anyweb Posted August 14, 2023 Report post Posted August 14, 2023 Introduction I use Hyper-V in my home and work labs to test a wide variety of things including PKI, SCCM, Intune mangement, Windows Autopilot, Windows 365 Cloud PC and more. My current home lab is in need of a backup solution that I can rely on, because I normally backup manually to an external USB hard disc, and that takes time, and I have to remember to do it. I felt it was time to take a look at VM Backup 9 from Hornetsecurity. I wanted to put it through its paces to see what's changed when I last reviewed the product back in 2018. So, what's new and improved since version 8? The most important new feature is immutability. Quote Ransomware Protection leveraging Immutable Cloud Storage. VM Backup (formerly Altaro VM Backup) leverages immutable cloud storage assuring data cannot be erased, modified, or deleted by anyone for a set duration. And if you don't know what immutable is, don't feel too bad, neither did I until I looked it up. Long story short, this is applicable to Ransomware attacks as it keeps your offsite (cloud) backup in an untouched/unchanged state, meaning you have something to restore from in case everything on-premises is encrypted by the Ransomware. This one feature alone is a very very good reason to upgrade (or purchase) this version of VM Backup. Don't believe me? Take a look at this recent case of a company in the Nordics called CloudNordics, which had all their data (and customers data) encrypted for extortion. If they had used VM Backup 9 and used the offsite immutable features, they'd have saved themselves a lot of time and money and better yet, they would have lived up to their self-proclaimed "Nordic Cloud Experts" title. Below are the different parts in the blog post Introduction Download the free trial Installing the software Configuring VM Backup 9 Selecting backup location Select VM's to backup Using Live Chat Taking an on-demand backup Taking a scheduled backup retention policy Restoring a backup Configuring immutable backups Prepare the Storage Account Configure Offsite Location Reports Exporting report data Should you buy it ? Recommended reading Conclusion Download the free trial Signing up for a trial was easy to do, just browse to here and click on the Download your free trial button, within minutes I received clear instructions for getting started, could it really be so easy. I chose the full featured 30-day trial of VM Backup - Unlimited Plus Edition and my goal was to install it and use it for backing up one or more of my virtual machines in my Windows Server 2022 Hyper-V host machine. Interestingly the software still supports Windows Server operating systems back to Windows Server 2008R2, but I really hope no one is still using those unsupported Server operating systems anymore, and for the VMWare fans there is support for those platforms too (except for free VMWARE ESXi). After downloading I got emails informing me how to get started. Step 1: Install and activate your trial right away. Download the installer again here if needed. Step 2: After installing, select your hosts and VMs to be backed up. Step 3: Select Backup destination and start your first backup job. Done. Easy! So, let's see is it really that easy. Installing the software I located the download and double clicked, after accepting the license terms off it went. One thing to note, after installing the software you need to restart your Hyper-V or VMWare ESXi or VMWare vCenter host. When the host restarted I took a look at the copious online help, including preparation documents which listed things like what ports to use for Offsite Backup Server and Antivirus Exclusions. I added the exclusions to my Hyper-V host Antivirus solution (built in Windows Security) Configuring VM Backup 9 Next, I launched the VM Backup, and by default it's pretty plain until you've configured the software. The first thing it wanted me to do was to enter credentials to connect to a VM Backup instance. After doing that and clicking the green Connect button, I was presented with a more feature rich dashboard, and it reminded me that my trial would expire in 30 days. Remember those initial 3 steps in the welcome email? well if you look closely in the left (and more obviously in the middle) node of the dashboard they are highlighted. I've already configured step 1, so let's choose where to store the backups (step 2). These quick steps are designed to get you up and running quickly but if you want more advanced features click on the Get More Backup Features button in the bottom of the dashboard. I like the colour scheme in the dashboard as it's clear what is completed (in green), what is not yet completed (in blue) and what is currently highlighted (in orange). Whoever programmed this user interface was thinking about making everything as clear as possible, well done. Next, I chose step 2 and for my first test backup, I would backup to an external USB NVMe drive, so I selected Physical Drive from the choices available (you can add more later). scrolling down and clicking Next, I chose the external USB based NVMe drive, created a folder and was done. My new backup location was now confirmed by clicking on Finish. Next, in addition to adding my VM's by dragging and dropping them to the backup location, I could see that the user interface was giving me good advice about being able to store backups at up to two more offsite locations for disaster recovery purposes and those backup locations support a variety of WAN/Internet based solutions such as: Microsoft Azure storage accounts Amazon S3 Wasabi cloud storage We'll cover offsite backups further down in this blog. I selected a few virtual machines for my first test and clicked Save Changes. But initially the VM's I selected and dragged to the white space location under my backup location didn't do anything. Using Live Chat After talking with the 24/7 live chat (impressive feature) It was clear why, I was dragging the VM's to the clear white space under the backup location, instead of dragging them on top of the backup location. Once I had realized that I need to drag the VM's I wanted to backup directly onto the backup location listed, I was able to continue successfully, I also learned that the version of the free trial was not the latest version and I could download an update from https://www.altaro.com/vm-backup/download_update.php Side note: I wish all free trial software from all companies had this 30-day live chat built in, it was very impressive, very instant. Super. One small feedback though, was I was initially advised to do some PowerShell commands to basically stop the all the Hornet services and then restart them 60 seconds later, all good except that once those services were stopped that also closed the dashboard including the live chat. Taking an on-demand backup Now everything was in place for taking the first backup. You can do scheduled backups or on-demand backups. To do an on-demand backup, you simply click on Backups (Step 3) and then select the virtual machines that you wish to backup from your selection and finally click on Take Backup. The current backup status will be shown in percentage for each VM that it's backing up. and after some time, you can see if the backup was successful or not on each VM. for more info about completed backups, click the + symbol to the right of that backup and you'll get info about when it was taken, and the compression used. While waiting for the backup to complete (and I have to say it was WAY faster than I expected, by a long shot), I noticed a temp checkpoint taken on the current VM being backed up. within approximately 20 minutes, my entire ConfigMgr Technical Preview lab (hundreds of gigabytes) was completed. Unbelievably fast! and way faster than the manual backup method I normally use (selecting the VM's in hyper-v and then right click, export). I'm impressed! Not only that, it saves on space big time using great compression. Look at the compression of this 252GB VM, compressed down to 81GB. Impressive! Taking a scheduled backup To schedule backups you can do it in a variety of ways. You can do it directly from the Backups settings drop down and select schedule settings. From there you can select VM's to backup and either drop them into the pre-defined backup schedules or click Add Backup Schedule to create a new schedule. Doing that gives you the flexibility to set your own settings. then drag your VMs to that new schedule and save settings, done! To review the scheduled backup status, go back to Backups and expand the details of the vm's you selected to backup on a schedule. delightfully simple to use! Retention Policy You can decide how long you want your backups to be retained via the Retention Policy option. It's very flexible as you can see here, and the default retention policy is 2 weeks. If you want something else, use the provided options or create your own. Restoring a backup Restoring a backup is usually something needed when you have a major problem with an existing virtual machine that either cannot be fixed, or you want to restore to a previous state. To access the Restore functionality, click on Restore in the left side menu, it'll reveal all available restore options. You can restore a VM as a clone, restore its virtual disk, restore files from the backup, exchange granular restore or even boot from the backup. That's a great selection of restore options! I chose to Restore VM as Clone, selected the location to restore from: Next, choose which virtual machines you want to restore. I chose to restore the clone to a directory I created called D:\RestoredVMs. And after clicking Restore I was informed that I could view the restore process via the dashboard. and after a few minutes the VM was listed in Hyper-V. Easy! One thing I did notice was that the clone did not contain any of the checkpoints (snapshots) that were present in the original VM. I chatted with Live Chat support about this, and they said this is normal, when the backup is taken it takes a temporary snapshot of the VM and that is used for the backup, so that when you restore, you are restoring that point in time. If you want to go further back in time, use previous backups based on your retention policy as per the drop down below (default was 2 weeks of backups). Taking immutable backups The killer feature in VM Backup 9 is the ability to take backups to immutable storage to protect your data from ransomware. To take offsite backups using immutable storage you first need to configure your Cloud providers storage account, enable it for immutable storage and then configure offsite locations in VM Backup 9. Prepare the Storage Account In this blog post I'll cover the steps needed to configure an Azure storage account for immutable storage in VM Backup 9. Using an account that has permissions needed, sign in to the Azure portal at https://portal.azure.com and search for Storage Account, click Create, make sure to select Standard Performance from the options selected. Be aware of Azure storage pricing when choosing your redundancy options, you can review them here. In the example below we've selected Locally-redundant storage (LRS) as it's the lowest cost option. In production environments, you may want to upscale that to use Geo-redundancy but at a higher cost. Next and very importantly, you need to select Enable Version-level immutability support in the Data Protection tab of the wizard. This will also select Enable versioning for blobs. If you fail to do this then you'll have to start over (ask me how I know ;-)). Once done, click through the remainder of the wizard and select Create. Once the resource is created and finished deploying, select Containers from within the Storage Account. Next click on + Container to create a new container in your Storage Account. I selected the default option of Private (no anonymous access) and gave it a name of vmbackup9container which we'll need later. After creating the new container, take note of the Access key or Shared Access Signature (SAS) depending on your preference. The more secure option is Shared Access Signature (SAS). To generate the Shared Access Signature (SAS) select all options as shown below and click on Generate SAS and Connection String. Take note of the Connection String and SAS Token. Configure Offsite Location After configuring your Cloud Providers storage account above, you'll need to configure an offsite backup location in VM Backup 9. To add an offsite backup location capable of immutable storage, click on Backup locations, click on Add offsite Location and then select the provider of your choice (three are offered, Azure, Amazon and Wasabi). I've highlighted them below in the green box. As we've already configured our Azure Storage Account for this, select the Cloud Backup to an Azure Storage Account option. Next, enter your Container name, paste in the Connection string, flip the Enable Immutable Backups for Azure Blob Storage option and select the number of days to protect those backups. Finally, click on Test Connection to verify it's all working. If you did all the steps listed above correctly (hint: check the Data Protection tab) then it should connect successfully. After clicking Finish you'll see your immutable storage option listed. As with other backup locations, you need to drag and drop virtual machines to that location in order for them to be backed up safely. After dragging some virtual machines to the offsite location, you'll see a popup similar to this. Click Proceed to continue or edit your configured storage options in Azure. Once done, you'll see your selected virtual machines listed in that offsite (and immutable) location. Fantastic ! Once done, click on Save Changes and you'll be prompted to enter a Master Encryption Key. Enter a Master Encryption Key and click Save. You'll then be prompted to re-authenticate including entering the Master Encryption Key. Reports The reports in VM Backup 9 are based around two operational states. Operation history Errors history Using those reports you can fine tune the type of data you are interested in. and the time frame. You can also click on details about a specific historical event. The error history will of course show errors occurring during Backup/Restore operations, but I found the details of what the error was, lacking in just that, details. But... if you click on the VM Name listed in that column, you get the actual details of the problem. This is not intuitive to me, it should be the other way around, clicking on Details should tell me everything about the problem or link to the additional details. Note, you can schedule reports to be emailed in the Notifications tab. Exporting report data The built in reports provide historical information about operations, but if you want to export data using Powershell follow the advice here, which will allow you to export data in TXT format for use elsewhere. $VMBackupEvents = get-winevent -FilterHashtable @{Logname='Application';ID=5000, 5001, 5002, 5003, 5004, 5005, 5007} -MaxEvents 1000 | Format-List $VMBackupEvents > C:\AllVMBackupEvents.txt Should you buy it ? VM Backup 9 is available to buy in a variety of different options. You can choose a subscription model or perpetual. The pricing page helps you figure out which option is best for you and when I looked at it the prices seem fairly reasonable for what you get. To answer the question though, should you buy it ? well, if you are in any way worried about Ransomware and how it can affect your data, then you should buy this product and use it's immutable storage backup options, it could save you from the same embarrassment that CloudNordics went through. Related reading VM Backup 9 - https://www.altaro.com/vm-backup/ Download your free trial - https://www.altaro.com/vm-backup/download.php How to setup offsite copies to an Azure Storage Account - https://help.altaro.com/hc/en-us/articles/4416905929617 Hornetsecurity VM Backup v9 with Immutable Cloud Storage - https://nolabnoparty.com/en/hornetsecurity-vm-backup-v9-with-immutable-cloud-storage/?utm_source=twitter&utm_medium=social&utm_campaign=ReviveOldPost Ransomware affects CloudNordic, wipes all servers and customer data - https://www.theregister.com/2023/08/23/ransomware_wipes_cloudnordic/ Conclusion VM Backup 9 is a user friendly, yet powerful tool to backup your Hyper-V and VMware based host VM's to various locations, be it on-premises or offsite in the cloud. If you are afraid of Ransomware (you should be) and you have virtual machines hosting business critical software, then you should seriously consider this backup solution as a viable option. The recent fiascos 2 cloud-based companies went through should make you wake up and pay attention. Simply having backups today is not enough, you must also have immutable backups! Using the backup/restore functionality was easy to use, this really is very nicely thought-out software, designed for the end user/admin in mind and not a rocket scientist. You are initially exposed to the basic functionality but it's quite easy to expand your options and add more abilities/customization to your backups/restores. The only thing I missed was the ability to capture a VM's checkpoints, that's something that Hyper-V can do via an export so why can't we also have that option in VM Backup ? The Support provided with this software is second to none. I cannot fault the 24/7 Live Chat, it's the best I've seen from any company anywhere, and you get through to real humans (not AI BOTS!) instantly. That in itself is an awesome feature! Thanks for reading, Cheers niall Quote Share this post Link to post Share on other sites More sharing options...