Elevating Data Protection Through Backup Verification With NAKIVO

This post may contain affiliate links and I may receive a small commission if you make a purchase using these links – at no extra cost for you. Please read my disclaimer here.

Perhaps one of the most overlooked areas when it comes to backup processes in general that most organizations fail to execute in their backup plans is backup verification. Often, many administrators simply assume backups to be good, and the topic goes no further than that.

However, this is a dangerous routine to become accustomed to, as those who do may find they have corrupted backups in a real disaster scenario. That is the worst to find out that something is wrong with your backups!

You need to start verifying backups to ensure your VMware backups are in a good state before you find yourself in a disaster recovery scenario. Let’s see how to set up backup verification.

Backup verification overview

Backup verification is a fantastic technology found in NAKIVO Backup & Replication that verifies the integrity of the backed up virtual machine by (nearly) instantly booting the virtual machine from the backup, then taking a screenshot of the booted VM, and finally emailing a report with the screenshot to the administrator.

What better way to know that your VMware VMs will be usable than by actually booting and verifying backups of them? Great technology! The way that NAKIVO Backup & Replication does this is by using the already built-in Flash VM Boot technology. Flash VM Boot presents backup disks as RDM disks that are in virtual compatibility mode and mounts those disks to a newly created VM.

Requirements for backup verification

There are a few considerations when setting up backup verification in NAKIVO Backup & Replication. Since this feature utilizes Flash VM Boot technology, it depends on the requirements therein. VMware Tools are used as a Guest OS Agent and must be installed on the backed up VM for backup verification to work. The firewall must have exceptions for port TCP 3260.

Creating iSCSI VMkernel port bindings is not necessary on the iSCSI Storage adapter of an ESXi host by default. You can check this on your ESXi hosts by navigating in the vSphere Web Client to your Host >> Configure >> Storage Adapters >> Your Adapter >> Network Port Binding. iSCSI Software Adapter is created automatically (if it doesn’t exist) by NAKIVO Backup & Replication on an ESXi host that is defined in backup verification options of a job.

Requirements for backup verification

iSCSI port bindings are usually used for multipathing (when there are multiple VMkernel adapters on an ESXi host but the iSCSI target portal is only one; all interfaces are in the same subnet). If port bindings are already configured on an ESXi host, the Transporter (which is a component of NAKIVO Backup & Replication).

ESXi host may not be able to establish a network connection with each other at the iSCSI layer. If you have iSCSI connection issues in this case, you should configure a new port binding for the ESXi host that would be used for Flash VM Boot and Screenshot Verification.

Once you have verified that your VMware ESXi host is configured correctly, you can turn your attention to the NAKIVO appliance. You need to make sure that the NAKIVO environment, specifically the Transporter component, has network connectivity to the iSCSI network of the VMware vSphere host that you are targeting.

If an iSCSI network is not routed in your environment, make sure you have a connection configured on the same VLAN ID and network IP space as the iSCSI VMkernel port. In this case, you need to add a new network adapter to your NAKIVO Transporter appliance and assign an IP address for connectivity to your VMware iSCSI network.

Requirements for backup verification_"

Another consideration if you are using NAKIVO Backup & Replication on a Windows computer is to make sure the Windows firewall has exceptions for port TCP 3260 as this is not allowed by default.

  • netsh advfirewall firewall add rule name="iSCSI In" dir=in action=allow protocol=TCP localport=3260
  • netsh advfirewall firewall add rule name="iSCSI Out" dir=out action=allow protocol=TCP localport=3260

Verify network connectivity

After we have added our network adapter and configured the addressing for the additional network adapter in NAKIVO Backup & Replication to be on the same IP space as our VMware iSCSI network, we can test connectivity to one of the iSCSI VMkernel port IP addresses.

Verify network connectivity

As seen above, we are pinging a VMKernel port IP address on one of our VMware ESXi hosts. We should see ping responses back from the test, which we do. So we know from that result that traffic is both getting to our host and returning to us.

However, pinging is not enough because an ICMP protocol is used for pinging a host. You should make sure that you can access the IP address of VMkernel via TCP protocol on port 3260. If you use a virtual appliance or a standalone instance of NAKIVO Transporter on a Linux machine, run the following command on the machine with the Transporter used for a backup job with screenshot verification to check the network connection:

nmap -p3260

If nmap is not installed, install it by running a command such as apt install nmap.

Configuring backup verification

Now that we have all the prerequisites met and we have tested our connectivity to the server, we are ready to start configuring the backup verification functionality. To have the backup verification delivered to our email, we need to first configure our email settings in the NAKIVO appliance.

To get to the email settings, simply click on the settings “cog” in the upper right-hand corner of the interface.Once there, we see the email settings menu that can be expanded. Also, all the way to the right of the column, there is an Edit link. Click the edit link.

Configuring backup verification

When you click to edit the email settings, you will see the normal email configuration settings that need to be configured – SMTP server, SMTP username, SMTP password, SMTP port, From address and To address. 

Below you see the configuration as it might look in configuring a GMAIL address for our configuration. Notice, we can specify an Encrypted connection which allows us to configure encryption options that allow connectivity to GMAIL and others.

Configuring backup verification_2

Before we can actually apply our email settings, we must click Send Test Email which tests the settings. I think this workflow is prudent as how many other email configurations will simply let you apply a configuration without testing, or not have a means to test. After we send the test email and it is successful, we can apply the configuration.

Configuring backup verification_3

To actually turn on the screenshot verification feature on our backup jobs, we need to look at the options of the job. Note below that we have screenshot verification to Enabled. Also, we see the settings link to the right of our Enabled box.

Configuring backup verification_4

When we click the Settings link, we can configure the Target container or vSphere resource, Target datastore or our storage for the resulting recovered VM, and other verification options, including how many VMs we want to verify simultaneously, the RTO on the recovered VM, and the delay after the guest OS is started until we grab a screenshot.

Configuring backup verification_5

Once the job runs successfully, the screenshot verification process will begin using the Flash VM Boot technology. If you are watching in vCenter web client, you will see iSCSI targets being provisioned as the Flash VM Boot mechanism configures the storage for the RDM mapping.

Configuring backup verification_6

The VM is restored with the “-recovered” appended. It is also powered on as the process powers the virtual machine on in preparation for the screenshot verification.

Configuring backup verification_7

Once the virtual machine is booted and the screenshot has taken place, you will receive an email to the address that was configured earlier with the job details as well as a screenshot of the virtual machine in its booted state!

Configuring backup verification_8


Verifying backups once they are taken should be an essential step in any backup routine. Often, however, this step is neglected when it comes to backup processes. Failing to verify backups can produce nightmare scenarios where you have corrupted backups in an actual disaster recovery situation.

NAKIVO Backup & Replication v7 makes verifying your backups seamless, as the screenshot verification process automates the verification. Once the screenshot verification process is configured, the backed up virtual machine is booted from the actual backup files. This verifies the backup files are successfully able to boot the VM from the backups. 

After the VM boots, a screenshot is snapped, and an email is sent with all the pertinent information. NAKIVO has provided an extremely powerful backup verification process in the screenshot verification mechanism. We no longer have an excuse not to verify our backups!

About the author 

Peter Keszegh

Most people write this part in the third person but I won't. You're at the right place if you want to start or grow your online business. When I'm not busy scaling up my own or other people' businesses, you'll find me trying out new things and discovering new places. Connect with me on Facebook, just let me know how I can help.

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}