Challenge
Veeam Backup & Replication lets you deploy and manage Veeam Agent for Microsoft Windows on computers in your infrastructure. The Veeam Agent for Microsoft Windows failover cluster job has full support for mission-critical Microsoft Failover Clusters, SQL Server-based Microsoft Failover Clusters, SQL Always On Availability Groups and Exchange Database Availability Groups.Please be advised that this guide describes Agent Management Windows Server Failover Cluster processing if you plan to use Veeam Agents in your infrastructure. However, it is still possible to use basic virtual machine backup jobs to process virtual clusters without Veeam Agents.
This is a “how to” step-by-step guide on backing up your Windows Failover Cluster.
Cause
Before you beginСonsider the following:
- Backup of failover clusters is supported in Veeam Agent for Microsoft Windows managed by Veeam Backup & Replication only. You cannot process a failover cluster by Veeam Agent for Microsoft Windows operating in the standalone mode.
- Agent license with a server counter must be installed in Veeam Backup & Replication to enable Agent Management features including failover cluster support.
- Veeam Agent for Microsoft Windows supports Windows Server Failover Clusters running Microsoft Windows Server 2008 R2 and later.
- Workgroup clusters, multi-domain clusters, and mixed OS version clusters are not supported.
- Cluster Shared Volumes (CSV) are skipped automatically during the backup.
- The following Microsoft Failover Cluster applications are supported: Microsoft SQL Server Failover Cluster Instances (Microsoft SQL Server 2008 SP4 or newer), Microsoft SQL AlwaysOn Availability Groups, Microsoft Exchange Database Availability Groups (Microsoft Exchange Server 2010 or newer).
- AlwaysOn Clusterless Availability Groups are not supported.
- Managed by backup server job with failover cluster type does not support the file-level backup mode.
- Recovery must be performed via Veeam Backup & Replication console.
- Clustered Storage Spaces are not supported in the current product versions listed above. If you have a requirement to deploy Veeam Agent across such clusters, consider using a non-cluster protection group with cluster nodes added one by one and a simple server backup job with these nodes.
Solution
Microsoft Windows Server Failover Clusters, Microsoft SQL Server Failover Cluster Instances, SQL Always On Availability Groups
1. Create an Active Directory protection group
Protection Group is a container or folder to organize hosts you are willing to protect
To create a protection group navigate to Inventory, select Physical & Cloud Infrastructure node and hit Add Group button at the ribbon. Select Microsoft Active Directly objects as a type for this Protection Group.
At the Active Directory step specify the domain name and account (if required) and select the Active Directory cluster name object.
The AD cluster name account can be found in Active Directory Users and Computers or Failover Cluster Manager.
Make sure that you didn’t exclude any required hosts at the Exclusion step of the wizard.
Specify the common master account and set custom credentials for particular hosts if needed.
Check the box to Install backup agent at the Options step of the wizard to install backup agents automatically during the rescan (installation can be performed manually if required).
Rescan the protection group to discover the newly added cluster account, all its nodes and install backup agent to every node. Once the rescan is completed you should see the cluster and all child nodes under the protection group
NOTE: To avoid installation issues, make sure that all required network and DNS requirements are fulfilled. There may be various infrastructure changes required to grant that access: network configuration, firewall and security software settings. For instance, if the cluster is deployed On Azure, then it is important to check that all the required ports are opened in the network interface settings - https://docs.microsoft.com/bs-latn-ba/azure/virtual-machines/windows/nsg-quickstart-portal
Specific fault tolerance configurations may have Azure load balancer deployed - https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-ha-ports-overview
In this scenario, make sure that the corresponding rules are added the load balancer configuration, otherwise part of the Veeam traffic will be dropped - https://docs.microsoft.com/en-us/azure/load-balancer/configure-load-balancer-outbound-cli
2. Configure the backup job
Once you install the backup agent on every node, you can create a cluster job. Navigate to Home node, click the Backup Job button at the ribbon and select Backup > Windows computer.
Failover Clusters must be processed by backup server jobs with the Failover cluster type.
At the Computers step of the wizard hit Add and select cluster account or the parent protection group for this cluster.
NOTE: each cluster node will consume a Server License host counter:
Select the backup mode. Only volume-level backup and entire system backup modes are available for the failover cluster job.
Define the appropriate application-aware processing options at the Guest Processing step of the wizard. For example, SQL log backup/truncation settings would be applicable to a SQL cluster.
Start the job. The cluster job will track node changes and perform log backup respectively.
Microsoft Exchange Database Availability Group
Starting with Veeam Backup & Replication 9.5 Update 4, Microsoft Exchange database availability group (DAG) nodes are now automatically processed in a sequential manner, so it is possible to use Veeam Agent for Microsoft Windows to process Microsoft Exchange Database Availability Groups (DAGs).
The procedure of adding a DAG to a Veeam Agent backup job differs depending on the type of the DAG that you want to process:
- For a regular DAG, the backup job configuration procedure is the same as for any failover cluster mentioned above, so all the steps above are relevant
- For an IP Less DAG (a DAG without an Administrative Access Point), the backup job configuration procedure is similar to the same procedure for standalone servers. To process an IP Less DAG, you must create a Veeam Agent backup job for servers in the Veeam backup console and add all nodes of the IP Less DAG (the steps below show it in detail) to this job.
Create a protection group with the DAG nodes:
Then add servers that act as DAG nodes to a Veeam Agent backup job for servers configured in Veeam Backup & Replication.
During the backup process, Veeam Backup & Replication detects that servers in the backup job are part of a DAG, and creates a transactionally consistent backup of Microsoft Exchange databases running on these servers (only passive database copies are processed, active ones are excluded from VSS freeze operations; however, the job still copies all the correspondent EDB-files of all databases from all the nodes).
Application-aware processing should be enabled for a consistent backup, log truncation and application-item restore possibility.
If you plan to use Veeam Agent for Windows to back up your DAG cluster, be advised that Agents deployed via Veeam Backup & Replication version prior to 9.5 Update 4 cannot process a DAG as a regular failover cluster.