This website is originally written in the Czech language. Most content is machine (AI) translated into English. The translation may not be exact and may contain errors.
Statistics
Page has been view by 11 001 299 visitors. During today 2,989. Right now is here 340 guests.
Veeam ONE - Upgrade to version 13
Brief description of in-place upgrade from Veeam ONE 12.3.0.4670 to version 13.0.1.5924. Veeam ONE 13 supports Veeam Backup & Replication 12 and newer. The entire process is simple and trouble-free. It proceeds similarly to a minor upgrade within version 12.
Veeam Plug-in for Oracle RMAN and User Control Scope Issue
This article addresses an error for which I found no information on the internet. The error "Backup is not in user's control scope" appeared in Veeam Backup & Replication after launching a new backup using Oracle RMAN. Veeam Plug-in for Oracle RMAN is used in Standalone Mode, meaning backup management is handled on the Oracle server side. Two Oracle DB servers are configured as Oracle Real Application Cluster (RAC).
Veeam Hardened Repository Part 4 - Functionality and Performance Tests
The final part of the series dedicated to managed Veeam Hardened Repository (VHR) installed from VHR ISO 2.0 and the use of Immutable Repository in Veeam Backup & Replication (VBR). In this part, we will show practical tests confirming that immutable files cannot be deleted, we will look at selected information via SSH on the server, and perform simple performance tests. At the end, we will provide a brief summary.
Veeam Hardened Repository Part 3 - Adding to VBR and Usage
In the previous part, we focused on configuring the HPE ProLiant DL380 G11 server and installing the managed Veeam Hardened Repository (VHR) from VHR ISO 2.0. The goal is to obtain backup storage for Veeam Backup & Replication (VBR) that supports Immutability. In this part, we will look at adding the Hardened Backup Repository to VBR and using it for secure backup storage. We will show how to create a backup job, obtain information about immutability on backups, copy backup files, and also the option to move existing backups to the Hardened Repository.
Veeam Hardened Repository Part 1 - How Secure Storage Works
One of the supported immutable storage options in Veeam Backup & Replication (VBR) is Hardened Repository (VHR). We will look at the properties and functions of VHR. We will focus on the variant where we install VHR from the ISO provided by Veeam, thereby obtaining a Managed VHR. We will describe how Immutability is set up and managed on backups (files), how the XFS file system is used, and what services run on the server.
FortiGate SSL VPN login using SAML SSO against Azure AD
FortiGate supports the SAML protocol, which can be used to authenticate users to a remote server (similar to how we use LDAP or RADIUS). We can use such authenticated users in different places. Here we will focus on SSL VPN and use Microsoft Azure AD as Identity Provider (identity source - external authentication server). These can be On-Premises AD DS domain users that we sync to Azure AD Tenant (or pure cloud accounts). Authentication against Azure AD allows us to leverage cloud security. For example, Multi-Factor Authentication (MFA) and Conditional Access in general.
Veeam Hardened Repository Part 2 - Installation on HPE ProLiant DL380 G11
One of the supported Immutable Storage options in Veeam Backup & Replication (VBR) is Hardened Repository (VHR). Veeam has been offering Managed VHR for some time, which is installed from the Veeam Hardened Repository ISO. We'll take a practical look at configuring an HPE ProLiant DL380 G11 server for the Hardened Repository function and installation from VHR ISO 2.0. The server is equipped with NVMe SSD drives and redundantly connected to the network using PortChannel (LACP). For installation, we'll use HPE iLO (Integrated Lights-Out) remote management.
Exchange Server 2016 to Subscription Edition (SE) Migration Part 5 Completion
The migration of an Exchange organization from version 2016 to Subscription Edition (SE) must be performed using Legacy upgrade. This means we install a new server that we add to the organization, configure it, and perform mailbox migration. In the last fifth part, we focus on completing the migration. We redirect all communications to the new servers and from them, update Exchange Hybrid, remove the original DAG, and uninstall Exchange from the old servers.
Exchange Server 2016 to Subscription Edition (SE) Migration Part 2 Client Access
The migration of an Exchange organization from version 2016 to Subscription Edition (SE) must be performed using Legacy upgrade. This means we install a new server that we add to the organization, configure it, and perform mailbox migration. In the second part, we focus on configuring client access services (Client Access). This primarily involves the MAPI over HTTP protocol, Outlook on the web, and other Virtual Directories. We handle communication through HTTPS and do not address POP3 and IMAPS protocols.
Exchange Server 2016 to Subscription Edition (SE) Migration Part 4 Mailbox Moves
Migration of Exchange organization from version 2016 to Subscription Edition (SE) must be performed using Legacy upgrade. This means we install a new server, which we add to the organization, configure and perform mailbox migration. In the fourth part, we focus on moving mailboxes to new databases on new servers. This includes system and user mailboxes as well as public folder mailboxes. After moving all mailboxes, we can remove the original databases.
Most viewed acrticles
TCP/IP - addresses, masks, subnets and calculations
The seventh part of the series on computer networks is more interesting and provides practical information. At the beginning there is a description of the basic terms for networks and subnets, IP addresses and masks. Next, the various network classes and how to write subnets are discussed. The second part deals with practical calculations of network ranges, network masks, number of hosts and subnets.
Windows commands for command line
My plan was to write down various useful commands for Windows in one place, along with a very brief description and example of common usage. I got some basics together but wanted to expand and fix it, but months go by and nothing, so I'm posting it in a not-so-finished state. Here you will find commands for use within the domain, but also for local matters. These are mostly commands used from the command line that are included with Windows. However, some are from Support Tools or Windows Resource Kits. I welcome your comments and additions in the comments.
VLAN - Virtual Local Area Network
The eighth part of the series on computer networks. VLAN, or Virtual Local Area Network, is a common technology these days that brings a number of advantages. I think that all medium-sized and larger companies use VLAN technology, and it can be interesting for small companies as well. VLANs are used to logically divide the network without being tied to physical division. In the article, I try to describe everything necessary to understand what VLAN is, what are the advantages and methods of deployment.
TCP/IP - Routing
In the eleventh part of the series on computer networks, I deal with routing, i.e. routing in networks. There is a brief description, explanation of terms, and then some more common routing methods (RIP, IGRP, EIGRP and OSPF) are described very briefly, including the division of these methods. For the methods, there is a sample of the basic configuration on Cisco. The article is far from exhaustive and the description is often to the point. Finally, rooting on Windows is mentioned.
Azure AD / Entra ID identity and authentication
Articles related to user and device identity (not only) in Microsoft Entra ID. Different login and authentication options. Areas such as modern authentication, multi-factor authentication, password-less login, etc. Often involving the use of FIDO Authentication, for example using the FIDO2 security key or Windows Hello for Business.
(articles in the series: 15)
Basics of computer networks
I wrote this series for Connect magazine. It contains most of the same information as my older series Computer networks, but it is written in a slightly different way. Computer network technologies are first briefly summarized and then discussed in a little more detail from the lowest layers up.
(articles in the series: 4)
Cisco IOS
A large series about the operating system of Cisco's active elements. It contains some of the most read articles on this site. The articles describe the configuration of switches and routers, primarily with Cisco IOS. Things about ports, VLANs, STP, ACLs, QoS, etc.
(articles in the series: 45)
Computer networks
This series covers the basics of computer networking. Important practical aspects that everyone interested in networking should know are briefly described. It contains some of the most widely read articles on this site. It is used for teaching in schools.
(articles in the series: 26)
Computer Storage
Data storage is a vast and complex issue in the computer world. Here you will find articles dedicated to Storage Area Networks (SAN), iSCSI technologies, Fiber Channel, disk arrays (Storage System, Disk Srray) and data storage and storage in general.
(articles in the series: 22)
Fortinet FortiGate and more
Fortinet security solutions. Mostly focused on the Next Generation Firewall (NGFW) FortiGate. Configuration of FW, policies, NAT, but also VPN and authentication options. Marginally working with logs using FortiAnalyzer and with clients using FortiClient EMS.
(articles in the series: 24)
Kerberos protocol with focus on SSO in AD DS
A new series that deals in detail with the Kerberos V5 protocol, mainly in the Microsoft Active Directory environment. It also describes a number of related things that are needed to understand how Kerberos Single Sign-On (SSO) works.
(articles in the series: 14)
Microsoft Exchange
Almost since the beginning of my practice, I have been involved in the administration of the Microsoft mail server, i.e. Exchange Server. I started with the 2003 version and worked my way up to Exchange Online. The articles cover many areas of management. Most since the migration to Exchange Server 2016 and its complete configuration. But also Exchange Hybrid and e-mail security.
(articles in the series: 46)
Veeam Backup & Replication
Articles that focus on Veeam Software's backup solution. It is a platform for Backup, Replication and Restore. In other words, a Data Protection and Disaster Recovery solution.
(articles in the series: 33)
Most recent comments
Thanks a lot for your informative Kerberos overview!!!
Hi Petr, thanks for your website.
Thank you so much for these two articles! Everything fell into place in my understanding of how things work and why certain problems arose.
dobře vy :-), to snad je lepší, ta vaše aktivita, než kdejakej manuál HelpDesků/ServiceDesků ve firmách :-)
Hi Petr Bouška,
Thank you for this — it’s a masterpiece and an excellent article. It was extremely helpful in understanding and implementing passwordless authentication with the Microsoft Authenticator app.
[3]Nerad bych se pouštěl do dlouhých diskuzí ale WAFL určitě není COW ale ROW (redirect on write), srovnávat s BTRFS to jde možná lépe se ZFS ale právě spojení zároveň s RAID a NVRAM není v opensource řešeno nebo spíše nemůže když musí běžet na jakémkoliv HW. Stačí si přečíst obecně dostupné info jako je wiki k ONTAP nebo k WAFL. Ontap / WAFL vznikl někdy kolem 1991-2 a hlavní principy u WAFL už tam byly tenkrát. Snapshoty (většinou COW) umí většina výrobců storage od druhé poloviny 90tých let :-)
Dekuji za reakci. Ano, jde o jednoserverovou instalaci. Puvodni myslenka byla pouzit soucasny certifikat i pro novy server, aby si Outlooky niceho nevsimly, ale to kvuli pouzitemu jmenu zrejme nelze udelat. Ze dvou moznosti, ktere zminujete, se klonim spis ke druhe. K prepnuti klientu dojde az ve chvili, kdy novy server pobezi.