Veeam Backup and Replication hardware

Because of the lack of characters in twitter, I thought I would share my setup via my blog and ask for recommendations on configuration.  Specifically the recommended RAID configuration for the best backup time.

Source:

• VMware Essentials Plus, three ESXi 4.1 hosts
• Identical Hosts:  Dell R710, Dual Intel Xeon E5530 2.4 GHz (dual quad core processors), 32GB of RAM
• EqualLogic PS5000e iSCSI SAN.  16x 1TB SATA II 7200RPM hard drives in a RAID 50 with 10.47 TB usable
• 23 Virtual Machines
• Approx 7TB file server storage in use

Destination (Veeam Backup Server)

• Physical Server: PowerEdge 2950, Dual Intel Xeon 5050 3.0 GHz, 4GB of RAM
• Direct Attached Storage:  MD1000, 15x 2TB Western Digital RE4 Enterprise/RAID SATA II 7200RPM hard drives

So, basically a few questions:

1. What RAID for best performance?  My research tells me RAID 10 has best performance.  However, I’d like to hear the recommended RAID setup for Veeam B&R.  Could be that RAID 50 is recommended and RAID 10 would be overkill given the way Veeam backs up?  I’m not sure.  I need a reasonable backup window. 
2. Is the RAM okay, or need to upgrade?  This server was previously a file server, so 4GB was more than sufficient.
3. Currently the Veeam server is 2003.  I’m thinking 2008 since we are starting from scratch.  Any things to look for there?
4. What’s the recommended backup schedule?  Backup all at once?  Split up based on host/lun?  Limit backup to a specific number of VMs at once?

Thanks for your help.  I could figure out by trail and error, but would rather not recreate the wheel.  What works for you, and what is best practice?

Thanks!!!

2010 Projects

2010 has been a very busy year for IT at Savannah Christian Church, and we aren’t slowing down now! Be on the look out for detailed blog posts over the next few weeks of some of the projects we have rolled out this year, and others still in planning for a 2010/2011 roll out.

Topics include:

* Firewall upgrade – Cisco PIX to ASA
* Moved from 3 bonded T’s to Metro E 10MB up/down.
* Televantage VoIP rolled out
* VMware vSphere Essentials Plus rolled out – 3 host high availability setup.
* EqualLogic 4.0 to 4.3 firmware upgraded.
* Upgraded Domain Controllers to 2008 and moved functional levels to 2008
* Implemented Windows 2008 DFS Naming and Replication for a single network share across all campuses (Naming), and backup (Replication) data back to the main campus.
* Began rolling out Windows 7.
* East Campus new facilities, extended SCC network via site-to-site VPN.
* Effingham Campus launch and new facilities, extend SCC network via site-to-site VPN.
* Rolled out regional campus check-in systems using Wyse Thin Clients and Windows 2008 RD Published App.
* Upgraded to Backup Exec 2010, and planning the deduplucation piece.
* EMS to HVAC integration. Automatic HVAC controlls when a room is reserved via EMS.
* Windows 2008 Remote Desktop Web Access (SSL) and Remote Desktop Gateway implementation. This is replacing public/private NAT RDP access with an SSL secured web access.
* Three server Terminal Server (RD) Farm for load balancing and HA.
* Blackberry 4 – 5 planning.
* Exchange 2007 – 2010 planning.
* Centrally mannaged wireless (WLAN) solution planning.

And more!

I hope to get back on track with blogging about what we are doing here at SCC. Many things I have rolled out have come specifically from CITRT. This blog is my chance to give back to other CITRT and IT Professionals looking for ideas, or troublehooting problems! :0)

Next Level Leadership Conference

Today was the final day of the Next Level Leadership Conference here at Savannah Christian Church… and what a great conference it was. Every year, church leaders across America and around the world come to SCC to network together, and seek out how to take their church to the “Next Level”. We are blessed to be able to give back by teaching what we have learned after many years of conferences ourselves as we have grown over the years, and continue to grow daily.

On the IT side, we not only make sure that our internal infrastructure is performing optimally, but we also offer wireless internet and Internet Kiosks for our guest to use.

For the wireless internet (guest network), we use a device called a Guest Gate, which is a very affordable hardware appliance that separates our guest network from our private network. By adding switches and wireless access points behind the Guest Gate, we are able to create a guest network that is totally isolated from our internal, private network. It works very well! This year, we used an Apple Airport Extreme base station as a central wireless access router for our public network. We also used two Apple Airport Express access points to extend/boost the signal in areas where the signal had gotten weak. The Airport Express access points are actually able to “extend a network”, rather than creating a new network, which is very nice! Doing this, we were able to cover most of the building for Public Wifi.

For our “Internet Kiosks”, we used 4 of our 16 check-in stations. Our check-in stations are non-domain joined, Windows 7 machines with Microsoft Steady State installed. We use Windows 2008 Terminal Server Published App/Remote App to push ACS Check-point to the computer. So, moving these machines to our guest network was simple. We added a “nextlevel” local account without a password, locked the account down with Windows Steady State, disable the ACS local account that we use for the weekends, and move the computers network lines to the guest network in the datacenter. The result, a quick-to-deploy internet kiosk that is completely locked down and isolated from our network. In addition to the security of the computer, we also implemented OpenDNS.com this year for our guest network. Doing this, we were able to protect our guests from certain areas of the internet using OpenDNS’s filters, as well as preserving the bandwidth by blocking access to file sharing, audio & video streaming, etc.

This morning, we had a Q&A-Information Technology session where we were able to take an hour and sit down with guests to talk about IT in their churches. It went really well. A special thanks to Ernesto, Winston and Scott for doing an excellent job assisting in facilitating this session.

Here are a few pictures from Main sessions of the conference, and the Internet Kiosks:

Command Center :0)
Monitoring the SCC Private & Guest Networks

Normally Check-in Stations being used as Internet Kiosks for the Conference.

Shots of the Praise Services that kicked off the Conference on Wednesday night, and main sessions of the conference on Thursday and Friday.

NIC Teaming with VMware vSphere & HP Procurve Switches

I researched how to configure NIC Teaming for load balancing and failover for VMware vSphere 4 and HP Procurve Switches.  I won’t go into great detail, but here are the steps. 

NIC Teaming with VMware vSphere and HP Procurve switches.

Summary…

HP Switch

• Set ports on HP switch for trunking
• Add new trunk to data vlan

 VMware vSphere

• Add networking (new virtual switch) and configure NIC Teaming

 

Steps… 

HP Switch – Set ports on HP Switch for Static Trunk

• Telnet into the hp switch where you want to configure Static Trunk:

Telnet <ip-address>

• Enter password
• Select switch (assuming stacking with a central commander)
• Enter Password (assuming stacking)
• Type Menu
• Select Option 2 Switch Configuration
• Select Option 2 Port/Trunk Settings
• Select Edit and scroll down to desired ports
• On Desired ports:
• Set Group to a new “trk#”
• Set  Type to Trunk
• Enter and Save
• Press 0 to return to main menu

 

Add new trunk to data vlan 20

• Press 5 for Command Line Interface (CLI)
• Type show vlan 1
  notice the new trunk is listed in vlan 1 (the management vlan)
• Type config
• Type vlan # (where # is the number of your data vlan)
• Type untag trk# vlan #   (where # is the number)
• Type show vlan #
•  Notice you’ll now see your “trk#” listed in the data vlan

 

VMware vSphere – Add networking (new virtual switch)

• Log into vCenter then the ESX(i) machine (or direct to ESXi machine)
• With the ESXi machine selected, click Configure
• Click Networking
• Click Add Networking
• Verify Virtual Machine is selected, click Next
• Select desired network adapters and click next
• Give the Virtual machine network a name under “Network Label”
• Click Finish
• Look for the new vSwitch, click Properties
• Select the VM Network Port Group and click Edit
• Select the NIC Teaming tab
• Select Load Balancing and “Route based on IP Hash”
• Click OK to close

You now have your ESXi 4 host configured for NIC teaming for increased bandwidth (load balancing) and failover.

Volume Licensing with Windows Vista, 7, Server 2008…

In moving to Windows 7, I ran into the question of volume licensing, KMS or MAK?  This video helped!

http://technet.microsoft.com/en-us/dd936198.aspx

Basically, for KMS, you have to have a minimum of 25 machines that access the KMS service per month of Windows 7 (5 servers for Server 2008).  The KMS services is a service that you install on your local network (similar to the DNS “service”, DHCP “service”, etc).  If you are trying to activate less than 25 (as we are) via volume license, you’ll want to use MAK license keys, which uses MS hosted activation servers.

Windows 2008 Terminal Server Published App with ACS.

Over the past few months we have been testing Windows 2008 Terminal Server Published Apps and I am very impressed.  With Published App, we are able to push a program to the users desktop via Terminal Server, without having to push the whole remote desktop.  We are able to just push the program.  And it works GREAT!

How are we using it?  Our Church Management System is ACS (Automated Church Systems, www.acstechnologies.com).  Our database resides on a local server.  Then, there is a client that accesses the database server.  This works great over a 100+ MB connection, but not so well over wireless, and impossible via VPN.  This is where Windows 2008 Terminal Server Published App comes into play.  We were able to install a Windows 2008 Server, install Terminal Server with Published Application support, install ACS and then publish the program.  It’s that easy.  What’s great is that it can run on the LAN, WAN, Wireless, you name it.  And, the user wouldn’t know that the program isn’t installed on their computer. 

Another great benefit is that when we perform an update to ACS, we only have to do it once on the Terminal Server and anyone that uses ACS via published app will automatically be updated. 

We will be using Windows 2008 Published App for our Check-in Stations, as well as for our Regional Campuses (WAN) where it would be impossible to push ACS and Televantage through the VPN.  If you haven’t installed an played with Windows 2008 Terminal Server and Published Apps, I highly recommend you doing so.  You won’t be dissappointed.

Next Level Leadership Conference

The Next Level Leadership Conference is distinctly different from most. It’s designed especially for leaders of churches who want close interaction with pastors who’ve navigated from one level of ministry to the next, time and again.

Savannah Christian Church has grown from a few hundred to 6,000 worshipers in the last decade. Along the way, we’ve discovered that when you figure out how to do ministry at one level, you have to make changes for the next. And fast.

For six years, we’ve been helping churches like yours get inspired and get ready for what’s next. We’ve traveled the road you’re traveling. We’ve had success and experienced God’s blessings on our ministry. We’ve also made mistakes.

At this conference, we open our church for a behind-the-scenes peek at how we do ministry and honest talk about your next moves. You’ll leave inspired and equipped to take your ministry to the next level.

www.sccnextlevel.com

Scanning MACs with Spiceworks

Here at Savannah Christian Church, we use Spiceworks (www.spiceworks.com) for our IT Inventory and Help Desk database.  We’ve been using it for about a year now, and it works great.  Spiceworks has the ability to scan Windows via Windows Accounts and/or Domain Accounts; MAC/Unix/Lunix via SSH; and Network hardware via SNMP.  Until recently, we just used Spiceworks to scan for our PCs and network gear.   We have finally got around to looking at what it takes to scan our MACs, and found that it was really straight forward.  If you are using Spiceworks (or thinking of using Spiceworks), here are the steps we took for scanning our MACs.  Your MAC will need to be atleast OS X.

Configuring Spiceworks:

• Open Spiceworks and go to Settings
• Click Network Scan
• Scroll down to Manage Network Accounts.
• Click Add and add an SSH account. (Note: You will need to add this username and password to all of your MACs.)
• Scroll back up and edit your Device/Range that you use to scan your network.
• Where it says SSH, use the drop down to select the Account that you just created.

Configuring the MAC:

• Click the Apple icon and go to System Preferences
• Click Sharing under Internet and Network
• Check Remote Login
• At the top of that page, make sure that your “Computer Name” is alpha-numeric and does not have any special characters or spaces (not even hyphens or underscores).
• Go back to System Preferences and click Network.
• Be sure that both your AirPort (if applicable) and Ethernet have the WINS (under Advanced) NetBios name show the same as the computer name.
• Apply your settings.
• If you don’t already have an account that is the same on all the MACs (it doesn’t have to be what they use to log in, but something like a local admin account), then go to Accounts and create one for each MAC (be sure to use the same user name and password).  This will be the same account name and password Spiceworks will use to scan the MACs via SSH.

Once you’ve completed these steps you can run your Spiceworks Network Scan and it will pick up your MACs, and populate all the data as it does for PC.  Very cool!

A year of Blogging

It’s been a year since I’ve started blogging.  Looking back, I really haven’t kept up with it like I had thought I would.  I average a post or two every other month.  But that’s cool though.

My purpose for the blog is to have a place to share my experiences with other IT Professionals.  What better place to do this than the Web.  🙂  I know for me, it’s awesome to do a Google search and find the answer to a problem on the first page!  That’s what I’ve tried to do this year with my blog.  When I come across a problem, or am working on a project that is new or may  be hard to find, I try to document it and post it on the web, with the hopes that someone else coming across that particular problem or project will find the answer (or get closer to the answer) sooner than later by coming across my blog.

So here are some stats from this year.  Not having anything to compare it to, I’ll say that’s pretty cool that I’ve had 14,488 views over the course of a year.  Most of the hits are from searches too!  🙂

So that’s what I’ll do again for 2009.  I may not blog several times a week, or even a month, like you would expect from a blog.  But I will definitely blog about projects and issues that I come across.

God has blessed me with a great 2008.  I pray Gods blessing over you for 2009.  Happy New Years!

Two Years with the Barracuda Spam Firewall

This month marks two years that we have had the Barracuda Spam Firewall.  I wanted to post the results (as I did last year):

The first shot is stats since I first installed the Barracuda, and the second shot is stats from this month.  It’s working great and I would highly recommend the Barracuda Spam Firewall if you are looking for a spam solution to work with your email system.