All posts

Veeam Backup for Office 365 (VBO) with MinIO

Veeam Backup for Office 365 (VBO) with MinIO

With the announcement that MinIO was Veeam Ready for Object last week we felt it would be helpful to circle back and talk about an additional use case. In our first post we covered backups of VMware ESX. An equally popular use case is Veeam Backup for Office (VBO).

The Office backup market is massive. Even with the advent of Slack and applications, the email market continues to grow and remains the cornerstone communication mechanism for large enterprises capturing more and more mindshare with the advent of Office 365. Indeed, there are well over 215M Office 365 users today and 185M commercial customers. Only a fraction of those firms do proper backups - exposing them to internal threats from malicious insiders, external threats from hackers and legal and compliance violations.

Veeam Backup for Microsoft Office 365 mitigates the risk of losing access to the entirety of the Office portfolio from email through to attachments and files ensuring ongoing availability to users and the business.

In case you missed the first post, a quick recap of why Veeam and MinIO are such a good fit (if you didn’t skip to the technical bits).

  1. VM backups require scalable storage. There is little debate around this point in architecture circles these days. Object is the most scalable solution - whether in the public or private cloud.
  2. Office365 backups require performance. This is a two part requirement. First, backups and restores need to go quickly no matter the size. Traditional object storage architectures (think appliance vendors) are not up to the task here for a number of reasons. This is where modern object stores like MinIO are exceptionally well suited. There are a number of reasons but these four stand out:
  • Speed. With the ability to read/write at speeds in excess of 160 GB/s in a single 32 node cluster, MinIO can backup and restore at speeds once considered impossible for object storage. Longer backup restore cycles would result in increased disruption to business. One way slower object stores try to make shortcuts is to move to an eventual consistency model. This can have devastating effects if the plug gets pulled in the middle of your job and your database gets corrupted.
  • Object size. MinIO can handle any object size. Veeam’s default is 1MB objects but supports anywhere from 256K to 4MB. Because MinIO writes metadata atomically along with the object data, it does not require a database (Cassandra in most cases) to house the metadata. At smaller object sizes, deletes become highly problematic and effectively disqualify any object store that employs such an approach. At 4MB, dedupe becomes ineffective, so Veeam architects recommend against it.. Suffice to say - if the object storage implementation uses a metadata database, it is not well suited for handling backups.
  • Inline and Strictly Consistent. Data in MinIO is always readable and consistent since all of the I/O is committed synchronously with inline erasure-code, bitrot hash and encryption. The S3 service provided by MinIO is resilient to any disruption or restarts in the middle of busy transactions. There is no caching or staging of data for asynchronous I/O. This guarantees all backup operations are guaranteed to succeed.
  • Commercial off-the-shelf hardware. COTS hardware = huge savings, familiarity and flexibility. This becomes an important requirement as the data grows into to the Petabytes.

The result of these requirements is that Veeam is a natural pair for high-performance, software defined object storage. That is exactly what MinIO is and is why we fit so well with Veeam.

To demonstrate that point, we will pair Veeam together with MinIO as a capacity tier to allow Veeam’s software to perform VBO.

What is VBO?

Veeam Backup for Office allows onsite backup and recovery of Exchange, SharePoint and OneDrive from Microsoft’s Office 365 SaaS offering.  Veeam Backup for Office 365 allows MinIO to be used as a S3 compatible on premise object store. Using Veeam and MinIO together, you have control over how your data is protected.

Why Use It?

Your business relies on the data it generates in Office 365.  For any cloud provider, you have to trust and rely on their systems to protect your data.  For organizations who want full control of ensuring their data is backed up and protected properly, Veeam and MinIO together allow you to backup critical data to your own on premise storage, with full control over what and how often data is backed up. Keeping backups is just one part of the puzzle.  VBO doesn’t just protect your data from catastrophic events, it also allows you to restore accidentally deleted data.  The benefit is obvious when you consider a critical project proposal or presentation for a board meeting.  This is extended even further when you are not backing up just a set of files, but an entire SharePoint site.

Where MinIO Fits In

Backing up data from one cloud provider to another only shifts the responsibility from one vendor to the next.  Although rare, it is not unheard of for cloud providers to periodically lose access services that you rely on.  MinIO provides first class data protection using Reed-Solomon erasure coding and bitrot detection, cross data center replication and still gives you access to your data even if you lose half of your servers.

Environment

Setting up object storage with VBO is simple.  You only need a VBO server, a MinIO deployment, and access to one or more Office 365 tenants.

Installation and Configuration

Configuration is minimal for this use case.  One the MinIO side, you need to ensure your deployment uses HTTPS.  Before configuring MinIO with Veeam, you will need to create a bucket for Veeam to use.  From the Veeam side, you will need to add MinIO as a target object store.   From Office 365, you need to provide an administrator who has permission to access the resources you want to back up and restore.

Setting up MinIO

Follow the steps here to create your MinIO instance - https://docs.min.io/docs/minio-quickstart-guide.html

Keep in mind that Veeam requires an https endpoint for object storage.  Use the following instructions to configure TLS with MinIO.

https://docs.minio.io/docs/how-to-secure-access-to-minio-server-with-tls.html

Once you have a MinIO cluster running, you can use the minio client (mc) or the browser UI to create a bucket.

Using mc to create a bucket

First, we need to add an “alias” that mc can use to access the MinIO server.  The alias is an arbitrary name you define in order to execute administrative commands and S3 requests to the MinIO server.  

mc config host add myminio https://minio-server:9000 myaccesskey mysecretkey

Note here that we specified https, and appended the default port (9000) after the endpoint.

Now that we have an alias for mc, we can create a bucket for Veeam to use for backing up from Office 365.

mc mb myminio/vbo

Since MinIO is fully S3 compatible, you can use other tools such as the AWS SDK for aws cli to create buckets as well.

Using a browser to create bucket

MinIO comes with a built in browser UI that you can use for basic operation as well.  Point your browser to the MinIO endpoint (in this case, https://minio-server:9000) where you will be prompted for your access key and secret key


After logging in, you can use the “+” icon in the bottom right hand corner of the browser.  After clicking this, you have the option to “Create Bucket”

Now that we have a bucket created, we can proceed to configuring Veeam.

Configuring Veeam

Follow the Veeam documentation to utilize MinIO as an object store.

Configuring authentication for Office 365

VBO may require legacy authentication protocols to be enabled on the tenant..  If your tenant does not have legacy authentication enabled, you can do so using PowerShell:

Connect-SPOService -Url "https://TENANTID-admin.sharepoint.com" Set-SPOTenant -LegacyAuthProtocolsEnabled $True

Behind the scenes

The mc command has a powerful built in http tracer that allows us to see all calls being made to the MinIO servers.  Start a backup or restore job from the Veeam Backup for Office 365 console and initiate a trace against the 'mc alias' configured earlier.  We can get basic request and response information with the following command:

mc admin trace myminio

To see detailed trace output, add the -v flag.

Sample output looks like this

20:02:58.443 [200 OK] s3.PutObject veeam-minio01:9000/vbo/Veeam/Backup365/vbotest/Organizations/6571606ecbc4455dbfe23b83f6f45597/Webs/7b0acedc0db0408d818b780635102d21/Lists/abf48ce9b5314a1592c190e0e7a55672 136.78.68.58    79.708ms     ↑ 3.2 MiB ↓ 296 B
20:02:58.863 [200 OK] s3.PutObject

You may notice a warning similar to this during certain operations in the Veeam Backup for Office 365 console:


Happily, since you control the MinIO infrastructure, there are no charges for things like ingress/egress, cross region replication or API calls.

Conclusion

Object storage allows for near infinite capacity spanning and disaggregates compute and storage resources, allowing you to only pay for the resources you need. Veeam and MinIO are natural partners - both offering the best-of-breed in their respective categories. Together, enterprises can quickly backup and restore the mission-critical information that is stored in Office 365.

If you are a Veeam customer already, you can try it out for yourself by downloading MinIO today. We are 100% Open Source and so we don’t ask for your email or any of that nonsense. If you have questions check out our documentation (and our specific Veeam integration docs) and our amazing Slack channel. To understand how much it costs to get a commercial license to MinIO, check out the pricing page.

Previous Post Next Post