Setting up Backup Verification
Brandon Lee, posted on May 31, 2017
Perhaps one of the most overlooked areas when it comes to backup processes in general that most organizations fail to execute in their backup plans is backup verification. Often, many administrators may simply assume backups to be good and the topic goes no further than that. However, this is a dangerous routine to become accustomed to as those who do may find they have corrupted backups in a real disaster scenario. That is the worst to find out that something is wrong with your backups! Let’s see how we can set up backup verification to ensure our VMware backups are in a good state before we are ever in the disaster recovery scenario.
Screenshot Verification Overview
Screenshot verification is a fantastic technology found in NAKIVO Backup & Replication that verifies the integrity of the backed up virtual machine by (near) instantly booting the virtual machine from the backup, then taking a screenshot of the booted VM, and finally emailing a report with the screenshot to the administrator. What better way to know that your VMware VMs will be useable than actually booting and verifying them? Great technology!
The way that NAKIVO Backup & Replication does this is by using the already built-in Flash VM Boot technology. Flash VM Boot presents backup disks as RDM disks that are in virtual compatibility mode and mounts those disks to a newly created VM.
Requirements for Screenshot Verification
There are a few considerations when setting up NAKIVO Backup & Replication Screenshot Verification. Since this feature utilizes the Flash VM Boot technology, it depends on the requirements therein. Flash VM Boot needs iSCSI VMkernel port bindings to be in place on the VMware ESXi host. You can check this on your ESXi hosts by navigating in the vSphere Web Client to your Host >> Configure >> Storage Adapters >> your adapter >> Network Port Binding.
Once we have verified that our VMware ESXi host is configured correctly, we can turn our attention to our NAKIVO appliance. We need to make sure that our NAKIVO environment, specifically the Transporter component, has network connectivity to the iSCSI network of the VMware vSphere host that you are targeting. Typically an iSCSI network is not routed, so we want to make sure we have a connection configured on the same VLAN ID and network IP space as the iSCSI VMkernel port.
Next, we need to add a new network adapter to our NAKIVO Transporter appliance and assign an IP address for connectivity to our VMware iSCSI network.
Another consideration if you are using NAKIVO Backup & Replication on a Windows computer is to make sure the Windows firewall has exceptions for port TCP 3260 as this is not allowed by default.
- netsh advfirewall firewall add rule name=”iSCSI In” dir=in action=allow protocol=TCP localport=3260
netsh advfirewall firewall add rule name=”iSCSI Out” dir=out action=allow protocol=TCP localport=3260
Verify network connectivity
After we have added our network adapter and configured the addressing for the additional network adapter in NAKIVO Backup & Replication to be on the same IP space as our VMware iSCSI network, we can test connectivity to one of the iSCSI VMkernel port IP addresses.
As seen above, we are pinging a VMKernel port IP address on one of our VMware ESXi hosts. We should see ping responses back from the test, which we do. So we know from that result, traffic is both getting to our host and returning back to us.
Configuring Backup Verification
Now that we have all the prerequisites met and we have tested our connectivity to the server, we are ready to start configuring the backup verification functionality. To have the backup verification delivered to our email, we need to first configure our Email settings in the NAKIVO appliance. To get to the email settings, simply click on the settings “cog” in the upper right-hand corner of the interface.
Once there, we see the Email settings menu that can be expanded. Also, all the way to the right of the column, there is an Edit link. Click the edit link.
When you click to edit the email settings, you will see the normal email configuration settings that need to be configured – SMTP server, SMTP username, SMTP password, SMTP port, From address and To address. Below you see the configuration as it might look in configuring a GMAIL address for our configuration. Notice, we can specify an Encrypted connection which allows us to configure encryption options that allow connectivity to GMAIL and others.
Before we can actually apply our email settings, we must click Send Test Email which tests the settings. I think this workflow is prudent as how many other email configurations will simply let you apply a configuration without testing, or not have a means to test. After we send the test email and it is successful, we can apply the configuration.
To actually turn on the screenshot verification feature on our backup jobs, we need to look at the Options of the job. Note below we have Screenshot verification to Enabled. Also, we see the settings link to the right of our Enabled box.
When we click the Settings link we can configure the Target container or vSphere resource, Target datastore or our storage for the resulting recovered VM, and other verification options including how many VMs we want to verify simultaneously, RTO on the recovered VM, and the delay after the guest OS is started until we grab a screenshot.
Once the job runs successfully, the screenshot verification process will begin by using the Flash VM Boot technology. If you are watching in vCenter web client, you will see iSCSI targets being provisioned as the Flash VM Boot mechanism configures the storage for the RDM mapping.
The VM is restored with the “-recovered” appended. It is also powered on as the process powers the virtual machine on in preparation for the screenshot verification.
Once the virtual machine is booted and the screenshot has taken place, you will receive an email to the address that was configured earlier with the job details as well as a screenshot of the virtual machine in its booted state!
Verifying backups once they are taken should be an essential step in any backup routine. Often, however, this step is neglected when it comes to backup processes. Failing to verify backups can produce nightmare scenarios where you have corrupted backups in an actual disaster recovery situation. NAKIVO Backup & Replication v7 makes verifying your backups seamless as the screenshot verification process automates the verification. Once the screenshot verification process is configured, the backed up virtual machine is booted from the actual backup files. This verifies the backup files are successfully able to boot the VM from the backups. After the VM boots, a screenshot is snapped and an email is sent with all the pertinent information. NAKIVO has provided an extremely powerful backup verification process in the screenshot verification mechanism. We no longer have an excuse not to be verifying our backups!