/test vm’s at the end of each day.  This will save money by having the servers powered off overnight.

Within the Runbook automation gallery, filter by VM lifecycle management.  Select Azure automation workflow to schedule stopping of all Azure Virtual Machines.


Select the tick button to Import

Go and create credentials under assets.

Go and edit imported task and select Author, modify your credentials to the new credentials that you added, add your subscription name (find this under VM’s tab, or subscriptions at the top), and change the script to ‘not stop’ any VM’s that need to remain on (this can be done through several types of filters).


Below you can see that the script has now appeared under published.  You can see that my customizations have been saved.


Now select Start and Yes, after 20-30 seconds (depending how many servers you have) assuming your job runs successfully, go to the Virtual Machines tab refresh your browser.  You will see my BenWin10 VM has stopped.


Then I created a schedule for this to occur every night at 7:30 pm.  Select the task and then select schedule, “link to a new schedule”.  Be sure to adjust for time zones/daylight savings if necessary.

Now go and replicate the same steps to create a task to turn the servers back on each morning.  I utilised the “Azure Automation Workflow to Schedule starting of all Azure Virtual Machines” script.


Set my Schedule


Select Start to confirm that the Virtual Machines turn on as expected.


After 20-30 seconds assuming your job runs successfully, go to the Virtual Machines tab refresh your browser.  You will see your servers have successfully turned back on.

If you want to confirm things are working as expected, just check on the dashboard.



Refer to this blog for updates HERE

Refer to this @MSAU #LevelUpAzure video to watch a recorded demo with Rick Claus @RicksterCDN, Joe Levy HERE


profile pic Aaron Whittaker @AaronW2003