-
- Influencer
- Posts: 10
- Liked: never
- Joined: Feb 11, 2024 5:35 pm
- Full Name: Reza fathi
- Contact:
Backup vms best practice
Hi
We have one hp g10 server(30 vms), 1 qnap nas with 9 TB storage. I have installed a windows 2019 server with veeam 12 and mounted qnap iscsi lun on win2019 formatted as refs. All vm backups store in refs volume. Is that a good way or not? If not give me the best approach to backup my vms.thanks
We have one hp g10 server(30 vms), 1 qnap nas with 9 TB storage. I have installed a windows 2019 server with veeam 12 and mounted qnap iscsi lun on win2019 formatted as refs. All vm backups store in refs volume. Is that a good way or not? If not give me the best approach to backup my vms.thanks
-
- Veeam Legend
- Posts: 404
- Liked: 231 times
- Joined: Apr 11, 2023 1:18 pm
- Full Name: Tyler Jurgens
- Contact:
Re: Backup vms best practice
There are many ways to deploy Veeam in an environment. Personally, given your equipment I would recommend the same approach - iSCSI LUN formatted with ReFS.
You could always have Veeam VBR as a VM, and install Ubuntu (or another version of Linux) and format the iSCSI LUN as XFS. That would give you the ability to have a hardened linux repository.
I'm not sure from your description where the Windows 2019 is installed as either - is it a VM or physical? Is it also your VBR? If its a physical server and its also your VBR its acceptable to leave it as Windows as it will keep your Veeam separate from the environment its protecting.
The only other advice I would give is to look at Server 2022 instead of 2019. IIRC it has better stability for ReFS.
You could always have Veeam VBR as a VM, and install Ubuntu (or another version of Linux) and format the iSCSI LUN as XFS. That would give you the ability to have a hardened linux repository.
I'm not sure from your description where the Windows 2019 is installed as either - is it a VM or physical? Is it also your VBR? If its a physical server and its also your VBR its acceptable to leave it as Windows as it will keep your Veeam separate from the environment its protecting.
The only other advice I would give is to look at Server 2022 instead of 2019. IIRC it has better stability for ReFS.
Tyler Jurgens
Veeam Legend x3 | vExpert ** | VMCE | VCP 2020 | Tanzu Vanguard | VUG Canada Leader | VMUG Calgary Leader
Blog: https://explosive.cloud
Twitter: @Tyler_Jurgens BlueSky: @explosive.cloud
Veeam Legend x3 | vExpert ** | VMCE | VCP 2020 | Tanzu Vanguard | VUG Canada Leader | VMUG Calgary Leader
Blog: https://explosive.cloud
Twitter: @Tyler_Jurgens BlueSky: @explosive.cloud
-
- Influencer
- Posts: 10
- Liked: never
- Joined: Feb 11, 2024 5:35 pm
- Full Name: Reza fathi
- Contact:
Re: Backup vms best practice
My vbr is installed as a vm in windows 2019.
-
- Service Provider
- Posts: 472
- Liked: 119 times
- Joined: Apr 03, 2019 6:53 am
- Full Name: Karsten Meja
- Contact:
Re: Backup vms best practice
always follow the 3-2-1-1-0 rule. qnap is never a recommended solution. a virtual „vhr“ is not hardened at all.
-
- Influencer
- Posts: 10
- Liked: never
- Joined: Feb 11, 2024 5:35 pm
- Full Name: Reza fathi
- Contact:
Re: Backup vms best practice
Unfortunately, we do not have another physical server to install VBR on it.
-
- Veeam Legend
- Posts: 404
- Liked: 231 times
- Joined: Apr 11, 2023 1:18 pm
- Full Name: Tyler Jurgens
- Contact:
Re: Backup vms best practice
In this case its less prone to attack as deleting the VM won't delete the data from the iSCSI LUN. Not ideal, but not as dangerous as having the repository on disks presented on the VM itself.karsten123 wrote: ↑Jun 28, 2024 4:07 pm always follow the 3-2-1-1-0 rule. qnap is never a recommended solution. a virtual „vhr“ is not hardened at all.
Tyler Jurgens
Veeam Legend x3 | vExpert ** | VMCE | VCP 2020 | Tanzu Vanguard | VUG Canada Leader | VMUG Calgary Leader
Blog: https://explosive.cloud
Twitter: @Tyler_Jurgens BlueSky: @explosive.cloud
Veeam Legend x3 | vExpert ** | VMCE | VCP 2020 | Tanzu Vanguard | VUG Canada Leader | VMUG Calgary Leader
Blog: https://explosive.cloud
Twitter: @Tyler_Jurgens BlueSky: @explosive.cloud
-
- Service Provider
- Posts: 472
- Liked: 119 times
- Joined: Apr 03, 2019 6:53 am
- Full Name: Karsten Meja
- Contact:
Re: Backup vms best practice
you are right. but its still shit
-
- Service Provider
- Posts: 9
- Liked: 4 times
- Joined: Sep 22, 2020 10:03 am
- Full Name: Chris Naisbitt
- Contact:
Re: Backup vms best practice
Hi @rezafathi, understanding the limits you have to work within, you are probably doing about the best you can. As with everything, there are areas that can be improved but not necessarily for free. Some things you could consider to improve your position would be:
* I don't know QNAP, but if it offers volume snapshots and you have enough space, you could consider a snapshot at the end of each backup window. This would be one more thing an attacker would have to know about and defeat if you got ransomware'd. Cost - the extra space and possibly performance impact depending on how QNAP works.
* Use a Server 2022 VM if possible as suggested by Tyler. Likely to be more stable with REFS. Cost - depends on how you're licensed, maybe nothing.
* Split your repository into a separate Linux VM with XFS and keep the VBR Windows. As it's still a VM, hardened Repo won't offer much protection but being off the domain is something and XFS has a good reputation. Make sure you're doing a config backup to it too. Cost - the difference in resources to run both VMs.
* Get a physical system with minimal local boot disk and mount the iSCSI volume to it. Install as a hardened Repo. This offers separation of your virtualisation layer and backups with some added immutability. Cost - if you have the switch ports available, this hardware wouldn't need to be very powerful so could definitely be second hand / reused. Maybe free?
* Get a server with local disk and make it an all-in-one appliance. Second hand enterprise hardware with "real" RAID cards is fairly cheap and generally bulletproof. True independence of backup infrastructure + second copy of your data on different media. Cost - hardware and Windows licensing.
* Send a second copy of your data off to cloud object storage. The likes of Wasabi and Backblaze are very reasonable from a cost perspective and a second offsite (and potentially immutable) copy is a huge step up in the level of protection.
Hope that helps.
* I don't know QNAP, but if it offers volume snapshots and you have enough space, you could consider a snapshot at the end of each backup window. This would be one more thing an attacker would have to know about and defeat if you got ransomware'd. Cost - the extra space and possibly performance impact depending on how QNAP works.
* Use a Server 2022 VM if possible as suggested by Tyler. Likely to be more stable with REFS. Cost - depends on how you're licensed, maybe nothing.
* Split your repository into a separate Linux VM with XFS and keep the VBR Windows. As it's still a VM, hardened Repo won't offer much protection but being off the domain is something and XFS has a good reputation. Make sure you're doing a config backup to it too. Cost - the difference in resources to run both VMs.
* Get a physical system with minimal local boot disk and mount the iSCSI volume to it. Install as a hardened Repo. This offers separation of your virtualisation layer and backups with some added immutability. Cost - if you have the switch ports available, this hardware wouldn't need to be very powerful so could definitely be second hand / reused. Maybe free?
* Get a server with local disk and make it an all-in-one appliance. Second hand enterprise hardware with "real" RAID cards is fairly cheap and generally bulletproof. True independence of backup infrastructure + second copy of your data on different media. Cost - hardware and Windows licensing.
* Send a second copy of your data off to cloud object storage. The likes of Wasabi and Backblaze are very reasonable from a cost perspective and a second offsite (and potentially immutable) copy is a huge step up in the level of protection.
Hope that helps.
Who is online
Users browsing this forum: No registered users and 20 guests