Veeam DataLabs offers the opportunity to leverage data from existing backups and replicas. That’s right. There are different reasons why this feature can be a life saver. Simply put the data in the backups and replicas are a goldmine as they in fact are a copy of the existing production data.
What would be the common use cases for using production data?
There are plenty. From application testing, to request for changes, custom application development, software updates, in-place upgrades, access to specific teams like developers and a lot more.
How does Veeam DataLabs work?
Veeam DataLabs creates an isolated environment where it’s possible to run the production data without affecting the live environment. Veeam DataLabs uses the backup data in read-only mode and only the changes are written to a different location. This allows for example to spin up a copy from a specific point in time and run some updates or installing new patches. All these changes are written in a redo-log or delta file (in case the source is a backup or replica). This could be the case for example to test customizations against Databases, applications like SharePoint and a lot more. In the unfortunate case of malicious attacks the Veeam DataLabs feature also helps testing specific patches before running them in the production environment.
And there are also more and more use cases where for example the Veeam DataLabs offers access to specific data for example for auditing and analytics purposes. All these tasks now can be completed against near-live copies of the production environment without affecting the live environment.
Veeam DataLabs effectively is a combination of three major components:
- Virtual Lab
- Application Group
- SureBackup Job
The purpose of this quick overview is to cover the Veeam Virtual Lab component first and then follow up with the rest of components with dedicated articles. The Virtual Lab is a small linux appliance which acts as a gateway between the production and the isolated environment. It can be easily configured through a wizard and is automatically deployed from Veeam Backup Server into the Virtual Infrastructure.
How to configure Veeam DataLabs
In the Veeam Backup Console > Backup Infrastructure > SureBackup > Virtual Labs the option to create a Virtual Lab which will be used to run application testing and software updates. It is possible to create multiple ones depending on requirements. Ideally creating a couple of them that could be used for separate tasks like verifying backups and running sandbox environments.
The Virtual Lab is essentially a small linux appliance (1CPU, 1 GB Ram) and needs to be associated with a Host. In the case of VMware if the virtual infrastructure is using the virtual Standard Switches (vSS) the best practice is to choose the same vSphere Host running both the Virtual Lab and Virtual Machine to mount into the isolated environment. Should the virtual infrastructure use virtual Distributed Switches (vDS) then any virtual Host can be selected. This is due to how the virtual Networking configuration work in a vSphere environment.
Next is to select where the changes will be written. This can be any available datastore. So for example it is possible to configure and add existing storage as VMware datastore just to run testing or patching of specific applications.
The next step is about the configuration of the Virtual Lab Proxy appliance. This includes the desired name and the network settings. For this example the VM name of the proxy appliance is changed to “VeeamSandbox”.
Next is to select to which network the Virtual Lab proxy appliance will be connected to.
As a best practice the preference should be to add a static IP address for a better control. In addition, the option to add multiple DNS servers for redundancy.
Once completed the screen should look something similar to the one below. So essentially this part of the Virtual Lab configuration shows the main settings for the proxy appliance. This appliance is acting as a gateway isolating the sandbox environment from the production one. For those machines which require internet access it is also possible to enable the proxy appliance as a Web Proxy with also the ability to specify a Production Web Proxy address. This only responds to HTTP traffic type.
In the Networking section of the wizard there are 3 options. From Basic to Advanced they allow to satisfy different scenarios. So in case the virtual machines to verify have a single network and vSS is used than the first option is valid. Should the same VM have more than one network and still on vSS than the Advanced single Host is the one to use. In more advanced cases where the vDS is used and the virtual machines to test are sitting on different Hosts than the Advanced multi-host is fit for purpose.
In the last case the option to choose which vDS to use.
At this point it is possible to add all the production virtual networks that should also be available in the isolated environment. For example a virtual machine connected to one network would need just one in the isolated environment. A virtual machine connected to multiple networks these can also be specified in the isolated environment along with VLANs settings. In this case the virtual machine has only one vnic connected to one virtual network called “VM Prod”.
In this part of the wizard this is where the “mapping” between the production and isolated network occur. The Virtual Lab will keep them separated and never allow any traffic (by default) from the isolated environment.
For each one of the networks that should be available in the isolated environment the proxy appliance creates a mapping. Now for obvious reasons the IP Addresses cannot be the same between the two networks. This is where the proxy appliance uses a masquerading technique. This way it is possible to access the virtual machines in the isolated network.
Virtual machines in the isolated network will have their original static IP address or a new one assigned via DHCP. It also allows to have custom DNS entries.
This environment is fully isolated from a networking and resources perspective. Should it be required it is also possible create static mappings between the production and isolated networks for specific IP addresses. For example, developers that need to access specific point in time backups or replicas of servers to test customisations or even software updates without impacting the current environment.
The Virtual Lab wizard has now all the necessary info to create and deploy the Proxy appliance. A final review before committing changes.
A few seconds later the Virtual Lab Proxy appliance is successfully deployed.
Next step for the Veeam DataLabs is to create an Application Group and a SureBackup job as covered in the next articles. In particular these will be used to run software updates on a Ubuntu virtual machine.