Newest AwesomeSauce: Veeam Explorer for SQL

SQL Server is one of those applications that we all care very much about, so much so, that we want some serious protection offerings. That’s why we are very excited to announce Veeam Explorer for Microsoft SQL. This solves a real problem for SQL Servers by giving additional restore options that can address entire DB issues all the way down to the specific transaction, and of course we can still restore the whole VM and more.

Let’s break down the three new things that Veeam Explorer for Microsoft SQL bring to the table:

1. Whole DB Recovery: For most situations (90%+) this is going to be what will get you out of a jam quickly for one or more databases. Using Veeam Explorer for SQL, you can simply right-click on the database and restore it from the full image-based backup that was taken.
Of course this all depends on your recovery requirements, and with certain situations – you may want to restore just one database that may provide one application without touching the other databases on this same SQL Server that impact other applications. This is an easy restore scenario, and like the additional options described below – it does not require SQL expertise.

2. T-Logs and Point in Time. The second scenario that comes with Veeam Explorer for SQL is that now the transaction log backups and point in time recovery options are available. This is made possible by new options that work in conjunction with the image-based backup that already ready has over 27 restore scenarios from one agentless backup. The figure below shows how you can configure SQL transaction log backups:

The transaction log backups and point in time recovery options allow Veeam customers to address recovery situations that can’t quite be covered in the first option. For example, if you set up a SQL Server Backup – you now are able to restore one or more databases to a specific logged point. This is by a new feature that will copy the backup logs to the specified interval in the figure above. The Veeam Explorer for SQL wizard then goes into a truly awesome set of restore options, the first will use the transaction logs to generate a point it time recovery as shown below:

This will read the image backup we have, plus the transaction logs we’ve gathered in the backup engine to give you this specific restore scenario and can address by some estimates 30% of the SQL restore scenarios where a specific, advanced recovery is needed.

3. Transaction rollback. The third excellent feature that Veeam Explorer for SQL brings is the ability to roll back to a specific transaction that caused you grief. This is for the very rare restore scenario, and based on our support case data and what we gather from the forums, is the rarest restore case (1-5% of situations). But what if you need it and you don’t have a SQL DBA?

This is where Veeam Explorer for SQL will shine!

You can go to the next level and select the specific transaction option in the wizard above, and find the database action that needs to be undone. The database will then be restored to the transaction right before the undesired one as shown in the figure below:

As you can see, Veeam Explorer for SQL Server brings serious options to your data protection arsenal – the best part is that you don’t need to be a SQL DBA!

We don’t yet have a beta for this tool – but stay tuned!

ATLSECCON Session: Data Protection Mishaps to Avoid

This week I am in Halifax, NS for a Veeam-sponsored event, Atlantic Security Conference (ATLSECCON).


There I had a speaking session get accepted: Data Protection Security Mishaps that you can avoid.  Here is the description:

When it comes to data protection, the risks are high. Too many times companies take adequate protections for live workloads; but are the same standards are applied to the durability of the data protection scheme? Different backup technologies offer different opportunities and risks for security the backup data.
In this breakout session, join backup expert Rick Vanover for practical security tips for data protection administrators to avoid being the next headline. Topics covered in this session include:
• Storage security strategies for backups
• Managing multiple security techniques
• Identifying backdoors from data protection solutions
• Implementing controls for each step of the data protection process


The session was very well attended and I got some great feedback! So, here’s the gist of my presentation:

Download PPTX:

Here is a summary list of the mishaps to avoid on what I presented:

  • Today it’s more that tapes falling off the truck.
  • The primary systems are protected well, the data protection application has many surfaces and is subject to the same security rules.
  • Identify surface areas of data protection solutions. Kicker: You may have more than one data protection solution.
  • Monitor restores. The Redirected restore could breach security profiles. Recommended solution includes the Veeam Restore Activity Report.
  • Have monitoring and logging framework in place now. It’s a lot harder to set it up after an incident and know what to look for.
  • Identify where data protection logging exists. In addition to aforementioned report, come components may have logging also (tape moves, modules within data protection solution, etc.).
  • Storage for backups is usually an afterthought in most organizations. Primary storage may be secured well, backup storage should have the same standards.
  • Know what frameworks are in use. VMware vSphere or System Center Virtual Machine Manager administrators can take a backup of a VM. Even if they don’t have access to the guest operating system.
  • Don’t “lock your keys in your car”: Don’t rely on CIFS or SMB for backup storage that is managed by Active Directory. Why? What happens when you need to restore Active Directory? Same for storing VM backups inside of your VM infrastructure. What if that’s the problem?
  • Don’t store backups at home. Get indoor public storage. It’s very affordable, has 24/7 access and can be an cost-effective alternative to storing backups (tape/disks) at home.
  • Don’t “Overdo” Deduplication. Don’t double or triple dip deduplication (additional security surface areas and minimal gain for a lot of I/O and CPU consumption). Additoinally, beware of a Windows Server 2012 deduplicated volume encapsulated on a VHD or VHDX and copied or otherwise silently exiting the datacenter.
  • Watch the encryption vs. performance discussion. Make sure different parties don’t “Temporarily” disable volume encryption because backups are slow…
  • Use the 3-2-1 rule. Simple timeless rule can address almost any failure scenario:
    • Keep 3 different copies of your data
    • On 2 different media
    • 1 of which is off-site

    A special thank you to those who attended and for the ATLSECCON board for allowing me to present and Veeam to sponsor!

What can you do to avoid the next cloud failure?

Companies investing in cloud-based solutions should do so very carefully, like any other technology or business decision. In an era where not all cloud solutions are made for the long-haul; there needs to be some clear insight on what is a good decision today and into the future. We’ve seen two key cloud failures recently in the form of services ceasing. The first happened last year when cloud storage provider Nirvanix filed for bankruptcy and the other recent example is Symantec Backup shutting down. Aside from offerings being closed down, we’ve also see outages of cloud-based solutions that can impact applications or content delivery.


The reality is that cloud-based solutions may not make it, it’s a very diverse offering of services for companies to choose from today and the benefits of cloud-based solutions don’t always apply to all organizations. It is also a natural conclusion to plan for some form of outage. This applies to traditional hardware and software products as well, so the decision process isn’t new; it however needs different handling.

So, what can you do to avoid the next cloud failure? It starts with full examination. Companies can latch on the business benefits that a cloud-based solution brings, but part of the admission process should include a plan for evacuation. To put it another way, the cloud has infrastructure too. Things can go wrong, and it needs to be managed and protected. This applies both to the providers of a cloud-based solution, but also as a fiduciary responsibility to those who subscribe to it. Taking this key approach to going into a cloud-based solution will make a material difference on what needs to happen, should a cloud failure occur.

I advise companies to take the following points in to a cloud-based solution investment:

  • Ensure portability to another cloud, or back on-premise
  • Design the specification of the cloud-based solution to be ready for another public cloud, even if you have chosen another public cloud
  • Give extra consideration to application dependencies on a particular cloud

Do you see any risk of more cloud failures? I’m sure we’ll see them, but none have been very impactful thus far. Share your predictions in this interesting category below.

Product Review: Generator Interlock for Standby Power

If you are like me, you want to have a backup plan. I do this in my professional role for data protection, why not do the same at home! Note: Consult a qualified electrician for your panel modifications.

When I lived in West Michigan, we had many occurrences of multi-day power outages and we installed an interlock kit for a safe feed for generator power. Since we’ve moved to this new house, I decided to go ahead and get a kit installed here. Here is the generator we bought in 2005 or so:


On the right side, the 4-pole interface is a 240-volt, 20-amp interface (L14-20P). Now this generator is nice, but it doesn’t have the legs to run everything in the house. Namely, I have to turn off the Rickatron lab datacenter and avoid running the air conditioner and electric dryer. Heat (natural gas), kitchen, garages and lighting however can run on this generator. I’d like to have had a 30-amp / 9000 Watts or so unit; but this is what I have.

While I don’t live in such a rural area now, there is always the risk of a power outage. And the way I see it, the problem is solved either way:

Power goes out: I’m good.

Power stays on: I’m good.

My natural choice in this situation is a manual kit, I call it a “double-throw bypass switch” but basically it’s an interlock kit. I have a Siemens electrical panel at home and bought the right kit for my house and feed from

Here is how these systems work:

  • The panel has two breakers added to bring in power in my case 2×20 AMP feeds from my generator.
  • The Interlock switch keeps these two breakers off until there is a power incident.
  • When you have a power incident, you connect your generator feed and start the generator.
  • Then throw the two switches to provide a feed that is a closed system from the generator that is safe and to code.

Let’s walk through the steps. The picture below is my panel after the Interlock kit has been installed and is the normal running configuration when I have municipal power:


The top 2 right breakers are the input from the generator, and the interlock kit keeps them off during normal situations (when municipal power is on).

It’s a good idea to test the system, for the following reasons:

  • You are familiar with the process works
  • You know the pieces and parts work
  • You will extend the life of the generator by keeping it running occasionally

To hook up the generator a proper installation has a weatherproof box installed on the exterior of the house (with an adequate gauge going to the panel, again leverage the qualified electrician).  Part of the solution is to have a long cable going from the weatherproof box to the generator. This is shown below (and the other end of this cable goes to the generator):


Once the wiring is in place, I can switch the panel to use the generator feed. Note the two steps below:

  • Stop the municipal feed
  • Switch the interlock
  • Activate the feed from the generator



While the generator (5500 running/7000 max Watts | 20 Amp) doesn’t have the full power for this house, it does keep the heat on, the kitchen going and all lights as well as TV and cable. This solves my concern on what to do if/when the power goes out. Further, this is the “Few-Hundred-Dollar Solution” compared to autoswitch standby systems:

Generator:  $400-600

Interlock Kit: up to $150

Electrician: up to $300

If you get a full house, auto-switch generator, it can easily get to a $10,000 solution. Further, those generators run on natural gas – which you can’t assume will be in place at all times. I keep enough fuel for 2 days of generator runtime, which is nice to ensure that I’m managing that process.

Final verdict: Interlock Kit A+ | Highly Recommend.

vSphere 5.5 B Released

Don’t let the quiet times of the holiday’s fool you! vSphere 5.5 was released on 22-December 2013! vSphere 5.5 has seen the following release sequencing:

  • VMware ESXi 5.5 22-Sept Build 1331820
  • VMware vCenter Server 5.5 22-Sept Build 1312298
  • vCenter Server Appliance 5.5 22-Sept Build 1312297
  • VMware vCenter Server 5.5.0a 31-Oct Build 1378901
  • vCenter Server Appliance 5.5.0a 31-Oct Build 1398493
  • VMware vCenter Server 5.5.0b 22-Dec Build 1476387
  • vCenter Server Appliance 5.5.0b 22-Dec Build 1476389
  • image

    (Click on image for Released Notes of 5.5.0b)

On Halloween we had vSphere 5.5 A come out. If you have not started your vSphere 5.5 upgrade, start with the B release; then do the hypervisor updates for ESXi.

VMware KB 2057795 has good upgrade information.

Install VMware Tools on Nested ESXi with ShortURL

One of the most useful VMware Flings of all time has just come out, VMware Tools for Nested ESXi. Nested ESXi is running ESXi within ESXi or another VMware hypervisor. Fusion, Workstation and maybe Player support nesting ESXi.

We all know these few facts:

  • VMware Tools makes VMs run better
  • Nested ESXi isn’t production-ready
  • Nested ESXi is a great lab/test technique

In the Fling page, it has option 2 listed to run the .VIB (an installable module on an ESXi host) from directly downloading it from This is “loosely” analogous to the whole OVA vs. OVF discussion, a pointer vs. full install locally.

With option 2, you can take the full command:

esxcli software vib install -v -f 

And condense it to a short URL:

esxcli software vib install -v –f

Here is the command being entered on an ESXi 5.5 host nested on ESXi:

(I did enable SSH, this can also be done in the DCUI however)


Before the command, the VM (nested ESXi) displayed this in the vSphere Client (Shhh… Not using Web Client yet):


After the host is rebooted, VMware Tools are running as shown below on startup:


Then in the vSphere Client, you are golden as well!


The ShortURL will help when it comes to installing VMware Tools by hand on a host, much like Windows Firewall I’ve remembered: netsh advfirewall set allprofiles state off.

So, save this command and keep it for the ages!

esxcli software vib install -v –f

Enjoy! Thank you VMware Flings team, and William Lam!

Stella Artois: Chalice Can vs. Bottle review

Over time, I’ve come to fancy Stella Artois. Stella is a Belgian lager beer that really works for any situation. Recently in the states, I’ve seen the new Chalice can, a 440 cl container that I’m convinced is better than the bottle! Here is my first video comparing the chalice can with the bottle:

I’ve long thought that the chalice can outperforms the bottle in terms of smell, taste, head and drinkability. Watch this video to see the results:

Do you have the Stella Chalice can available in your market? I encourage you to check it out if so. Does the can outperform the bottle for you? Share your feedback below.