Add storage pool

Vembu BDR Suite – Review

Today is a sponsored post brought to you by Vembu who asked me to review their recently released BDR Suite 4.0.

Who Are Vembu?

Let’s start at the beginning with a bit of background. The company was actually founded back in 2002 based out of Chennai India but also with offices in the US. The company state that the product has reached 60,000 businesses world wide through 4000 partners.

Vembu BDR Suite

Their core product is the Vembu BDR Suite. The Vembu BDR suite is able to backup and protect a wide range of infrastructure including physical, virtual and cloud workloads.  Some of the specific data types that can be protected are:

  • VMware VM’s
  • Hyper-V VM’s
  • Physical windows machines
  • Office 365
  • Google Apps (G-Suite)
  • Cloud backup of AWS and Azure VM’s

As the product name suggests this is more than just a backup application offering a complete data protection and disaster recovery system.  These capabilities are delivered through the following components of the system:

  • Vembu VMBackup – Allows the backup of vSphere and Hyper-V VM’s without the need for the installation of any agents. In VMware environments the BDR console can also call on the VMware replication feature to copy VM’s between hosts.
  • Vembu ImageBackup – Is used to protect physical windows servers and desktops. The system allows bare metal recovery and P2V migrations
  • Vembu NetworkBackup – Used to backup file and application data including MS Exchange, SQL, SharePoint, and MySQL
  • Vembu OffsiteDR – Creates an offsite copy of your data to protect against loss of the primary backup site
  • Vembu Universal Explorer – Assists with viewing and restoring individual application items within a backup for example a table within SQL or mailbox within Exchange

The first thing that struck me with this product is it’s maturity in terms of number of items that can be backed up and also the scope of features available within the product. All the above features can be managed through a clean looking central console which is accessed via a web browser

Installation

Let’s go ahead and install the product and see how it looks. Vembu BDR suite can be installed on Linux or Windows systems.  Today we will be running through the Windows install. Supported Windows versions are:

  • Server 2008 R2
  • Server 2012
  • Server 2012 R2
  • Server 2016
  • Windows 10

Vembu setup wizard 1

First of all we download the latest version. The installation is wizard driven and generally you can click through it, you can review the settings to change the ports and passwords.

Vembu standard system settings

Config is stored in a PostgreSQL database you will need to make sure you have at least 100GB of storage available and choose where to store this.

Architecture

The architecture we are going to follow is a simple all in one box installation, all management and backup operations occurs from here.  If you have a larger environment you can deploy a backup proxy to act as the data mover and deploy the image backup proxy for the backup of physical machines separately.

Storage Management

Vembu storage pool home screen

Once the installation is complete you can login and manage the system using the web console the default address will be https://VembueServer:6061.  The first job will to be creating a storage pool, storage pools are the target for backup jobs and are made up of a group of volumes which are aggregated together.

Add storage pool

SAN, NAS and DAS can all be used as storage targets. Vembu do not require any specific storage systems since they have developed their own file system VembuHIVE, the file system has inbuilt version control, encryption, deduplication and error correction. The VembuHIVE system also allows you to use any combination of storage types such as SAN and NAS.

Backup

Vembu backup wizard

Let’s take our first backup.  Setting a backup up is again through a wizard in the web console.  You will need to:

  • Select VM’s – Select VMs you would like to backup or a whole vCentre
  • Guest processing – Choose if any application specific processing is required for consistency for example a SQL database
  • Schedule – Choose when you would like the backup to run
  • Storage – Select the storage pool and the number of recovery points you wish to retain

Recovery

  • Quick VM recovery – This allows VMs to be booted direct from the backup to provide quick access to VMs
  • Live recovery – Restores back to the original or a different datastore
  • File level recovery – Allows you to restore individual files within a VM rather than the entire VM
  • Disk management mount – Lets the VM disks be mounted and their content explored and restored as appropriate
  • Download – Allows you to restore the files as a copy

Cloud

Vembu offer a number of options to harness the cloud for backups and to protect workloads held in the cloud. The OnlineBackup backup option allows you to backup directly to the cloud whereas the CloudDR option allows you to replicate your backups to the cloud thus allowing offsiting.  SAAS workloads that can be protected including G suite and Office 365 which are then backed up to the Vembu cloud.

Editions and Pricing

There are three editions available Free, Standard and Enterprise the edition you will need will depend on your business requirements .  You can use this table to compare editions. The pricing policy is very clear and open you can see the latest rates on the Vembu site. The product is priced per socket

 

 

Vembu releases BDR Suite 3.8

Vembu has just released the 3.8 version of their BDR Suite. Let’s start at the beginning with a bit of background. The company was actually founded back in 2002 based out of Chennai India but also with offices in the US. Their core product is the Vembu BDR Suite which is able to backup:

  • VMware VM’s
  • Hyper-V VM’s
  • Physical windows machines
  • Office 365
  • Google Apps (G-Suite)
  • Cloud backup of AWS and Azure VM’s

The first thing that struck me with this product it’s maturity in terms of number of of items that can be backed up and also the scope of features available within the product. All management is controlled through a clean looking central console which is accessed via a web browser

VM based backups are agentless, capable of producing application aware backups and allow enable granular restore. High availability is key to all backup solutions and Vembu supports this with quick VM recovery and VM replication. VM replication allows the agentless replication of a VM to a target to allow near zero RTO. Vembu is available for a 30 day trial

Vembu have actually gone to the effort of creating their own file system which they call VembuHIVE, which keeps the backup files compressed, encrypted and has built in error correction.

What’s new?

Hopefully that gives you a flavour for what Vembu BDR is all about, so let’s look at what’s new in the latest 3.8 release.

OffsiteDR Seed – When first setting up offsite copies one of the key challenges can be the initial data sync which can take a significant amount of time and cause congestion on network links. OffsiteDR seed allows the data to be transferred using an offline method to overcome these challenges

Disk Image Backup in BDR – Previously agent based backups i.e. backups of physical machines had to be configured and managed via a separate server, this can now be done via the central BDR server

Storage Pooling – This feature allows a number of different storage targets to be pooled together to create what appears to be a single backup target. Useful for example if your current target has become full and there is not physical capacity for expansion

Auto Authorization – this is a security feature to ensure the backup data is not sent to an unknown server. Authorization of the backup servers is achieved by the generation of unique keys by the BDR server

 

 

 

 

 

I wanted to cover Vembu backup product which once I started reading up on it I realised was like a swiss army knife of backup products covering many aspects of backup.

 

Ransomeware and Backup Considerations

Given the fun and games that many IT departments will have had over the weekend with the weekend with the WannaCrypt ransomeware I wanted to revisit this topic to understand what ransomeware is and what can be done to reduce risk.

Ransomware was first seen in the mid 2000’s and has grown into a prevalent security threat, with TrendMicro reporting they blocked 100 million plus threats between 2015-16.

 What is Ransomeware?

Ransomware is essentially a hijack of the users of machine, that renders it unusable or operating at reduced capacity unless a payment is made. The hijacks fall into two main types of attack, a lockout screen which stops the users accessing any elements of the system until payment is made. In the second type of attack the users files are encrypted and again a ransom is demanded but this time to decrypt the files. The prevalence of these sort of attacks is unfortunately directly linked to that fact they have proved to be a highly effective business for the criminals behind them. We storage administrators have known for some time that both users and organisations data is critically important to them, now unfortunately it seems so do criminals and they are willing to cash in. ZDNet estimated based on Bitcoin transaction information that between 15 October and 18 December CryptoLocker had been used to extort $27 million from victims.

WannaCrypt

WannaCrypt hit towards the end of last week and so far cases have been recorded in 150 countries. It is a worm that spreads across networks by exploiting a bug in the MS SMB file sharing protocol, once infected the ransomware demands $300 worth of Bitcoins in order to be able to access the system again.  The exploit had been previously identified by Microsoft and a patch released in March for supported OS. Of course this meant that legacy systems to such as XP and server 2003 did not receive the patch. Large uses of these legacy systems such as the NHS in England where particularly badly hit, with 48 different trusts reporting issues. Since this time MS have also released the patch to cover legacy systems XP and Server 2003.

Reducing Risk

Given that this is a storage focused blog I wanted to look at the specific considerations around backup given that this is the predominant recovery method. It is an important consideration that the encryption type software will look to encrypt all attached local and network drives.  The behaviour of encrypting network shares can be particularly damaging to organisation and is why it is important that users are given the most restrictive rights possible so that the ransomware cannot execute.  The importance of staying current and patching has been brought home with the recent WannaCrypt attacks.

Ransomeware Backup Considerations

Replication is not backup – Sometimes high availability and backup are confused.  Replication is not backup and ransomware is a good example of why not. If the primary end becomes infected, so will the target once replication is competeBear in mind this would include automatic backup to the cloud services.

Hold an offline copy of data – Whilst there have been no confirmed cases of backup software getting hit by an attack ,it is a sensible precaution to protect against a future variant by keeping a backup copy offline or at least in a separate media form.  This is in accordance with the standard good practice laid out in the 3-2-1 rule, have 3 copies of your data, 2 different types of media and one offsite copy.

RPO becomes key – With the random nature of these attacks and the potential level of destruction with multiple key file shares potentially being rendered unusable by a single users, how much data can you afford to lose? For those shares which you consider to be at greater risk perhaps due to the number of users you could consider a shorter RPO. Read this article to learn more about selecting an effective RPO and RTO. It may be time to look at more regular snapshot based back ups

Number of Recovery points – The number of recovery points and retention policy also needs to be considered. If you are using a simple policy of 14 days for example it is possible that an infrequently used share, such as one containing monthly finance reporting may only be noticed by a when time all the backups also contain the encrypted files.

Endpoint backup – If users save files locally to their desktop / laptop consider endpoint protection such as Mozzy or Veeam End point protection to safeguard these devices.