Categoría: veeam

Hi everyone
After christmas, I had some time to improve my lab a little bit.
I decided to setup a Pi-Hole to use it as my main DNS and filtering app, and why not, use it also over my VPN with WireGuard , and be able to use it all the time reaching my Server from anywhere with a FQDN instead of an IP (Dynamic), with DuckDNS.

As a base system, I chose Ubuntu Server, with the minimum installation,
choose your own, maybe you will need to adapt some commands or content.

After login into my clean ubuntu server machine, and update all the packets,
I went to the Pi-Hole website, and click into the Install Pi-Hole button.

I used the Curl command with sudo before:

curl -sSL https://install.pi-hole.net | bash

Now let´s open a browser and login into the Pi-Hole console:
http://192.168.15.136:80/admin
using the password provided in the previous step: Xa7K80RE

Done!
Now, let`s create our DuckDNS Sub domain before continuing:

Go to the DuckDNS website, and create an account, is free.

In my personal use case, I sing in with google, so the creation was super easy and smooth.

In the page, write down the name you want to use in your subdomain, and click in add domain

In my case, I have two domains created, im showing you them right now:

now, is time to connect our duckdns domain with our server to get the automatic IP update every time our dynamic IP address changes:

On top of the DuckDNS website, you will find an Install menu, click on it:

Follow the web instructions, choose your OS and setup, and follow the steps and input the information in your server, in my case, Linux base with cron tab:

DuckDNS setup completed,

Now, Let´s install WireGuard
to be full set,
We are going to use this command, its awesome and prepared for raspberry pi, but also work with many distros and platforms, making the deployment super easy and smooth!

Follow the screenshots!

sudo curl -L https://install.pivpn.io | bash

Done!
Now our server is full setup with PiHole, DuckDNS and Wireguard.
Now we need a few adjustments in PiHole and create users in WireGuard.

Important!

The Server has not a fixed IP Address, I do assign an IP address on my DHCP, if you want to do so, please setup a fix IP address into the machine.

Open your port on the router to be able to reach the VPN service from outside of your network, IP – port 51820 UDP, I normally open both, TCP and UDP

Now, lets create a VPN user, to be able to set it up into our phone / laptop, and start using our WireGuard VPN.

Connect to your new deployed server via ssh

Now, let`s execute the command:

pivpn add

Done!

now, you have your VPN fully configure.
anua time you want to connect, simply open the app and switch the VPN to on (green)

all traffic will be back and forth the VPN.

cheers.

​

I was updating my Lab, and came to this little issue I would like to share with y’all.

I was applying the patch for KB4696 to ensure my 12.3 was fully patched, but then I noticed my free space on the C drive was insufficient.
First thought: easy… let’s enlarge the drive (it’s virtual), increase it, and continue…
The recovery partition didn’t allow me to do so.

Find below the screenshot of the patch installation + steps for being able to extend your drive in case you also need to.

Let’s fix this issue to be able to deploy the patch, 
As you can imagine, we will shut down the VM, reboot, and then relaunch the install and continue.

Here’s a breakdown of the methods:
Using Disk Management and Diskpart (Requires disabling and potentially deleting the recovery partition):
Disable the Recovery Partition:
Open an elevated command prompt and run reagentc /disable. This moves the recovery partition’s functionality into a file (Winre.wim). 
Delete the Recovery Partition:
Use diskpart to select the disk, list partitions, select the recovery partition, and then delete it with delete partition override.
Extend the C Drive:
In Disk Management, right-click the C drive and select «Extend Volume». Follow the wizard to merge the now-unallocated space. 
Recreate the Recovery Partition:
If you want the recovery partition back, you’ll need to create a new partition, format it, and then re-enable WinRE using reagentc /enable. 

Now, let’s continue with our patching…
I reboot the VM and restart the process. Here are the following steps.

I hope you find this info useful.
Cheers. ​

I want to share with you all my initial setup of a small Lab for the Veeam Data Platform
which is installing VBR + VONE + Recovery Orchestrator.

In my case, I don’t have too many resources, so, for lab proposes, all three roles will be deployed in the same machine

The wizard takes care of installing the tools, just asking you the necessary things to get it done.

As you will see, installing the Orchestrator, includes the VBR and VONE.

If you haven’t downloaded the Veeam data platform, please do…
This is the virtual specs for the VM where VDP is installed on my lab:

Let’s follow up on the screenshots and the comments on the installation.

Here ends the installation.

Now, let’s take a look into the consoles, with very high level / initial configuration:

VBR – We already know how it looks, Showing you adding a Job from a Hyper-V VM.
Initial setup with Backup config, etc…

Veeam One

Recovery Orchestrator Web

Lets add our VBR server, so Veeam One can start collecting info from it,
also, lets add from our infra our Hypervisors, to get more details and monitoring.

In the next entry, we will add an ESXI host to the Recovery Orchestrator and start setting up a recovery plan (a super simple, lab test).

cheers.

I want to share my initial screenshots of the Linux-based Veeam Backup & Replication Server.
Tech Preview: VBR on Linux (v13)

Private technology preview for Veeam 100, for non-production use only. 

Let’s get started:

As you may know, let’s deploy the OVA in our Vsphere Host:

As always, follow the wizard…

Select where the VM is going to be stored

Important, LAB, so, Thin Prov.

Detailed resume, no worries for the error, is ok! It’s just lab and non-production, remember?

Booting and great looking…

Easy step, to see the assigned IP address to the VM, quick look into the VM properties

Now, it is time to open your favorite browser, and call the URL from the VBR IP Address, for the web console

Boom!
Look at this console, beautifully colorful.
Looking forward to working from it, especially day-to-day operations you don’t need the «heavy console».

Now, with a Vsphere host Added and some VMs

Now, time to show the «Heavy» Client, I will paste the pics, due to the fact that the installation is so straightforward

Stay tuned for more news regarding this VBR13 Linux-based!

cheers.

Hola
Os dejo unos sencillos pantallazos de como ha sido mi actualización en el Lab de Veeam VBR 12 a la ultima version, 12.2, a pantallazos.

Primero que todo, descargamos la ISO de la última version de la web.

Una vez la tenemos, comienza la actualización

Hasta aquí, todo bien, pero, como veis, me pide reiniciar, dado que ese componente C++ estaba sin actualizar, así que nada, reiniciar el VBR y volver a empezar con el upgrade, y ahora, continúa sin problemas…

Saludos.

Hoy hemos realizado la instalación desde cero de un Veeam Backup & Replication 12.1

Os dejo los pantallazos para que podáis seguirlo.

Detalle, en el Windows server, tenemos 2 particiones, C: para el sistema, y D: para los Datos de Veeam y el Repo Local.

Primero que todo, descargamos la ISO, yo he descargado la Veeam Data Platform,
Ahora si, montamos la ISO y vamos al lio:

saludos.

Recently I added to my home lab, my first Ubuntu Server with a Hardened Repository for Veeam Backup, you can find more info here.

Now, the thing is, I want to be able to get notified if some user logs into the server via ssh, as a extra control, since I disable the SSH service when I dont use it.

Also the idea came, to be able to get notified from other applications via telegram, so wasn’t a crazy idea at the end.

from previous entries, or the internet, you can easily find how to create a Bot, and how to get your ID, so Im not going to dive into that,

So first, once we have created and activated our bot and user ID, lets go a create our Telegram messaging program,

in our home, lets create a file like this:

nano send-over-telegram.sh

#!/bin/bash
GROUP_ID=
BOT_TOKEN=

# this 3 checks (if) are not necessary but should be convenient
if [ "$1" == "-h" ]; then
  echo "Usage: `basename $0` \"text message\""
  exit 0
fi

if [ -z "$1" ]
  then
    echo "Add message text as second arguments"
    exit 0
fi

if [ "$#" -ne 1 ]; then
    echo "You can pass only one argument. For string with spaces put it on quotes"
    exit 0
fi
curl -s --data "text=$1" --data "chat_id=$GROUP_ID" 'https://api.telegram.org/bot'$BOT_TOKEN'/sendMessage' > /dev/null

GROUP_ID: Your Group ID from your telegram suscription
BOT_TOKEN: your token received when you created your bot.

let`s convert this into a «program» to do so, lets move (or copy) our file into the route /usr/sbin

sudo mv send-over-telegram.sh /usr/sbin/send-over-telegram

Everything inside /usr/sbin is owned by root, so lets change the ownership to our file

sudo chown root:root /usr/sbin/send-over-telegram

Finally, we want any user to execute this «program» so lets also modify the permissions for that

sudo chmod 0755 /usr/sbin/send-over-telegram

now we can test it out:

send-over-telegram test

you should get the «test» text message into your Telegram Group!

Now, let’s get notified any time a user logs into our server via SSH, to do so, we are going to create a script, and move it to a specific folder.

nano login-notification.sh

#!/bin/bash
    
# prepare any message you want
login_ip="$(echo $SSH_CONNECTION | cut -d " " -f 1)"
login_date="$(date +"%e %b %Y, %a %r")"
login_name="$(whoami)"

# For new line I use $'\n' here
message="New login to server"$'\n'"$login_name"$'\n'"$login_ip"$'\n'"$login_dat>

#send it to telegram
send-over-telegram "$message"

As you can see, here we are sending the information to our previously created «command» send-over-telegram

now, lets move (copy) the script where needs to be to trigger the alert:

sudo mv login-notification.sh /etc/profile.d/login-notification.sh

sudo chown root:root /etc/profile.d/login-notification.sh

sudo chmod 0755 /etc/profile.d/login-notification.sh

We are done!
Now, lets log off and back on to our Ubuntu Server,

You should get your Telegram Message with the information like this:

Remember!!

After using your SSH access, you should always disable it from the server, to avoid unwanted accesses to your server remotely, and do local changes or enable it just when you need to

To disable SSH:

sudo systemctl stop ssh

sudo systemctl disable ssh

Cheers!