VeeamON2021

VeeamON 2021

VeeamON starts at the end of this month and the best news is its free to register . VeeamON is Veeam’s annual conference and will be a mix of news and technical learning opportunities. I attended last years online event and got a lot out of it.

Some of the focus areas this year include:

  • Cloud acceleration — AWS, Azure and Google
  • Kubernetes best practices
  • Cybersecurity and ransomware elimination
  • Microsoft Office 365 backup best practices
  • And so much more to become a data hero!

Some of the sessions I will be tuning into

  • The General Session: The Future of Modern Data Protection
  • End-to-End Workshop: Veeam CDP
  • AWS, Azure, Google Cloud Native Backup — Getting Started
  • Ransomware Recovery — 10 Top Expert Advice & Tips
  • VeeamON Exclusive: V11 — 3 Months In With Anton Gostev

You can check out the full agenda yourself.

VeeamON On starts 25th-26th of May, don’t forget to register.

Veeam CDP

Veeam V11 – Whats new and HPE Integrations

Veeam have recently released the latest major update to their flagship product, Veeam Backup and Replication. VBR 11 is packed with 200 plus improvements and enhancements, today we will discuss some of the most interesting ones.

This release continues Veeam’s evolution from simple backup product to data management suite. Data administration is one of an IT enterprises key challenges with a greater volume of data, more locations for that data plus increased threats including Ransomware. This release of Veeam 11 offers a suite of features to help manage this disparate data, deliver a higher level of availability and to enhance the security of the data.

Linux and Security

Ransomware continues to be a key threat, with high-profile cases like the Garmin attack providing a warning to all. Ransomware holds you hostage by encrypting your data. In a worst case scenario ransomware can also encrypt backup data held on disk, leaving you in a chicken and egg scenario. Veeam offered a solution to this in version 10 with Copy Mode being added to the Cloud Tier. This allowed backups to be instantly copied offsite and stored immutably in Amazon S3. V11 enhances security further by offering hardened Linux repositories, this allows local backups to also be held in an immutable format removing the threat of backups becoming encrypted by ransomware.

Further enhancements are brought to Linux focused customers with the introduction of further backup modes with the Linux proxies. Previously the only available backup mode was hot add, now the list of available modes is comparable to a Windows proxy including direct SAN and network mode.

Other features include the ability now use the Veeam agent to backup Mac. You can read a full guide on implementing the Mac Agent by Michael Cade.

CDP

Veeam CDP

Continuous data protection, is not a new concept and in many ways is easier to understand in its traditional implementation. Previously when physical servers where the norm CDP was enabled through a physical device. You connected it to the server and it acted as a write splitter so that each write was effectively written twice, once to the primary storage and a second time to a CDP appliance. CDP in Veeam utilises VMware VAIO, which like a traditional CDP appliance splits writes. This approach means that there is no need to use snapshots for backups allowing for very low RPO down to 2 seconds and minimal performance impact. To configure CDP you first need to push out the VAIO drivers to the ESXi hosts, which you can do via the Veeam console. Matt That IT Guy has written a walkthrough on  setting up and creating your first CDP job.

Instant Recovery Enhancements

Instant recovery has always been one of the nicest features of Veeam. This allowed VM’s to be spun up directly from backup.  There was some enhancements to the performance of this feature in Version 10 that allowed several VM’s to be instantly recovered at the same time. This is further enhanced in version 11 which now allows instant recovery of SQL and Oracle DB’s plus NAS.

Cloud Enhancements

Google Cloud becomes available as a backup target you can add to a scale out repository.

Veeam also adds an archive tier to scale out repositories which allows longer term retention of data in Amazon S3 Glacier (including Glacier Deep Archive) and Microsoft Azure Archive Storage.

Hardware and HPE Integrations

Version 11 brings improvements both in terms of efficiency and performance for dedupe devices. Dedupe performance is improved by changing the way metadata is stored.  Customers using a HPE Store once as a NAS target can expect up to a 4 times increase in storage capacity. Performance is also improved by increasing the blob size of the data that is being written and by writing metadata to higher performance disks.

If you are backing up a physical machine with SAN attached storage you will also benefit from some new features.  Prior to V11 SAN attached storage was recognised by an agent as local storage and backed up in this way. In V11 a physical SQL server attached to for example a Nimble array can use storage based snapshots as part of the backup process alleviating the load from the host.

Veeam 11 Apollo 4510

It also becomes possible to use an HPE Apollo 4500 as a Veeam appliance Calvin Zito discusses this and all the other changes in this podcast.

To get started you can download Veeam Backup and Replication

ransomware veeam

Ransomware tips from VeeamON

I attended the Veeam Ransomware session at VeeanON.  I picked up some useful tips so thought I would share my notes from the session. Credit for all the information to Rick Vanover,Dave Kawula, Brett Hulin.

ransomware veeam

Background

  • Data is key to all businesses
  • Must protect data and therefore the business from threats including ransomware

Prevention

Three pronged approach, not just technical considerations:

  • Education of users and administrators
  • Backup and recovery implementation
  • Remediation plan

Attack methods

Ransomware attacks occur in three most common ways:

  • RDP compromise, number one method of ransomware attack
  • Email phishing, second most common attack method. Surprising I would have thought this was the most frequent
  • Software vulnerabilities

Veeam Data Labs

Allows testing patches and quick recovery

  • ON demand sand box – restore not directly into production for safety
  • Sure backup and sure replica – boot VM in virtual lab and test before re-introducing to production
  • Secure restore – Mount backup for AV scan before restore

Ultra-Resilient Backup

Safest option is to have an ultra-resilient backup.  This could be air gapped, immutable or offline. For example:

  • Tape
  • Immutable backups e.g. S3 – Backup onsite to performance tier then have policy tier to cloud storage which can be S3. Policy can be set for an immediate copy of data or an archive of the oldest data. Based on Scale Out Repositories
  • Veeam Cloud Connect + Insider protection. Insider Protection provides an additional data copy that can only be access with a call to support to make it visible

Brett Hulin General Tips

  • Establish a DR site. Cloud or physical
  • If possible run Veeam replication to this secondary site
  • Have your DR plan documented
  • Understand your recovery order
  • Involve multiple people
  • Consider licencing implications of being at fail-over site
  • Establish chain of command before an incident

Brett Recovery Tips

  • Shut down servers to prevent further infection
  • Consider when attack occurred and which backups and replicas are therefore clean
  • Recover servers without network and check with AV before re-enabling network
  • Recover infrastructure servers, e.g. AD first
  • Force password resets
  • Have multiple restore copies at recovery site. So can recover from different times
  • Have an air gapped backup e.g. tape

Other tips I picked up from the Veeam Ransomware guide at the Veeam resource library:

  • Veeam server ensure it has no internet access
  • Accounts as much separation as possible
  • Tight file permission on datastore shares
  • Veeam servers require 2FA for RDP access
  • Prepare early