I am well aware that every organization’s retention policies, backup job requirements, backup infrastructure etc. are different, all of which impact how immutability is implemented. And I’m sure that is a contributing factor in my fruitless search for a clearly defined “best practice” guide. But I need HELP, and I don’t want this to be just another post that gets driven off the road by discussions of backup chain type or object-based versus image-level versus file-level backups or some other setting. I understand that those are all important factors that come into play, and I may actually be searching for a mathematical equation or an online form I can use and apply as variables change in our environment. If that exists, please share a link! Otherwise, I'm honestly looking for “here’s how to set up your environment to accomplish your goals”.
Before I get into my desired outcome, let me provide details on my relevant backup infrastructure.
Veeam Components
- Veeam B&R version 12
- Enterprise Plus licensing with 50 instances
Backup Targets
- VMs hosted in VMware vCenter
- VMware VCSA
- Windows agents on physical endpoints
Backup Job
Despite having different backup target types, for the sake of keeping things as simple as possible, I’m only going to provide relevant details on one target system’s backup job.
- Type = VM object
- Schedule = Daily incremental, every day
- Retention = 30 days
- GFS enabled
- Keep weekly full = for 4 weeks, use the one from Sunday
- Keep monthly full = for 12 months, use the weekly full backup from the last week of the month
- Keep yearly full = for 7 years, use the monthly full backup from December
- Secondary destination = (not currently enabled)
- Synthetic full backup = weekly, on Sunday
- Active full backup = monthly, on the last Sunday of every month
Backup Repositories
- Direct attached storage - Microsoft Windows server
- The server is a VM hosted in the production VMware environment, with the repository storage presented as a single disk to the VM and backed by an iSCSI-attached SAN dedicated exclusively to Veeam. It is a “Veeam Ready - Repository” Dell PowerVault EMC ME5024 array, so storage snapshot integration, deduplication, and -- most importantly -- immutability are not available.
- Wasabi cloud
- As many buckets as I need to accomplish my goals
Goals
- 2x copies of every backup
- 1x in our on-prem Veeam SAN (cannot be immutable due to only qualifying as a “Veeam Ready – Repository”)
- 1x in our Wasabi cloud extent, immutable
- 1x weekly full backup every week, to be immutable for 4 weeks (minus 1 day)
- 1x monthly full backup every month, to be immutable for 12 months (minus 1 day)
- 1x yearly backup to be immutable for 7 years (minus 1 day)
To be clear, I already understand the “how-to” portion of a lot of Veeam components – whether it be setting up an immutable repository, a SOBR repository, setting up GFS policies, active fulls, synth fulls, difference between backup chain types, etc. And I know I can extend the immutability period on an object storage repository bucket beyond the default maximum 90 days in Veeam via Veeam PowerShell cmdlets, so I don’t want this to turn into a discussion about immutability periods and what to do there.
I guess what I’m looking for is design advice. I don’t know how to configure the repositories and my backup jobs to achieve my goals efficiently and with no interactive maintenance required. I image the solution may involve backup copy job(s) or configuring the SOBR capacity tier to get a copy of backups as soon as they’re created, maybe multiple Wasabi buckets (each with their own immutability period), as well as at least one SOBR (or more?) with data locality and strict placement enforcement on the SOBR placement policy, and GFS in the backup jobs themselves. But the details are what I’m struggling with. Should I present the Veeam-dedicated SAN to its corresponding Microsoft server as three separate disks (one for daily and weekly backups, one for monthly backups, one for yearly backups), then create three separate Veeam backup repositories (all pointing to the same Microsoft server, but each pointing to a different disk attached to the server)?
Please help! How do I get my goals accomplished with the resources I have?
And if you need to know additional details, I'll be happy to accomodate where possible!