Hi guys,
I'm going to back up our ~900TB NAS using our existing Veeam B&R server. The target is going to be like this:
Supermicro 4U 90-bay server
2 x Xeon 6248R (24 cores each)
256GB RAM
2 x 3.8TB SSD as boot drives
90 x 18TB SAS
4 x 3.8TB NVME as a tier 0/1 to the SAS drives
4 x 10Gbit NIC
Two things I haven't decided yet:
- Windows Storage Spaces Direct or hardware RAID
- Windows Server 2019 or Linux based hardened repo
As for the Storage Spaces Direct vs hardware RAID, the solution needs to have the following characteristics:
- Single volume of at least 1PB
- Rebuilds of a single failed drive within a reasonable time (say, 24 hours)
- Some level of protection against drive failure
- The ability to leverage NVME drives as a tier 0 to accelerate the backup process
- Simplicity and ruggedness are more important than raw speed
- Also, NTFS or ReFS?
I really like the idea of a hardened repository. The main idea was to create an off-site backup to gain some level of protection against ransomware. However, I try to stay away from Linux as much as I can. Don't get me wrong, I've used many distros to our advantage over the past 20 years, but if you're trying to streamline a small IT staff in terms of workload and knowledge required to run the shop, the last thing you need is 15 different operating systems running in your datacenter. Having said that, would it be at all possible to use Windows Server 2019 to create a really secure repository?
And finally, to bring the two dilemmas together, if I do decide to go with a Linux based hardened repo, should I go hardware RAID or some Linux based software option?
Any insights would be greatly appreciated.
-
Jonathan
- Enthusiast
- Posts: 81
- Liked: 5 times
- Joined: Oct 15, 2009 8:52 am
- Contact:
-
HannesK
- Product Manager
- Posts: 14844
- Liked: 3086 times
- Joined: Sep 01, 2014 11:46 am
- Full Name: Hannes Kasparick
- Location: Austria
- Contact:
Re: NAS backup target decisions
Hello,
as I don't have any experience with S2D rebuild times. I expect everything to be slow with 18TB disks. I have seen RAID rebuilds with 60x8TB taking a week or so (RAID60). So I'm curious what rebuild times you really get in production. I'm conservative: Hardware RAID
I would just like to add the metadata-extent: https://helpcenter.veeam.com/docs/backu ... ml?ver=110 . The -metadata parameter.
Probably the 4x3.8TB NVME are not enough to store one copy of the metadata (second copy is stored in the data extent).
As of today, only image-based workloads are immutable on the Hardened Repository. We are working on improvements, but no timeline yet. If you can protect your VBR environment, then a Windows machine can be secured. But if you "plan" to get your backup server hacked, then Hardened Repository is the only way to protect against early deletion (well, not for NAS today).
NTFS: I would use it if you plan to use Windows deduplication. 64TB volume limit applies.
REFS: hmm, without deduplication it should be fine.
1PB volume: what is the reason that you like to have one volume? Especially with the small NAS backup objects, there is no real benefit.
Best regards,
Hannes
as I don't have any experience with S2D rebuild times. I expect everything to be slow with 18TB disks. I have seen RAID rebuilds with 60x8TB taking a week or so (RAID60). So I'm curious what rebuild times you really get in production. I'm conservative: Hardware RAID
I would just like to add the metadata-extent: https://helpcenter.veeam.com/docs/backu ... ml?ver=110 . The -metadata parameter.
Probably the 4x3.8TB NVME are not enough to store one copy of the metadata (second copy is stored in the data extent).
As of today, only image-based workloads are immutable on the Hardened Repository. We are working on improvements, but no timeline yet. If you can protect your VBR environment, then a Windows machine can be secured. But if you "plan" to get your backup server hacked, then Hardened Repository is the only way to protect against early deletion (well, not for NAS today).
NTFS: I would use it if you plan to use Windows deduplication. 64TB volume limit applies.
REFS: hmm, without deduplication it should be fine.
1PB volume: what is the reason that you like to have one volume? Especially with the small NAS backup objects, there is no real benefit.
Best regards,
Hannes
-
Jonathan
- Enthusiast
- Posts: 81
- Liked: 5 times
- Joined: Oct 15, 2009 8:52 am
- Contact:
Re: NAS backup target decisions
Thanks for your input Hannes.
The last major rebuild I had to do was on a 24x4TB RAID-50 array. This took 4 days
, even on a high-end RAID controller.
I'm not planning to use deduplication, so ReFS is still a viable option. The reason I specified a >1PB volume is that I wouldn't want a dozen 64TB volumes all glued together. As for the NVME drives: in the case of Storage Spaces (which is not the same as Storage Spaces Direct), the tiering configuration will make sure the freshest bits land on NVME drives first, then trickle down to the SAS tier. At least that's the theory. I've seen it work in my lab setups, but that's not the same as throwing dozens of terabytes a day at a box full of disks.
I'd like to think I can build a pretty secure Windows box, but like Von Moltke said: no plan survives first contact with the enemy.
The last major rebuild I had to do was on a 24x4TB RAID-50 array. This took 4 days
, even on a high-end RAID controller.I'm not planning to use deduplication, so ReFS is still a viable option. The reason I specified a >1PB volume is that I wouldn't want a dozen 64TB volumes all glued together. As for the NVME drives: in the case of Storage Spaces (which is not the same as Storage Spaces Direct), the tiering configuration will make sure the freshest bits land on NVME drives first, then trickle down to the SAS tier. At least that's the theory. I've seen it work in my lab setups, but that's not the same as throwing dozens of terabytes a day at a box full of disks.
Do you mean Linux hardened repo won't work with NAS backup anyway?(well, not for NAS today)
I'd like to think I can build a pretty secure Windows box, but like Von Moltke said: no plan survives first contact with the enemy.
-
HannesK
- Product Manager
- Posts: 14844
- Liked: 3086 times
- Joined: Sep 01, 2014 11:46 am
- Full Name: Hannes Kasparick
- Location: Austria
- Contact:
Re: NAS backup target decisions
Hello,
yes, that S2D tiering is relatively useless from my point of view. With backup data, there is no classic use case for "hot" data that can be kept in the faster tier. That's why I suggested to use the flash devices for something where it really brings performance: the metadata.
Hardened Repository can store NAS data today. It's just mutable.
Please share how long a rebuild of your S2D takes once it happens
Best regards,
Hannes
yes, that S2D tiering is relatively useless from my point of view. With backup data, there is no classic use case for "hot" data that can be kept in the faster tier. That's why I suggested to use the flash devices for something where it really brings performance: the metadata.
Hardened Repository can store NAS data today. It's just mutable.
Please share how long a rebuild of your S2D takes once it happens
Best regards,
Hannes
-
Jonathan
- Enthusiast
- Posts: 81
- Liked: 5 times
- Joined: Oct 15, 2009 8:52 am
- Contact:
Re: NAS backup target decisions
Ah, so it's kind of secure until someone grabs the password and deletes the backups?Hardened Repository can store NAS data today. It's just mutable.
-
HannesK
- Product Manager
- Posts: 14844
- Liked: 3086 times
- Joined: Sep 01, 2014 11:46 am
- Full Name: Hannes Kasparick
- Location: Austria
- Contact:
Re: NAS backup target decisions
same security level like on Windows, yes.
Who is online
Users browsing this forum: No registered users and 3 guests