Best practices for Veeam v11 and QNAP QuTS Hero ZFS Backup Repository

[jazzoberoi]

Hi,

I'm planning to use a new QNAP QuTS HERO (ZFS) NAS TVS-h1688x as a backup repo for the GFS retention for Veeam B&R 11.

Would like to know the best practices around the Primary Job settings and the GFS job settings for the same.

Also, should i enable the Compression & De-Duplication features for the destination repo NAS CIFS share hosted which is hosted on QNAP ZFS.

[Mildur]

First recommendation:
- Stay away from „NAS CIFS share“

If buying a qnap is already set in stone, then please create an iSCSI LUN on the NAS and connect from your vbr server with iSCSI to the NAS. Use reFS as the filesystem in Windows for the connected iSCSI LUN.

After that, choose any GFS Setting you want. With the fastclone feature, you will get spaceless synthetic FullBackups.

Do not disable Compression and Dedup in the Repo Settings.

Also, think about a second air gapped target (offsite would be best). With s single connected cifs or iscsi backup repo, a hacker can delete your backups very easily.

Backup Job Best Practice
https://bp.veeam.com/vbr/VBP/4_Operatio ... ckup_jobs/

Backup Repo Best Practice
https://bp.veeam.com/vbr/VBP/2_Design_S ... ositories/

[jazzoberoi]

Hi Mildur,
Thanks heaps for your prompt response. The QNAP is already here
Just wanted to run-thru some settings that i see on the QNAP while creating a LUN

https://i.imgur.com/W0Fr34B.png

What block size should i go for at the LUN level? 128k or 64k ?
Also, when i create the ReFS partition, what block size should i go with that?

Also, since this will de-dupe at the storage level but not at the ReFS level, do we need any special Primary or GFS job settings to account for this?

I've been using Reverse Incremental for the Primary backup-Job for quite a while, wondering if there is a new best practice regarding the Primary Job / GFS Jobs in v11

Thanks heaps.

[jazzoberoi]

Also, regarding air-gapped backup. You raise a very interesting point.

QNAP have implemented a new WORM feature based on ZFS.
Wondering if there is a guideline on how best to implement this with Veeam?
https://www.tri-comp.com/news/qnap-upda ... -and-more/
https://www.qnap.com/quts-hero/en-au/

This is the WORM settings while creating a Shared_Folder - https://i.imgur.com/UtI818g.png

We bought the QNAP ZFS based NAS to replace an ageing StoreOnce since the QNAP now has Compression/De-duplication/WORM features etc.
The difference in price was a HUGE factor.

Also, another thought that crossed my mind was setting up a NFS/CIFS share on the NAS so that only the Veeam B&R had the share access/password for backup. Do you think this would work?
The new ZFS filesystem behaves much like the ReFS now i believe.

[Mildur]

I would use 128 as a block size on the LUN Level.
ReFS needs to be 64kb.

But now I am not sure what is the correct answer, if your QNAP is build for deduplication. If Veeam does the FAST Cloning by it self, you want see any great dedup after the backup job on the QNAP.
I would prefer to let Veeam doing the fast clone, because this way, fulls (synthetic) are also much faster.
But you are using Reverse Incremental, I have read somewhere, that Fastclone with reverse incremental leads to fragmented data.

I would get a second though of someone from Veeam. Let us wait, If someone enters our discussion


_________

For the zfs filesystem, veeam will not be aware of it. Veeam cannot use the advantages from Fastcloning.
It is not transparent to veeam. I don‘t know how veeam will react here. I don‘t have the experience for this

NFS/CIFS share on the NAS so that only the Veeam B&R had the share access/password for backup

I would not rely on that. It is not airgapped. It uses the cifs protocol. I don‘t see this protocol as a very secure protocol.

This is the WORM settings while creating a Shared_Folder

Veeam needs to write in the vbm file and in your case of reverse incremental needs to transform the vbk file.
If you have configured worm on the cifs/nfs share, this files will be locked and veeam will give you an error.
Veeam doesn‘t have an integration in this worm feature of the qnap.

[jazzoberoi]

Hi Mildur,

Much thanks for your input. you're a legend mate

Some comments:

- I can switch my backup's to Forward incremental with Synthetic Full or Active Full if that makes it possible to configure VEEAM with QNAP WORM.

- I don't wish to use the block file system as that would make it extremely easy for the ransomware to encrypt the backup files when the backup server gets infected.

- I tried using the NFS file system, which Veeam recommends when using a NAS as backup Repository but the issue is NFS authentication is not as secure. I can limit a particular IP address to connect to the backup share, but the NFS share can be compromised quite easily when the ransomware attacks the backup server.

- SMB has built-in share-level authentication, so i can input the share password directly in Veeam to protect it. This way, the contents of the share will not be compromised if the backup server OS is infected with ransomware. The only issue with SMB is that Veeam advises against it as it can lead to data loss or backup file corruption? is this still the case with the latest version of SMB protocol?

- QNAP have now introduced the WORM functionality on its shares, which can be used with SMB or NFS. Just need to understand what settings to use in Veeam to make use of this immutable backup functionality. https://i.imgur.com/UtI818g.png

[omoyano]

Veeam needs to write in the vbm file and in your case of reverse incremental needs to transform the vbk file.
If you have configured worm on the cifs/nfs share, this files will be locked and veeam will give you an error.
Veeam doesn‘t have an integration in this worm feature of the qnap.

Hi.

I have this issue with Veeam & Qnao immutability
The first backup work fine but the next give me an error. I think is beacuse the vmb file configuration is only read.
So....How I can configure Veeam to works with Qnap immutable?

Thanks

[Mildur]

Hi

You can't.
We don't support immutable files on an SMB/NFS shares with Veeam Backup & Replication.
If you want to have supported immutable backup storage, have a look at hardened repositories (hardware server with locally attached disks) or object storage.

Maybe as a workaround use QNAP snapshots and make them immutable.
https://www.qnap.com/solution/home-snapshots/en/

best,
Fabian