Host-based backup of VMware vSphere VMs.
Post Reply
Valle1975
Enthusiast
Posts: 32
Liked: 3 times
Joined: Aug 30, 2019 7:41 am
Full Name: Valerio
Contact:

Improve Veeam B&R configuration

Post by Valle1975 »

Good mornind to everyone!
I read a lot of posts about the your strategy for Backup with Veeam B&R, and I have a doubt about my actual one.
I have a Vsphere 6.5 Cluster with n.2 Hosts and one datastore on a small SAN (just 3 TB of data) and 9 VMs (8 Windows Server and 1 Linux Suse Ent.)
Now my Veeam B&R configuration is:
- n.1 Backup Job of all VM DAILY to a Synology NAS by CIFS with 20 restore point and create Active full on Saturday.
Ended that, Daily using Hyper Backup(Synology inside app) , I backup daily this to USB connected to the NAS , and Disconnect the USB DRIVE and POWER OFF THE NAS.

- n.1 Backup Job of all VM DAILY to a DIFFERENT Synology NAS by CIFS with 30 restore point and fcreate Active full on Saturday.
Ended that, Daily using USB Copy (Synology inside app) , I backup daily this to USB connected to the NAS , and Disconnect the USB DRIVE.

I'm unable to use cloud service for externalize the backup, so I must use USB Drive.
In several posts I read about various configuration ,and I'm a little confused about the best configuration for my situation, and I try to ask you how improve this configuration for maximum safety agains Ramsomware, and best recovery time.
Thanks a lot.
ejenner
Veteran
Posts: 636
Liked: 100 times
Joined: Mar 23, 2018 4:43 pm
Full Name: EJ
Location: London
Contact:

Re: Improve Veeam B&R configuration

Post by ejenner »

You don't mention whether any of those backup jobs create an off-site copy?

'Off Site' doesn't really have to mean that it's not on the same site but if you've taken reasonable precautions to ensure both your backups aren't vulnerable to the same possible environmental risks. i.e. could both your NAS devices suffer from flood damage by the same broken pipe. Or if a fire started or a burglary is there any safety in place to ensure both NAS devices would not both be destroyed / stolen.

Depending on the nature of the data you're protecting 'off site' could mean far away enough not to be damaged in the event of a nuclear strike or the complete shutdown of a city, think about a pandemic disease perhaps. If your files aren't that important then having both NAS devices in the same room does create risks but they might be acceptable risks in your case.
Valle1975
Enthusiast
Posts: 32
Liked: 3 times
Joined: Aug 30, 2019 7:41 am
Full Name: Valerio
Contact:

Re: Improve Veeam B&R configuration

Post by Valle1975 »

HI Ejennerm, you are right.
The n.1 NAS are placedy in a secondary building inside Factory, in a second floor, about 200 meters far the Server Room, and n.2 NAS are in the server room.
Actual the n.2 USB HDD are placed near both NAS and i leave it always. (maybe changing some strategy for USB DRIVE, I can begin to use n.2 HDD in rotation and move to my house , 15 km far away..)
Waiting future improvement on connectivity, for the actual situation I think it 's a accettable risks for our reality.
My questions, after those right considerations, need to find the best fix for my actual strategy of backup, without using Cloud opportunity.
How do you suggest me to improve my backup strategy?
Thank a lot.
foggy
Veeam Software
Posts: 21182
Liked: 2164 times
Joined: Jul 11, 2011 10:22 am
Full Name: Alexander Fogelson
Contact:

Re: Improve Veeam B&R configuration

Post by foggy »

Hi Valerio, given your limitations, I think your strategy looks good overall. You have an offline copy of your backups which protects you from the ransomware attacks.
Valle1975
Enthusiast
Posts: 32
Liked: 3 times
Joined: Aug 30, 2019 7:41 am
Full Name: Valerio
Contact:

Re: Improve Veeam B&R configuration

Post by Valle1975 »

Thanks Foggy, often I read that it's better to use CopyJob from the first backup job to the second NAS or External USB device.
How is it the real advantages vs a second BackupJob??
Thanks a lot.
veremin
Product Manager
Posts: 20736
Liked: 2403 times
Joined: Oct 26, 2012 3:28 pm
Full Name: Vladimir Eremin
Contact:

Re: Improve Veeam B&R configuration

Post by veremin » 1 person likes this post

The production storage doesn't get hit with additional load (snapshot creation, snapshot deletion), neither do source VMs. Thanks!
Valle1975
Enthusiast
Posts: 32
Liked: 3 times
Joined: Aug 30, 2019 7:41 am
Full Name: Valerio
Contact:

Re: Improve Veeam B&R configuration

Post by Valle1975 »

Thanks Veremin.
veremin
Product Manager
Posts: 20736
Liked: 2403 times
Joined: Oct 26, 2012 3:28 pm
Full Name: Vladimir Eremin
Contact:

Re: Improve Veeam B&R configuration

Post by veremin »

You're welcome. By the way, additional benefit will be GFS retention which currently can be enabled only on backup copy job. Thanks!
Valle1975
Enthusiast
Posts: 32
Liked: 3 times
Joined: Aug 30, 2019 7:41 am
Full Name: Valerio
Contact:

Re: Improve Veeam B&R configuration

Post by Valle1975 »

It's one of the solution read in several posts, but according to you, I will remove the second Backup Job, and substitute it with a backupCopy jobs to the second NAS, or directly to USB Drive (maybe introducing USB Drive rotation?
Thanks
foggy
Veeam Software
Posts: 21182
Liked: 2164 times
Joined: Jul 11, 2011 10:22 am
Full Name: Alexander Fogelson
Contact:

Re: Improve Veeam B&R configuration

Post by foggy »

Yes, this is one of the best practices used to comply with the 3-2-1- rule.
veremin
Product Manager
Posts: 20736
Liked: 2403 times
Joined: Oct 26, 2012 3:28 pm
Full Name: Vladimir Eremin
Contact:

Re: Improve Veeam B&R configuration

Post by veremin »

If you're planning to use rotated drives, don't forget to enable corresponding option in backup repository settings. Thanks!
ChrisGundry
Veteran
Posts: 259
Liked: 40 times
Joined: Aug 26, 2015 2:56 pm
Full Name: Chris Gundry
Contact:

Re: Improve Veeam B&R configuration

Post by ChrisGundry »

My suggestions:
1. Don't forget to backup the HyperV host itself if there is anything on it configuration/data wise that you don't want to lose.
2. Backup the Veeam configuration backups to a location such as the USB drive if possible. Whilst you can restore full Veeam backup files in a standalone way, having the Veeam config backup will help you get your environment back up even quicker.
3. Consider how you will restore any of these files if your infrastructure is down. If your Veeam server was on your main site and virtual and it's now gone, along with your AD, how are you going to restore? Consider using non-AD credentials for Veeam and consider having the Veeam B&R installed at your DR site or somehow off your production virtualization host. A 2nd server for Veeam, or even a decent workstation in some cases can be a good option. That way if your host fails or your SAN fails then your Veeam install is still available and you can restore to alternative host/storage.
4. Configure your Veeam server/backup repo's to be 'off network'. They don't use AD credentials, even domain admins can't access the repo files directly from the network or ideally locally. This prevents ransomware from accessing and deleting/encrypting them.
5. Test your backups :)
Post Reply

Who is online

Users browsing this forum: Semrush [Bot] and 10 guests