Monthly Archives: February 2017

Vembu BDR Suite 3.7.0 – Now also available as a free edition

Some time ago I wrote about Vembu BDR Suite here. Vembu just released Vembu BDR Suite 3.7.0. This latest version comes with many improvements like :

  • Accelerate backup performance with faster restores
  • Multitenancy for both Vembu BDR and Vembu Offsite DR servers. Very interesting for service providers and based on role based access. Customers can manager and monitor themselves using Group level web access which can be enabled.
  • New backend datase. PostgreSQL in stead of MongoDB and MySQL. This for better performance and less storage required
  • Improved scheduling options
  • Faster User Interface with a new location of some functions which improves handling
  • and now.. a Free Edition – Limited feature set but avaiable after the 30 day trial period at no cost.

More information:

The Free Edition is completely new and has the following included:

  • Support for VMware, Hyper-V, Windows Servers, Windows Workstation, File Backup
  • Support for backup to the Cloud using Vembu OnlineBackup
  • Agentless VMware Backup
  • vCenter level backup
  • Backup Multiple VM’s, full VM backup
  • Possibility to exclude particular VM or disk from backup configuration
  • Support for Direct SAN, Hot-Add and network transport mode
  • Application Aware Backup
  • Instant file recovery
  • Instant Granular Recovery for Microsoft Exchange, SQL, SharePoint and Active Directory!
  • Cross Hypervisor Migration (V2V)

As you see above it’s a pretty impressive list of components and features included in the free version. Obviously there are limitations so you can’t perform every action and configure all options in the free version. Based on your management, service level agreement (SLA), recovery point objective (RPO) and recovery time objective (RTO) requirements you can easily determine if the free version is something for you based on this “Free vs Paid edition” comparison.



VMware OS Optimization tool

The VMware OS Optimization Tool helps optimize Windows 7/8/2008/2012/10 systems for use with the VMware Hypervisor. The optimization tool includes customizable templates to enable or disable Windows system services and features, per VMware recommendations and best practices, across multiple systems. Since most Windows system services are enabled by default, the optimization tool can be used to easily disable unnecessary services and features to improve performance.

You can perform the following actions using the VMware OS Optimization Tool:

  • Local Analyze/Optimize
  • Remote Analyze
  • Optimization History and Rollback
  • Managing Templates


After scanning the system you can select/de-select several optimizations:


You can even scan remote clients:


And all the settings can be saved in a template, there are public templates (for example LoginVSI) available:


I think this is a great tool what you can use to tune your VM’s. Use with caution!

More info here

Citrix Connection Quality Indicator


In complex environments, where distributed applications are deployed across the network utilizing numerous physical servers and workstations, connectivity can be reduced in general and/or per session basis. Connection Quality Indicator is a tool which provides feedback to the user when the network has been impacted to the point that the user’s experience is degraded. Displaying this information to the end user will improve overall user experience and reduce the number of helpdesk calls for network related user experience issues.

How to use Connection Quality Indicator

CQI is launched on session startup and continues to run for the life of the session notifying the user of changes to network performance. Notifications are used by CQI to alert the user about network state. There are several types of notifications that a user can see while the tool is running, they are as follows:

The way the end user interacts with CQI when using a Published Desktop or Application is for the most part the same, however, there are some subtle differences. When using a Published Desktop, CQI notifications are displayed in two different areas, system tray and standard notifications.

For Published Applications, since there’s no desktop, only standard notifications are shown.  If more than one Published Application is in use within the same session, only the foreground application will display the notification.

More information here

Recommended WordPress Filesystem Security 1

For those people who are (also) running WordPress. Hereby the recommended filesystem security settings (for Linux servers running WordPress) :

Name Recommended Permissions
root directory 755
wp-includes/ 755
.htaccess 644
wp-admin/index.php 644
wp-admin/js/ 755
wp-content/themes/ 755
wp-content/plugins/ 755
wp-admin/ 755
wp-content/ 755
wp-config.php 644

Altaro VM Backup v7 (What’s new)

Some time ago I wrote about the V7 beta version here. Altaro released their final edition of v7 recently.
Some of the key features of version 7:
  • Support for Windows 2016
  • Augmented Inline Deduplication
  • Boot from Back-up
  • New interface/GUI (in comparison to v6)

Support for Windows 2016

With v7 Altaro officially supports (with enhanced security and scalability) Windows Server 2016. You will now be able to use all of the features when upgrading to the latest version of Windows Server.

Augmented Inline Deduplication

Altaro’s unique Augmented Inline Deduplication increases performance of back-ups and restores for on- and offsite backups by transferring using inline deduplication instead of afterwards. This not only saves time, but it also reduces the amount of storage needed to store te backups. I can’t wait to test this feature.


Boot from Backup

Boot from Backup is another innovation release in VM Backup V7. This enables administrators to boot from the backup location.

Any changes made to the VM are applied when the VM is rebooted. This feature ensures minimal downtime for end users and enables the administrator to fully recover the original VM without pressure from the organisation.

New interface

You might also have noticed the change in the Altaro logo color. Altaro took the opportunity to freshen up their look with their latest product release and also launched a new website that you can check out at The new GUI makes it easy to implement your backup strategy. It’s now possible to manage, configure backup/restore jobs accross multiple hosts all in the same GUI. (Altaro announced that future releases will expand those possibilities even further!) I upgraded my beta install to the final release and all went smooth. The existing configuration and jobs worked as they should after the upgrade. I did a restore test and that worked like a charm.

Currently I’m in the middle of testing the inline deduplication (I can already say I see amazing results) and the other features. I’m also working on a comparison with other vendors. Stay tuned for the results!

How to configure pfSense to allow outgoing SMTP traffic

In this scenario I would like to allow SMTP traffic to my internet provider so that an application in my test environment is able to send notification messages. In this environment I use pfSense.

For this to work, you have to create a port forwarding rule on the LAN interface forwarding traffic to any IP with port 587.

Open the pfSense interace and go to Firewall rules:


Then create a new rule as follows:


Make sure you use the right (internal) IP address of the server which is sending the emails.

Quick tip : How to check which other websites are sharing your (VPS/Web) server 1

Many people make use of VPS servers of providers like TransIP and

Often I hear people complain about the performance of their (web) server of Blog. Often this is due to overcomittment of the virtualization platform that the provider is using. Many websites have little to none traffic and at peak times the performance is not that great. (Keep in mind the price differences between hosting providers!) Don’t expect great performance when you use a $3/month WordPress website. Often those servers are heavily overcommitted.

You can check this very easily by using reverse DNS. An easy to use website is yougetsignal. Just fill in your (or any other) domainname and hit check. You instantly see which other websites are using the same public Internet IP Address. You see >30 other questionable websites??? Don’t expect top performance…


Combine Plesk and New Relic to monitor your server(s) running your Blog (for free!)

I use Plesk for management of my web servers. It saves me a lot of time and makes managing several (Linux) web servers a piece of cake. Those web servers are running on virtual servers and I wanted an overview of the usage and the performance. I decided to use the API’s of New Relic because I already had a great experience and noticed that there was a Plesk extension for it.

Installing the extension is very easy. Go to extensions and add the New Relic – Application Performance Extension

Now click on the Extension New Relic to configure it. Open a extra tab in your browser and sign up for a free New Relic account here. (I prefer to use Google Chrome, it works beter)

After creating your account. You need 3 things, 2 of those you can find in the New Relic interface. First is the Account Number. You can find that in the browser:

That is the number between accounts/ and /applications.

The second is the API key. Go to Account settings:

And find your API key below:

Now go back to your other tab and let’s configure the New Relic extension. You notice the following screen:

First is the license key (step 2), the server name is the name of your server (of something to identify it) and the account ID is the number you wrote down. Choose to install Servers (this will install the appropriate client on the server for monitoring purposes) and click ok.

After some time, go to the New Relic tab, choose the servers menu and notice your server!

You notice the green square. Your server is in a healthy state. You notice the CPU, memory and disk statistics. Now let’s click on your server.

Wow! In one single overview you have all the necessary information you need. Is your website performing badly? At what time? Was it the CPU or memory?

Notice the Processes, Network and Disks tabs. Clicking on those you can easily find more information what is causing possibly a problem on your server(s)


When you are using Plesk for management for your server, the New Relic extension is a great way to monitor your servers. It’s very easy to configure and it gives you lot of information. You can use all the server features at no costs! All of the above is free and you receive no commercials or SPAM.

How to fight Ransomware using Backup Technology

With the amount of ransomware cases seeming to increase every day this is coming more and more a problem. Ransomware cost hundreds of millions in damages worldwide en is increasing rapidly.

Modern total data protection solutions take snapshot based incremental backups on frequently based.

if your business suffers a ransomware attack, this technology allows you to roll-back your data to a point-in-time before the corruption occurred. When it comes to ransomware, the benefit of this is two-fold. First, you don’t need to pay the ransom to get your data back.

Second, since you are restoring to a point-in-time before the ransomware infected your systems, you can be certain everything is clean and the malware cannot be triggered again.

Recent surveys illustrated how extensive ransomware threats have been and recent studies show that an adequate backup solution is the best remedy. Therefore you need an adequate disaster recovery plan. This blogpost is about recovery and not preventing ransomware. I will blog about that later.

A great backup solution is not the answer for preventing Ransomware but it is the best way to provide a fast recovery. This way downtime and data loss is minimized.

While it may seem basic, experts agree that a solid backup plan is still the best prescription for addressing the threat of ransomware.

But what exactly does implementing a backup plan really mean, and what does a well-executed plan look like?

Working backup

Make sure your backups are working. test them! A green check mark isn’t enough!

According to an recent study by Symantec, most large companies test their backup plans on average once a year.

Simple backups should be tested much more frequently — at least once a quarter and whenever there is a major hardware or software change to your backup system. It’s particularly important to run a test after upgrading or changing major components in your backup system (for example the firmware version) to make sure everything works properly with the rest of your system.

Testing should consist of more than just simple some file restores. For example, if you just restore a couple of files you can’t be sure that your directory trees and other features are working as they are supposed to.

When you test a restore, take a minute to study the directories to make sure everything that should be backed up is actually backed up. The test should include restoring entire folders, complete with subfolders, as well as one or more critical applications.

Don’t forget your application-aware backups like SQL/Exchange etc. Some things are very difficult to test in their natural environment, but therefore you could use an OTAP environment. You can take advantage of your hypervisor and your backup solution for that purpose.


Good data retention policies are necessary, you need to be able to restore data at least two weeks old, better a month Recent studies discovered that large companies are infected months before they notice they are infected! How long are you keeping your backups? 14 days? 7 weeks? 6 months? Review, validate and, if needed, modify the retention policy (as defined in your backup policy) to ensure a sufficient Recovery Point Objective (RPO).

This may vary depending on your particular industry and regulations, and internal IT policies — IT, Legal, and Compliance teams — will make the call on data retention needs.  Rest assured that no matter what length you choose, the more the better. Using Cloud storage like Azure or Amazon could help you keeping the costs acceptable.

Offsite backup

A necessary part of the DR plan is to create an offsite backup as part of your backup strategy. Backups are critical. But, if you’re just performing regular backups to a single location, you’re missing an important part of your backup strategy. You need your files stored in separate physical locations.

Copy Backups Offsite

By using Nakivo Backup & Replication you can keep the copies of your backups locally, having at least one copy of your most critical backups offsite. This can save you from a lot of trouble in case a local disaster wipes your primary backups.  The secondary Backup Repository can be placed in any location that has a connection to the Internet, because backup data can be transferred via AES 256 encrypted link, and your secondary backup repository can be encrypted as well:


Copy Backups to the Cloud (for example Amazon or Azure)

By Using Nakivo Backup & Replication you can use create fast, reliable, and affordable copies of your backups in the Cloud. This way your backup files are safely stored.


More information about Nakivo Integration with Azure Cloud here.


Testing your backup strategy on a regular base is essential to make sure your backup solution does what it’s supposed to do! Offsite backups are a necessary fail safe to make sure backups are safe and can be relied on.

If an organization has no offsite disaster recovery facility, then backups to cloud should be considered as a means to safely store data outside of the scope of potential malware infection. Retention policies also can be leveraged to make sure data is kept for the period that makes sense to the business and that allows for recovery point objectives to be met.