Host-based backup of VMware vSphere VMs.
Post Reply
rezafathi
Influencer
Posts: 10
Liked: never
Joined: Feb 11, 2024 5:35 pm
Full Name: Reza fathi
Contact:

Backup vms best practice

Post by rezafathi »

Hi

We have one hp g10 server(30 vms), 1 qnap nas with 9 TB storage. I have installed a windows 2019 server with veeam 12 and mounted qnap iscsi lun on win2019 formatted as refs. All vm backups store in refs volume. Is that a good way or not? If not give me the best approach to backup my vms.thanks
tyler.jurgens
Veeam Legend
Posts: 404
Liked: 231 times
Joined: Apr 11, 2023 1:18 pm
Full Name: Tyler Jurgens
Contact:

Re: Backup vms best practice

Post by tyler.jurgens »

There are many ways to deploy Veeam in an environment. Personally, given your equipment I would recommend the same approach - iSCSI LUN formatted with ReFS.

You could always have Veeam VBR as a VM, and install Ubuntu (or another version of Linux) and format the iSCSI LUN as XFS. That would give you the ability to have a hardened linux repository.
I'm not sure from your description where the Windows 2019 is installed as either - is it a VM or physical? Is it also your VBR? If its a physical server and its also your VBR its acceptable to leave it as Windows as it will keep your Veeam separate from the environment its protecting.

The only other advice I would give is to look at Server 2022 instead of 2019. IIRC it has better stability for ReFS.
Tyler Jurgens
Veeam Legend x3 | vExpert ** | VMCE | VCP 2020 | Tanzu Vanguard | VUG Canada Leader | VMUG Calgary Leader
Blog: https://explosive.cloud
Twitter: @Tyler_Jurgens BlueSky: @explosive.cloud
rezafathi
Influencer
Posts: 10
Liked: never
Joined: Feb 11, 2024 5:35 pm
Full Name: Reza fathi
Contact:

Re: Backup vms best practice

Post by rezafathi »

My vbr is installed as a vm in windows 2019.
karsten123
Service Provider
Posts: 472
Liked: 119 times
Joined: Apr 03, 2019 6:53 am
Full Name: Karsten Meja
Contact:

Re: Backup vms best practice

Post by karsten123 » 1 person likes this post

always follow the 3-2-1-1-0 rule. qnap is never a recommended solution. a virtual „vhr“ is not hardened at all.
rezafathi
Influencer
Posts: 10
Liked: never
Joined: Feb 11, 2024 5:35 pm
Full Name: Reza fathi
Contact:

Re: Backup vms best practice

Post by rezafathi »

Unfortunately, we do not have another physical server to install VBR on it.
tyler.jurgens
Veeam Legend
Posts: 404
Liked: 231 times
Joined: Apr 11, 2023 1:18 pm
Full Name: Tyler Jurgens
Contact:

Re: Backup vms best practice

Post by tyler.jurgens »

karsten123 wrote: Jun 28, 2024 4:07 pm always follow the 3-2-1-1-0 rule. qnap is never a recommended solution. a virtual „vhr“ is not hardened at all.
In this case its less prone to attack as deleting the VM won't delete the data from the iSCSI LUN. Not ideal, but not as dangerous as having the repository on disks presented on the VM itself.
Tyler Jurgens
Veeam Legend x3 | vExpert ** | VMCE | VCP 2020 | Tanzu Vanguard | VUG Canada Leader | VMUG Calgary Leader
Blog: https://explosive.cloud
Twitter: @Tyler_Jurgens BlueSky: @explosive.cloud
karsten123
Service Provider
Posts: 472
Liked: 119 times
Joined: Apr 03, 2019 6:53 am
Full Name: Karsten Meja
Contact:

Re: Backup vms best practice

Post by karsten123 » 3 people like this post

you are right. but its still shit 😉
ChrisNaisbitt
Service Provider
Posts: 9
Liked: 4 times
Joined: Sep 22, 2020 10:03 am
Full Name: Chris Naisbitt
Contact:

Re: Backup vms best practice

Post by ChrisNaisbitt »

Hi @rezafathi, understanding the limits you have to work within, you are probably doing about the best you can. As with everything, there are areas that can be improved but not necessarily for free. Some things you could consider to improve your position would be:

* I don't know QNAP, but if it offers volume snapshots and you have enough space, you could consider a snapshot at the end of each backup window. This would be one more thing an attacker would have to know about and defeat if you got ransomware'd. Cost - the extra space and possibly performance impact depending on how QNAP works.
* Use a Server 2022 VM if possible as suggested by Tyler. Likely to be more stable with REFS. Cost - depends on how you're licensed, maybe nothing.
* Split your repository into a separate Linux VM with XFS and keep the VBR Windows. As it's still a VM, hardened Repo won't offer much protection but being off the domain is something and XFS has a good reputation. Make sure you're doing a config backup to it too. Cost - the difference in resources to run both VMs.
* Get a physical system with minimal local boot disk and mount the iSCSI volume to it. Install as a hardened Repo. This offers separation of your virtualisation layer and backups with some added immutability. Cost - if you have the switch ports available, this hardware wouldn't need to be very powerful so could definitely be second hand / reused. Maybe free?
* Get a server with local disk and make it an all-in-one appliance. Second hand enterprise hardware with "real" RAID cards is fairly cheap and generally bulletproof. True independence of backup infrastructure + second copy of your data on different media. Cost - hardware and Windows licensing.
* Send a second copy of your data off to cloud object storage. The likes of Wasabi and Backblaze are very reasonable from a cost perspective and a second offsite (and potentially immutable) copy is a huge step up in the level of protection.

Hope that helps.
Post Reply

Who is online

Users browsing this forum: No registered users and 20 guests