Ave collegae,
today I had the following setup in front of my terminal:
Veeam-Management console and repo: VM on Hyper-V host
attached iSCSI on a NAS hosting the ReFS repo drive
Hyper-V host in backup job
Is this a good idea???? Isn't it kinda loop?
Scratching head
hRy
-
hbilke
- Expert
- Posts: 118
- Liked: 5 times
- Joined: Jan 14, 2017 9:05 pm
- Contact:
-
Mildur
- Product Manager
- Posts: 10643
- Liked: 2867 times
- Joined: May 13, 2017 4:51 pm
- Full Name: Fabian K.
- Location: Switzerland
- Contact:
Re: Is iSCSI "looping"
Hello hRy
Is my understanding correct?
- Veeam Backup & Replication installed on a VM, the same VM is used as the backup repository
- You have a NAS device with an iSCSI LUN
- iSCSI LUN is directly connected to the "Veeam Backup & Replication" VM. The volume is formated as reFS
May I ask what do you mean with "Loop"? I can share some thoughts about the safety considerations of your backups:
- Synology NAS with reFS volumes do not provide immutable or air-gapped backups. An attacker on the HyperV host has access to the backup server VM and therefore to all backup data. Backups and production VMs on the same host could be deleted with a single attack.
- The Backup server should be a dedicated machine if possible. It should not be deployed on a production HyperV.
May I ask, do you have an additional copy of your backups on an air-gapped or immutable backup repository?
- Immutable (object storage, hardened repository, StoreOnce, DataDomain)
- Airgapped (Tape, disconnected external usb disk)
- Cloud Connect provider with insider protection
Best,
Fabian
Is my understanding correct?
- Veeam Backup & Replication installed on a VM, the same VM is used as the backup repository
- You have a NAS device with an iSCSI LUN
- iSCSI LUN is directly connected to the "Veeam Backup & Replication" VM. The volume is formated as reFS
May I ask what do you mean with "Loop"? I can share some thoughts about the safety considerations of your backups:
- Synology NAS with reFS volumes do not provide immutable or air-gapped backups. An attacker on the HyperV host has access to the backup server VM and therefore to all backup data. Backups and production VMs on the same host could be deleted with a single attack.
- The Backup server should be a dedicated machine if possible. It should not be deployed on a production HyperV.
May I ask, do you have an additional copy of your backups on an air-gapped or immutable backup repository?
- Immutable (object storage, hardened repository, StoreOnce, DataDomain)
- Airgapped (Tape, disconnected external usb disk)
- Cloud Connect provider with insider protection
Best,
Fabian
Product Management Analyst @ Veeam Software
-
hbilke
- Expert
- Posts: 118
- Liked: 5 times
- Joined: Jan 14, 2017 9:05 pm
- Contact:
Re: Is iSCSI "looping"
Hi,
I told the admin that the setup is b*sh*. I know the gap-stuff etc. I was just wondering whether with this setup he/she will have problems w/size, space et al.
We ordered already new HW to set it up as we would do it.
to narrow it down: will the backup of the veeam manager being the repo too and attached drive via iSCSI in the VM be of harm?
I really hope that the new HW will arrive sooner then asap.
Cheers
hRy
I told the admin that the setup is b*sh*. I know the gap-stuff etc. I was just wondering whether with this setup he/she will have problems w/size, space et al.
We ordered already new HW to set it up as we would do it.
to narrow it down: will the backup of the veeam manager being the repo too and attached drive via iSCSI in the VM be of harm?
I really hope that the new HW will arrive sooner then asap.
Cheers
hRy
Who is online
Users browsing this forum: No registered users and 4 guests