SureBackup malware scan best practices

[derricktye]

Hi,

First time poster. I managed to get the Malware scan (using our anti-virus Trend Micro Worry Free Business Security) to work.

My Surebackup environment is configured for:
Application group 1 (run in this order with its applicable scripts)=
Server01 - DNS, DHCP, DC
Server02 - SQL Server

Application group 2=
Server01 - DNS,DHCP, DC
Server03 - SQL Server

Now, I haven't configured Linked Job in Surebackup as it just uses the Application Group to run the Surebackup configuration.

I have 3 questions:
1) Since Application group 1 and Application group 2 uses Server01 as the DNS,DHCP,DC, I really should be running Linked Jobs to ignore Server01 validation in the second Surebackup? (This was configured before my time)
2) Malware scanning takes about 1.5 hours to complete. I run Surebackups daily after completing my backup on-site and off-site. What would be the best way to optimise/reduce the time taken (I am looking for a good balance between risk and safety)? In order to complete my entire environment given the 1.5 hours Malware scanning it would take 5-6 hours. Any practical schedules that you can recommend?
3) What exactly does the Validation test do if I already run the Script test for DNS and SQL Server? I read on Veeam's helpcentre but it didn't seem so clear to me. It was going on about corruption of backup files. But wouldn't this be tested in the Script test?

Thanks

[Dima P.]

Hello Derrick,

Welcome to the community and thank you for your questions!

1) Since Application group 1 and Application group 2 uses Server01 as the DNS,DHCP,DC, I really should be running Linked Jobs to ignore Server01 validation in the second Surebackup? (This was configured before my time)

Sounds right, no reason to check it twice.

2) Malware scanning takes about 1.5 hours to complete. I run Surebackups daily after completing my backup on-site and off-site. What would be the best way to optimise/reduce the time taken (I am looking for a good balance between risk and safety)? In order to complete my entire environment given the 1.5 hours Malware scanning it would take 5-6 hours. Any practical schedules that you can recommend?

Unfortunately we don't have that much flexibility in terms or scan settings since you have to scan the entire machine's backup every time. The only way to optimize the performance is to scan less VMs.

3) What exactly does the Validation test do if I already run the Script test for DNS and SQL Server? I read on Veeam's helpcentre but it didn't seem so clear to me. It was going on about corruption of backup files. But wouldn't this be tested in the Script test?

Validation test makes sure that backup is ok on the block level by comparing the checksums. When the machine is booted from the backup and the script is applied you might not request the data sitting on the damaged block but periodic CRC check will help you to identify that.

Hope that helps, cheers!

[derricktye]

Hi Dima!

I have tried to build a new SureBackup job since production Surebackup is starting one Surebackup job for one VM. In the Surebackup Job what I did was not use Application group and use Linked Job and applied the series of backups that the Surebackup Job will process in a series (you call is linked). I ran the all VMs simultaneously (there is a setting in Link Job).
I then clicked on "Advanced" in Linked Jobs which I added each VM and the roles.

The result came back that it had an SQL check error code 2 (which I read had to do with credentials). However, to my knowledge, I am using back the same credentials as in the production Surebackup that runs daily and works.
**Note, I did not configure the verification rules at the backup job under Linked Jobs since that would start up several VMs to test each backup job and that resulted in lack of memory errors.

When I run all VMs simulatenously it would result in a failed error due to lack of memory. It's a little strange.

[derricktye]

I remember previously our internal support mentioned that we needed to run our DC server in the Surebackup job together with the SQL server in order to retrieve domain credentials?

How do I configure this so that I can run this all in one Surebackup job and make use of just one pass on the antivirus for each VM?
Application group 1 (run in this order with its applicable scripts)=
Server01 - DNS, DHCP, DC
Server02 - SQL Server

Application group 2=
Server01 - DNS,DHCP, DC
Server03 - SQL Server

That is,
Server 01 - DNS,DHCP,DC - test keep it open
Server 02 - SQL Server - test then close it
Server 03 - SQL Server - test then close it
Server 01 - close it

[derricktye]

Dima,
I have done the following and so far one pass of Surebackup containing its DNS server, and VMs were successfully passed (so far without the anti-virus turned on to scanning). What I did was:

Application group 1=
Server01 - DNS, DHCP,DC
*set Keep the application group running after the job completes as unticked

Linked jobs=
Backup job Server 02 = SQL Server
Backup job Server 03 = SQL Server

*Within Server 02 and 03 I clicked "Advanced" and edited the VMs of Server 02 and Server 03 for the appropriate test scripts. Set process simultaneously up to 1 VMs.

I think what is happening now is Server 01 being my DC is run for Surebackup. The other VMs are processed and are able to authenticate using the domain login name from Server 01 to test the SQL scripts.

I'll continue to test this over 3 consecutive days to see if there are any mishaps.

Now my next question is, why is my Hypver-Visor Host not backed up....