Let’s not waste any time with facts around corona. I think a simple picture speaks more than thousand words:
Starting today, 17.03.2020, all non life essential services have to be shut down in Germany. Most of the companies have already closed their offices and asked their employees to work from home.
This decision brought big challenges with it:
– (In)sufficent Bandwidth
– Secure connection to the office (VPN)
– Enough devices for homeoffice
– Security considerations with private and unmanaged devices
It is a hard time for all of us and we are all trying to make the best of it. We were thinking about how to help our friends, customers and everyone who is struggling with the new challenge. After we have received a lot of feedback that customers are challenged with limited VPN connections and cannot afford access to their data for all of their employees, we came up with this blog-idea:
The two main challenges that we have to face when working from home are: “How do I ensure my employees get access to the data and servers they need?” and “What happens with the data they create while doing this?”. Maybe you have already some roaming users out there with laptops, preconfigured VPNs that backup their data to a central server in your infrastructure or the cloud. But probably most of your users will not have that and you either do not have enough licenses for all of your employees to use your existing enterprise tools or you do not have the necessary hardware requirements and/or manpower to set this all up. Let us have a look how Veeam can help you with the first step:
Veeam’s weapon of choice to create simple and reliable secure connections for “point-to-site” or “site-to-site” connections is Veeam PN. It uses WireGuard VPN technology for site-to-site connections and OpenVPN for point-to-site connections with a simple wizard driven “Next, Next, Finish” approach to deploy a VPN Hub and Spoke architecture where you deploy a central Veeam PN Server that manages connections from endpoints or whole infrastructure sites.
A brief history of Veeam PN: It all started with Veeams “Restore to Microsoft Azure” feature that enables you to start backed up virtual machines or physical servers of any kind as a Azure Cloud VM. To ensure that you can use those Cloud VMs like they are running within your on-prem datacenter you needed to create a manual VPN connection to those VPNs, taking care of certificates, VPN Gatways, complex client and server configurations etc. To simplify the process Veeam has developed Veeam PN which manages all this through a Web GUI that automatically generates certificates, configurations and takes care of all the complex steps for you in the background.
The solution is based on a small linux appliance which is ready to deploy (OVA-template) or you can use your own Ubuntu server and install it manually ( https://helpcenter.veeam.com/docs/veeampn/userguide/install_veeampn_on_linux.html?ver=21 ).
After setting up the appliance you can access it with your webbrowser to start the basic configuration.
And as always the “Veeam way”: simple, intuitive, flexible
Did we already mention it’s for free?
Let’s have a look how to set up and configure Veeam PN:
All steps are described in the User-Guide:
There is no offical support for Hyper-V. But it is possible to convert the OVA-to-Hyper-V:
Before we start with the installation on VMware just a short hint:
If you are using Azure and want to use Veeam PN, you can find a ready to deploy appliance “Veeam PN for Microsoft Azure” in the Azure Marketplace.
A detailed installation guide for “VeeamPN for Microsoft Azure” will follow asap but it is very similar to the installation for VMware.
Click on “create” and start with the install wizard.
Let us start with downloading the OVA File (https://www.veeam.com/de/powered-network.html)
Login to your vSphere-console , right-click on a host and import the OVA-file by selecting “local file”.
Browse to your file and click “open”
Define a name for the VM
Select your Hypervisor where you want to deploy the VM
Check the details and click next
Select a datastore
Configure your networks if required
After clicking Finish the appliance will be deployed
Start the VM. Go to your webbrowser and enter the IP-adress of the VM. If the creation of the appliance is not finished yet, you will see the following screen:
After the installation is done the login page appears.
Enter your username and password.
After the first login you will be prompted to change the password.
After a succesful Login the setup-wizard appears
Select Network hub (main VPN-Gateway)
If you want to add another site to your gateway, you have to pick “Site gateway”
Enter a name for the self-signed certificate and choose an encryption level
Creation of self-signed certificate can take some minutes if encryption level is high
Enter your public IP-address or DNS name.
Enable site-to-site VPN if you want to connect additional sites.
Enable point-to-site VPN if you want connect single devices (e.g. notebooks of homeoffice users).
Our appliance configuration is now finished.
Let us start with adding your clients (Homeoffice users).
Go to clients and click add
We will add a “Standalone Computer”
Add a name for the client. Be careful: Using the checkbox “Use HUB Server as default gateway” will produce high Internet traffic depending on usercounts.
After a short setup we are up and running :
After clicking on “Finish”, download the configuration file for the user. Send this file to your homeoffice user.
On client side :
After downloading (Link: Community Downloads) and installing the OpenVPN-Client start the GUI:
Right-Click on the Open VPN icon in your taskbar and import your configuration:
A message will appear, press OK
Right-click on the Icon in the taskbar again and click on “Import file”
Pick your configuration file
Now connect VPN by rightclick on the icon again -> Connect
The connection is now established
The tray icon is now green and the user is now connected to your envrionment.
Also our VeeamPN-Gateway shows a successful connection.
Please be aware: You have to add your own IP-translations and network configuration. Also add firewall rules according to your network-configuration you have made at the beginning :
We are now up and running with a secure VPN Connection to your network.
We hope we were able to help you implementing a fast, reliable and easy VPN solution to grant access for your homeoffice users.
Now let’s take care of the second challenge,
You’ve done it: Your employees are now able to work from home, accessing all the data they need using Veeam PN. So now they are actually working with that data. They are changing and creating files on their local machines during this time (we will see how long this will be) and this data needs to be protected. Again, most probably you have some users who have an endpoint backup software installed and licensed already but now you need some solution that is super easy to install and configure for your “non-technical” users. And that is free of course 😉 The solution: Veeam Agent Free Edition.
All your users need to do, is download the package from https://www.veeam.com/de/windows-endpoint-server-backup-free.html , install it (you know the drill: “Next, Next, Finish” will do) and let Veeam backup to a local USB Disk/Drive, OneDrive or your central Veeam Backup&Replication Repository (via Veeam PN).
Step by Step Guide: https://helpcenter.veeam.com/docs/agentforwindows/userguide/installation_process.html?ver=40
Now, if the user accidentally delets a file he/she will be able to simply restore it in no time!
Last but not least: Let us talk about what happens, if the users company laptop crashes and it will take some time to get a replacement:
Veeam Restore as Hyper-V / VMware VM for the win!
With only a few clicks from you as a Backup Admin you can boot up the Veeam Agent Backup that was backed up into your central Veeam Repository as a Hyper-V or VMware VM. Veeam takes care of registering the machine on the Hyper-V or VMware environment and starts it up. As a result your user is now able to use any Windows or even Linux OS to connect via RDP and VeeamPN into his/her (now virtual) workstation. https://helpcenter.veeam.com/docs/agentforwindows/userguide/integration_instant_restore.html?ver=40
– Use free Veeam PN to set up a VPN point-to-site or site-to-site connection that enables your users to start working from their home offices in a secure way. It is simple, reliable and scaleable! https://www.veeam.com/de/powered-network.html
– Use free Veeam Agent for Windows or Linux ( https://www.veeam.com/de/windows-endpoint-server-backup-free.html ) to backup your users’ workstations in a simple way that enable the self-service restore of single files, the full workstation or even to start this workstation as a virtual machine in your Hyper-V or VMware environment. https://helpcenter.veeam.com/docs/agentforwindows/userguide/integration_instant_restore.html?ver=40
Have fun and stay healthy !!
Chris + Bene