- Posts: 9
- Liked: never
- Joined: Jun 30, 2017 1:32 pm
- Full Name: Daniel Killian
We've been running Veeam B&R to backup a 3 node HyperV Failover Cluster for a couple years now and it's been working excellent. We have the Veeam B&R Server itself as a Virtual Server (Windows 2016) and that itself is running on a HyperV server (Windows Server 2012). The Veeam B&R also houses the 'vhdx' file that acts as the backup respository and we then have a QNAP NAS kept offsite that we use for backup copy jobs.
With us being a school this has fit our needs pretty well however with the recent news that more and more schools/colleges are getting hit with Ransomware it makes me realise just how vulnerable this setup is to that should ransomware infect our system and get into either the Veeam B&R Server or even the HyperV Host itself (as it could just encrypt the VHDX file). I'm not sure if I'm being overly paranoid at this point or not but just trying to think how I can protect us better. I've considered adding a second Linux Host to the HyperV server and setting up a repository there as immutable but that wouldn't help in this case as they could just encrypt the linux VHDX.
I was hoping for some advice on whether my 'thoughts' on setting this up could work. Here's what I'm considering;
1. Move most of our backups to the Offsite QNAP Nas. I'd have to lose a long term snapshot or two just due to the size of the storage and it will be a SLOW process but I should be able to get everything backing up to the offsite NAS.
2. Install Veeam B&R on a server seperate to the HyperV host currently housing it. Migrate the config and begin running Veeam from there.
3. Flatten the HyperV Host and install Ubuntu Server to the physical hardware (no hypervisor).
4. Configure the repository as immutable and move backups back across and continue.
I guess my other question to all this is am I being overly paranoid? No connections can be made to our offsite NAS other than from our Veeam Backup Server and no users outside of Domain Admins have access to either the Veeam B&R server or the HyperV Host itself. I just don't want to be caught out so trying to protect us as best I can but also worried I'm causing more of an issue out of it than it needs to.
Any advice would be greatly appreciated.
- Veeam Software
- Posts: 2345
- Liked: 301 times
- Joined: Aug 07, 2018 3:11 pm
- Full Name: Fedor Maslov
Users browsing this forum: No registered users and 15 guests