EN 

www.SAMURAJ-cz.com 

17.01.2025 Drahoslav WELCOME IN MY WORLD

This website is originally written in the Czech language. Only part of the content is machine (AI) translated into English. The translation may not be exact and may contain errors.

Statistics

Page has been view by 9 906 550 visitors. During today 1,773. Right now is here 125 guests.

Veeam Backup & Replication - Object Storage Repository and Immutability

This article deals with the use of Object Storage as a primary backup repository. It can also be used to store a secondary backup copy. The goal is to use the immutability property of object storage to secure backed up data against Ransomware, etc. In practice, we will describe two variants. The first is when the object storage is S3 compatible (in our case NetApp ONTAP). And the second is Microsoft Azure Blob Storage (Storage account).

NetApp ONTAP S3 Object Storage

NetApp ONTAP supports a combination of file, block, and object protocols. We can operate object storage with access using the S3 API. Within an ONTAP cluster, we can configure and manage an S3 (Simple Storage Service) Object Storage Server that works with data as S3 objects. Management is traditionally possible using ONTAP System Manager or ONTAP CLI.
05.01.2025 | | - Samuraj | NetApp admin | 756x | Comments [0]

What is Object Storage?

Object storage is the youngest type of storage. They are often offered as a cloud service, but they can also be operated on-premises (as a special appliance or software on a server). In this article, we will look at a comparison of the main features with block and file storage. We will also discuss the general features and principles of object storage. A large representative of this type of storage is Amazon S3, which defines an interface for accessing the S3 REST API. Many manufacturers support this API and their solutions are referred to as S3 Compatible Storage / S3 Object Storage.

Veeam Backup & Replication - Managed Hardened Repository

This article is about Veeam Hardened Repository. That is, a repository that supports Immutability. It is built on a server with a Linux operating system and storage space. We will practically describe the deployment of Managed Hardened Repository and its use for storing backups. This means that we will use Veeam Hardened Repository ISO for installation. For simplicity (this is for testing) we will use a virtual machine in a VMware environment.
10.11.2024 | | - Samuraj | Veeam admin | 1 700x | Comments [0]

Veeam Backup & Replication - Immutable Repositories and Secure Backups

Secure storage of backups is crucial today. It is important to ensure that our backups are not deleted or corrupted. We will explore the possibilities of Immutable Backups. We need a Storage System that supports Immutability. This can be a cloud service, hardware device, or software (for example a Linux server acting as a Hardened Repository). In Veeam, we will create a Backup Repository from it with activated Immutability.

Refresh membership in AD groups without logoff or reboot

When we work on a computer under a domain account and access resources on the network where permissions are controlled using security groups. If our account is included in a new group (to gain new access), the change will only take effect after the computer is restarted or the user logs out and logs in. In the case of Kerberos authentication (not NTLM), we can trigger a new acquisition of tickets (with the klist command) that contain the current group membership. Under certain conditions, we will immediately gain access given by the new group. First, in the article, we will look at displaying a list of groups of which the current user is a member.

Veeam ONE - upgrade to version 12.2

A brief description of the in-place upgrade of Veeam ONE 12 to version 12.2. The whole process is simple and hassle-free. It should work similarly for other versions as well.

How to Group Managed Service Accounts (gMSA)

How to better and more securely resolve service accounts for running services or scheduled tasks in a Microsoft Active Directory domain environment. Managed service accounts have been available for a long time. Managed Service Accounts were added with Windows Server 2008 R2. They help address service identities with greater security and reduce management overhead. The administrator doesn't have to worry about passwords because secure password management for the accounts is provided by the Windows operating system. They are used to non-interactively run applications, services, processes, or tasks that need a secure identity (credential).

Veeam Backup & Replication 12 - Backup Copy Job and Seeding

The way backup files are stored has been modified in Backup & Replication 12. Primarily Per-Machine Backup with Separate Metadata Files is used. The Backup Copy Job has also changed quite a bit. In this article, we'll take a look at how the new Backup Copy Job works. And we'll practically describe copying backups to a remote location when the data is large and a complete transfer over the WAN would take too long. We will use Seeding and transfer the data (initial Full Backup) offline on an external USB drive. After that, we map the copy job to the transferred data.

Veeam Backup & Replication - Oracle Database backup

We will look at backing up Oracle databases using the Veeam Plug-in for Oracle RMAN. We will describe a newer option (from VBR version 12), when backup is controlled from Veeam Backup & Replication Server. That is, centrally as common backup types. This is the managed mode (Managed Mode) of the Veeam Plug-in. Protection Groups are used to deploy and manage plug-ins (as well as agents).

Most viewed acrticles

TCP/IP - addresses, masks, subnets and calculations

The seventh part of the series on computer networks is more interesting and provides practical information. At the beginning there is a description of the basic terms for networks and subnets, IP addresses and masks. Next, the various network classes and how to write subnets are discussed. The second part deals with practical calculations of network ranges, network masks, number of hosts and subnets.
11.08.2008 | | - Samuraj | networks | 2 361 491x | Comments [82]

Windows commands for command line

My plan was to write down various useful commands for Windows in one place, along with a very brief description and example of common usage. I got some basics together but wanted to expand and fix it, but months go by and nothing, so I'm posting it in a not-so-finished state. Here you will find commands for use within the domain, but also for local matters. These are mostly commands used from the command line that are included with Windows. However, some are from Support Tools or Windows Resource Kits. I welcome your comments and additions in the comments.
05.11.2012 | | - Samuraj | Microsoft admin | 562 183x | Comments [98]

VLAN - Virtual Local Area Network

The eighth part of the series on computer networks. VLAN, or Virtual Local Area Network, is a common technology these days that brings a number of advantages. I think that all medium-sized and larger companies use VLAN technology, and it can be interesting for small companies as well. VLANs are used to logically divide the network without being tied to physical division. In the article, I try to describe everything necessary to understand what VLAN is, what are the advantages and methods of deployment.
02.06.2007 | | - Samuraj | networks | 254 707x | Comments [79]

TCP/IP - Routing

In the eleventh part of the series on computer networks, I deal with routing, i.e. routing in networks. There is a brief description, explanation of terms, and then some more common routing methods (RIP, IGRP, EIGRP and OSPF) are described very briefly, including the division of these methods. For the methods, there is a sample of the basic configuration on Cisco. The article is far from exhaustive and the description is often to the point. Finally, rooting on Windows is mentioned.
| - Samuraj | networks | 194 109x | Comments [23]

Azure AD / Entra ID identity and authentication

Articles related to user and device identity (not only) in Microsoft Entra ID. Different login and authentication options. Areas such as modern authentication, multi-factor authentication, password-less login, etc. Often involving the use of FIDO Authentication, for example using the FIDO2 security key or Windows Hello for Business.
(articles in the series: 14)

Basics of computer networks

I wrote this series for Connect magazine. It contains most of the same information as my older series Computer networks, but it is written in a slightly different way. Computer network technologies are first briefly summarized and then discussed in a little more detail from the lowest layers up.
(articles in the series: 4)

Cisco IOS

A large series about the operating system of Cisco's active elements. It contains some of the most read articles on this site. The articles describe the configuration of switches and routers, primarily with Cisco IOS. Things about ports, VLANs, STP, ACLs, QoS, etc.
(articles in the series: 45)

Computer networks

This series covers the basics of computer networking. Important practical aspects that everyone interested in networking should know are briefly described. It contains some of the most widely read articles on this site. It is used for teaching in schools.
(articles in the series: 26)

Computer Storage

Data storage is a vast and complex issue in the computer world. Here you will find articles dedicated to Storage Area Networks (SAN), iSCSI technologies, Fiber Channel, disk arrays (Storage System, Disk Srray) and data storage and storage in general.
(articles in the series: 23)

Fortinet FortiGate and more

Fortinet security solutions. Mostly focused on the Next Generation Firewall (NGFW) FortiGate. Configuration of FW, policies, NAT, but also VPN and authentication options. Marginally working with logs using FortiAnalyzer and with clients using FortiClient EMS.
(articles in the series: 24)

Kerberos protocol with focus on SSO in AD DS

A new series that deals in detail with the Kerberos V5 protocol, mainly in the Microsoft Active Directory environment. It also describes a number of related things that are needed to understand how Kerberos Single Sign-On (SSO) works.
(articles in the series: 14)

Microsoft Exchange

Almost since the beginning of my practice, I have been involved in the administration of the Microsoft mail server, i.e. Exchange Server. I started with the 2003 version and worked my way up to Exchange Online. The articles cover many areas of management. Most since the migration to Exchange Server 2016 and its complete configuration. But also Exchange Hybrid and e-mail security.
(articles in the series: 38)

Veeam Backup & Replication

Articles that focus on Veeam Software's backup solution. It is a platform for Backup, Replication and Restore. In other words, a Data Protection and Disaster Recovery solution.
(articles in the series: 19)
Most recent comments
  1. It helped me a lot after all these years, thank you very much my friend.

  2. Dobry den, diky za clanek, uz nejakou dobu praktikujeme reseni se sestrelenim exploreru a spusteni nove explorer session pres cmd-propmt.

    Mame ale novy pripad, ktery je ponekud komplikovanejsi tim, ze jsou ve hre dve domeny. Pocitac s Win11 je clenem domeny A a file server, na ktery dani uzivatele potrebuji pristupovat je clenem domeny B. Mezi temito domenamy neexistuje zadna forma trustu.

    Pristupy funguji spolehlive pro stavajici uzivatele, kteri meli pristup od jakziva, nicmene v situaci, kdy napriklad novy zamestnanec dostane novy pocitac s domenou A a zaroven dostane pristupova prava do slozek na serveru v domene B, nevim zda existuje reseni, jak docili obnoveni clenstvi ve skupinach v takove situaci.

    Jen pro upresneni - jde o situaci, kdy firma A koupila firmu B a uzivatele dostali nove laptopy/desktopy od firmy A a maji vybaveny pristup do site firmy B a k pristupu ke zdrojum ve firme B stale pouzivaji jejich stare (potazmo nove pokud jde o nove zamestnance) domenove ucty - maji napr. namapovane slozky stylem: net use K: \\server\folder /user:domena_B\uzivatel

    Mel by nekdo nejaky typ jak resit obnoveni clenstvi ve vyse popsane situaci?

  3. Díky za článek, zajímalo by mě jestli je možné PIN změnit z portálu společnosti. Četl dle copilota by to mělo jít, ale logicky je PIN uložen v TPM na daném zařízení. Není mi úplně jasné jak by tento proces proběhl

  4. HSRP - If the priorities are the same, the highest physical address will be selected as active in the group.

  5. zdravim

  6. Perfektní článek. Ještě jsem slyšel o možnosti "čištění" SMB session pro uživatele pomocí restartu služby Workstation (v CZ Pracovní stanice). Nicméně funkčnost jsem reálně nezkoušel.

  7. Perfektní článek. Ještě jsem (g)MSA nezačal rutinně používat a už tu máme ve W2025 novinku dMSA (Delegated Managed Service Accounts) :-)