Ransomware isn’t sexy but it’s certainly an important topic in today’s IT security landscape, with unprecedented growth and relentless evolution, organisations need to constantly keep one step ahead of bad actors eager to make a buck by exfiltrating and encrypting your important data.
Ransomware attacks mainly occur because IT is a complex and everchanging environment, organisations are busy modernising their applications from monolithic designs to new highly distributed container-based services. The remote workforce is now connected more than ever, with the ability to access data hosted across multiple cloud providers, connecting from virtually any device, at any hour of the day. IT departments are being asked to do more with less each and every year while ransomware attacks are on the rise and becoming more costly than ever before.
Beyond encryption of data, some ransomware is taking it a step further and making ransom of leaking data, this is otherwise known as data exfiltration. Unfortunately, stopping ransomware prior to an attack is difficult and at best, inconsistent. No single product or service has all the solutions to the challenges raised by these attacks, instead, it’s recommended to take a multi-layered approach. Apply best practices, keep systems up to date, enforce good data hygiene, configure event logging, and identify anomalies (indicators of compromise) to provide the best chance of discovering an attack as early as possible.
VeeamON 2022, the best data protection conference of the year is about to kick off in Las Vegas and virtually. This will be the 6th time Veeam has run the event with attendees able to access both virtually and in person.
VeeamON provides glimpses into product roadmaps, with hours of technical content ranging from demos to deep dives of virtually every Veeam product and feature. Hot topics such as v12, Ransomware, Kubernetes, cloud-native backups, Salesforce and Microsoft 365 will be covered by Veeam experts including fellow Veeam Vanguards.
For those who can’t make it in person, virtual attendance is free, running from May 16 – 19 with AMERs, EMEA and APJ specific sessions to ensure easy access for those joining.
With 2 days of awesome content, you might not make it to every session on your agenda. Fortunately, Veeam makes it easy to replay recorded sessions from the VeeamON website after the conference has finished.
I received some positive news the other day concerning my Veeam Vanguard 2022 application, I’ve been renewed for another year in the Program. As a Veeam enthusiast, there is no better thing than being a Vanguard member.
For those who haven’t heard about the Vanguard program before, it’s awarded to those who have contributed to the Veeam community.
I recommend anyone interested in becoming a Vanguard to get involved in the Veeam community, whether it be through Veeam Use Groups, the Veeam subreddit or even the Veeam community forums and apply to the Vanguard program during the next intakes.
There are a couple of benefits of becoming a Vanguard including access to roadmaps, betas, free keys, awesome swag and access to those in the know at Veeam.
You can find all the Veeam Vanguards from past and present at the following link: Veeam Vanguard List.
Sending Veeam backups to object storage such as Azure Blob has become a hot topic in the last few years. According to Veeam’s quarterly report for the end of 2021, Veeam customers moved over 500 PB of backups just into the top 3 cloud object storage vendors alone.
With many organisations starting to dip their Veeam toes into object storage I thought I would write a bit more about the subject. This blog post is aimed at helping backup administrators who wish to better understand from a Veeam perspective working with public cloud object storage, specifically Azure Blob.
Compared to the traditional NAS or disk-based block storage Object Storage is a completely different shift in how data is stored and accessed. For example, in object storage, it’s intended that files are not modified. In fact, there is no way to modify part of an object’s data and any change requires deletion and replacement of the whole object.
In Azure terminology, objects are stored in a ‘Blob’, which can be thought of as similar to a volume on a disk but far more scalable. Blob storage is a pay-per-use service. Charges are monthly for the amount of data stored, accessing that data, and in the case of cool and archive tiers, a minimum required retention period. In case you haven’t realised, Blob storage is Microsoft’s object storage solution.
There are numerous methods we can utilise to leverage Microsoft Azure Blob with Veeam Backup & Replication. For example, Azure Blob can be used as an Archive Tier target within a SOBR (Scale-Out Backup Repository) for long-term retention of backups, an archive repository for Veeam NAS Backups and some readers may even be familiar with the external repositories function.
The most popular method is using Blob as a Veeam Capacity Tier which is configurable within a Veeam Scale-Out Backup Repository.
Veeam makes available, for free, Visio stencils available from their website here which are useful for creating Veeam diagrams in Microsoft Visio. These stencils enable specific Veeam components to be illustrated in greater detail instead of relying on generic stencils found in the stock Visio library. I’ve been using these Veeams stencils for several years now while they’ve proven themselves to be beneficial they aren’t short of a few quirks and issues.
Recently, a colleague of mine, David Summers, mentioned he has been working on improving the Azure Visio stencils and could help improve the Veeam stencils the same tool he has developed. For those interested, David has had quite an interesting journey around Azure Services Visio stencils which is definitely worth a read over at his GitHub David-Summers/Azure-Design
After passing the Veeam stencils through his tool, the following changes were implemented.
Icons are now sorted alphabetically
New connections points have been added (North/North East/East/South East/etc)
New Connection points are relative to the centre/size of each icon
Text box is now placed at the bottom of each stencil icon, instead of the middle
Text box will now dynamically resize it’s width and height based on the amount of text
To make icons stand out, drop shadow has been enabled on all icons, this is a personal preference and can easily be disabled
Bonus PNG and SVG icons have been split out so third-party programs outside of Visio that support PNG and SVG can make use of them
The improved Veeam Visio stencils can be downloaded below;
Did you know that you can use DiskSpd to measure and simulate Veeam disk operations such as Active Full, Forward Incremental, Synthetic Fulls, even SureBackup and restore operations? By simulating Veeam disk operations, we can use this tool for troubleshooting Veeam backup and/or restore performance issues.
I wanted to try the tool myself so I’ve recorded some of the results after testing DiskSpd on my home desktop PC.
Was recently troubleshooting an issue with the Veeam Backup Enterprise Management (VBEM) web portal showing ‘Service Unavailable – HTTP Error 503. The service is unavailable’. Checking Windows event logs. the following error was recorded.
Turns out this is a known problem when VBEM is deployed on a machine that also has System Center Operations Manager (SCOM) agent installed.
To resolve this issue, it requires temporarily uninstaling the SCOM agent, restarting the VBEM service, verifying the VBEM portal works then finally reinstalling the SCOM agent using a particular method detailed below.
I recently had the opportunity to migrate a small regional office from Hyper-V to VMware by leveraging Instant VM Recovery of Workloads to VMware vSphere VMs available in Veeam Backup & Replication v10. With this latest Instant VM Recovery, Veeam can instantly recover any Veeam backup created by any Veeam product to a VMware vSphere VM. In other words, physical servers, workstations, virtual machines or cloud instance Veeam backups can now be restored to VMware. Veeam even handles the P2V/V2V conversion automatically with it’s own built-in logic. How good is that!
To get started, a backup was taken of the source Hyper-V VMs prior to the scheduled outage window. During the outage window, the source Hyper-V VMs being migrated are powered down and the Veeam backup job is run again to ensure all changes to the VM disks have been backed up. Once the backup has completed, the source VM should not be powered on again.
To start the migration process, browse to the backups, right-click the VM to be migrated and click ‘Instant VM Recovery’ then ‘VMware…’
At the next screen, ensure the selected restore point matches the time for when the VM was shut down and the last backup ran.
While attempting to instantly recover a Hyper-V VM to an ESXi host, Veeam encountered the following error, ‘failed to publish VM %name% Error: One or more errors occurred’.
Some Veeam users were discussing the same symptoms when ‘Server for NFS’ feature is enabled on the Veeam forums. In this particular case, the VBR/repository role is configured on a StoreEasy 1460 which runs Windows Storage Server 2016 standard and ‘Server for NFS’ feature was indeed enabled.
This is the second part of a three-part blog series on Veeam and Pure Storage FlashBlade. In the previous blog post, we configured a Network File System (NFS) share on a Pure Storage FlashBlade as a Veeam backup repository. In this blog post, we will be focusing on configuring SafeMode snapshots to harden the backup files that are residing on the FlashBlade.
Ransomware attacks continue to rise, with constantly evolving sophistication and complexity. A key part of ransomware resilience strategy is backing up data on a regular basis and implementing a strong line of defence against threats targeting the backup data. Adopting industry standards for data protection such as 3-2-1 rule, offline backups and immutable backup storage are effective techniques to protect backup data sets against malicious attacks. Now let’s discuss how to make your FlashBlade system an immutable backup storage target with SafeMode snapshots.
A storage snapshot is a point-in-time, image-level view of data that are impervious to ransomware. This immutability makes them an ideal layer of defense against ransomware. The problem with storage snapshots is they can still be removed by rouge admins or attackers if they gain access to the storage array management. In the case of a Pure Storage system, the deleted snapshots are temporarily stored in a ‘destroyed state’ that is similar to a recycle bin. If these snapshots are not recovered in a timely manner, they will be auto-eradicated and can even be manually destroyed prior to the auto-eradication.
The SafeMode snapshots on the other hand, cannot be deleted, modified, or encrypted either accidentally or intentionally. This prevents the manual and complete eradication (permanent deletion) of data backups that are stored within the FlashBlade. Due to their immutability, the SafeMode snapshots serve as an additional mitigation mechanism against ransomware attacks or rogue administrators.