Comprehensive data protection for all workloads
Post Reply
M0rphois
Novice
Posts: 3
Liked: never
Joined: Mar 27, 2015 12:32 pm
Full Name: Miran Munjas
Contact:

Linux repository placement, SAN?

Post by M0rphois » Oct 10, 2018 12:35 pm

Hi all,

We'll soon be implementing a new SAN with two vSphere hosts and two shared storages.
We also plan to use linux server as a Veeam repository.
Veeam would be a VM on the vSphere cluster
Question would be, do we place the linux server in SAN with network interface from Veeam VM to SAN? Would this be the best practice perfomanse and protection-wise?
Also, we will need to be able to restore VMs in a DR location. Anyone have any good reads on the topic?

Tnx in advance.

Rick.Vanover
Veeam Software
Posts: 603
Liked: 130 times
Joined: Nov 30, 2010 3:19 pm
Full Name: Rick Vanover
Location: Columbus, Ohio USA
Contact:

Re: Linux repository placement, SAN?

Post by Rick.Vanover » Oct 10, 2018 1:30 pm

Hi Miran - welcome to the Veeam Forum!

Generally speaking - I always advise to have as much separation as possible in the placement of the Veeam infrastructure within a virtualization installation. Meaning - if VMware vSphere is the problem - would that inhibit your ability to restore backups or drive a failover to DR?

So based on what you have here - I would place the Linux Repository as a Linux VM as separate as possible from the to vSphere hosts. This could be a physical server. If that isn't an option - just think through how you would access the storage for a restore if the vSphere environment is not available.

You may also want to consult the Best Practice guide written by Veeam's top architects: https://bp.veeam.expert

M0rphois
Novice
Posts: 3
Liked: never
Joined: Mar 27, 2015 12:32 pm
Full Name: Miran Munjas
Contact:

Re: Linux repository placement, SAN?

Post by M0rphois » Oct 11, 2018 9:23 am

Hi Rick!

I think I may not have expressed myself the best :)
On the SAN would be vSphere hosts, two shared storages and a physical linux server which would act as a repository for Veeam
Veeam server would be a VM running on vSphere and shared storage and would store backups on this physical linux server over a SAN interface
Linux server may or may not have an interface to "regular" network.
In this scenario, I believe I would have access to the backups if vSphere hosts fail and would be able to do a failover to DR :)
So, would it be ok for physical Linux repository to reside in SAN with vSphere and shared storage boxes? :)

csydas
Expert
Posts: 193
Liked: 47 times
Joined: Jan 16, 2018 5:14 pm
Full Name: Harvey Carel
Contact:

Re: Linux repository placement, SAN?

Post by csydas » Oct 11, 2018 5:27 pm

Planning for DR tends to be a matter of defining your threat vector and designing appropriately -- are you trying to defend against malware, or just worried a disk in the RAID might go?

You can go the ultra-paranoid route and defend against everything, but just keep in mind that dialing Security up to 11 usually means dialing Usability to 0.

The nice thing about Veeam is that with proxies, you can stick them just about anywhere. Personally, I like the idea of exfiltrating data out of the SAN network, but that's just me. On one site, we do some mojo to disable the backup network when not in use, and also rely a lot on rotated media to ensure we always have something air-gapped. Our SLAs are designed specifically with this in mind, and we fight pretty hard with our clients to explain why we refuse to make the same SLA promises that other providers do (i.e., impossible to guarantee SLAs when malicious actors are considered). Ultimately, yeah, this has lost us business, but they're customers we can do without, I think.

Plan your backups according to the situation you want to prevent. If I were you, I'd give the SAN its own network and the backup infrastructure its own network and just make sure that only a few gatekeeper accounts/paths exist, and watch them heavily.

DaveWatkins
Expert
Posts: 349
Liked: 94 times
Joined: Dec 13, 2015 11:33 pm
Contact:

Re: Linux repository placement, SAN?

Post by DaveWatkins » Oct 12, 2018 2:03 am

It sounds like you're trying to backup data on your SAN, to your SAN.... what happens if your SAN then fails?

Rick.Vanover
Veeam Software
Posts: 603
Liked: 130 times
Joined: Nov 30, 2010 3:19 pm
Full Name: Rick Vanover
Location: Columbus, Ohio USA
Contact:

Re: Linux repository placement, SAN?

Post by Rick.Vanover » Oct 12, 2018 11:38 am

Ah so Miran - I see now a bit more. I'm thinking that the only shared element between vSphere and the Backup infrastructure would be the SAN itself. That is closer to a great design. I also recommend having backup storage off-site and you mention DR so you are going the right way :)

M0rphois
Novice
Posts: 3
Liked: never
Joined: Mar 27, 2015 12:32 pm
Full Name: Miran Munjas
Contact:

Re: Linux repository placement, SAN?

Post by M0rphois » Oct 15, 2018 5:44 am

@csydas
Basically all of it :)
Yes, I want to be secure in case of a malware attack, that's why I would use linux, place the thing in a SAN and use a separate login that is unique for that machine.
Also, I need to be able to spin things up from a DR site, it's a requirement.

@DaveWatkins
No, I have a separate physical machine on which I would like to store backups

@Rick.Vanover
Yes, vSphere and Backup repository would communicate over SAN, that's all they have in common. Would that be ok or should I separate it further?
Yes, I have a separate backup box (identical to the first one) in DR site and need to be able to restore all VMs there, but thats veeam replication I guess :D

Post Reply

Who is online

Users browsing this forum: Bing [Bot], Google [Bot] and 35 guests