A flexible file backup Strategy – Part 2

In this second article, we are going to cover the File to Tape strategy.

Why tape devices are still widely present in the IT department?

  • It’s a good way (but not the only one) to manage the offline backup data (read it as improving the Security Strategy of your data).
  •  Media can be easily carried or moved (read it as Portability).
  • Deployment is often very quickly (read it as speeding up the adoption).
  • It has a potentially infinite capacity (Just adding media).
  • The LTO is a neverending technology in a continued evolution.
  • The tape is a well-known device, IT operators have the skills to manage it.
  • The costs for GB is lower than disk technologies.
  • The costs are quite predictable, managers can budget it easily.

VBR needs a Windows Physical Server named Tape Server to control the Drives and Robotic, LTO3 or later Drives, and MS-Windows drivers (supply by the hardware vendor).

The official user guide available on the Veeam site gives all detailed info.

Just a note before starting:

VBR uses Tape Technology in two different ways.

The most used one is back up to tape (Picture 1).

In this case,  the source backup data are the backups already present and created with a backup job or backup copy job.

They are saved to Repository (Repository is a Disk technology).

It means that the scope of backup to tape is to pour out data to tape.

Picture 1

Please have a look at the following video (https://www.youtube.com/watch?v=Il8mH2KB_Uo) to get more details.

The second way is File to Tape and it is the topic of this article (picture 2).

https://lnx.gable.it/wp-content/uploads/2021/01/nas-7.jpgPicture 2

Which type of source files can be saved to tape?

  • Windows & Linux servers (virtual or physical doesn’t matter)
  • NAS file share (SMB (CIFS) and NFS ).
  • NDMP filers (it will be covered in the next article).
  • How does it work?

Picture 3

Picture 3 shows the data streams when a tape process is performed:

  1. The main components are Data Movers. These Services run on the source and on the Tape Server.
  2. VBR triggers the source Data Mover to perform a copy of the files to the target. At the destination, the target Data Mover check if the files have arrived correctly.
  3. The tape Server manages the write operation to the tape also.
  4. VBR stores all info about files saved (media used, retention, etc.)  in a catalog.
  5. In the restore scenario, the step order is four to one.
  • *Note: To perform a backup of Windows and Linux servers, it is requested to add those servers to the managed server as shown in picture 3. Through this process, the Data mover service is properly installed.
  • Network Share: Adding SMB/NFS Share as shown in the previous article (A Flexible file backup strategy – Part 1).
Picture 3
  • Common scenarios

File to Tape backup can be used by any customer. You need just a Tape Server, Tape Devices, Drivers, and VBR.

There are at least two main cases:

  • Customers who want a copy of their data to tape.
  • Customers with a small budget who doesn’t need rapid restore

The next video will show how to set it up.

Main Pro

  • There is not a room limit. It means the license doesn’t count how many GB, TB, PB will be written to Tape.
  • The VBR architecture is as usual flexible. It’s possible to add more tape servers and more than 1 tape library.

Version 11 will add more great features:

  • Tape cloning (https://community.veeam.com/blogs-and-podcasts-57/tape-improvements-in-vbr-v11-277)
  • Tape verification (https://community.veeam.com/blogs-and-podcasts-57/part-ii-tape-improvements-in-vbr-v11-289)

Cons

*This behavior is quite common to all backup software that writes data directly to Tape.

  • For saving a file, VBR needs to trigger a process of discovering the file to the source, gathering and writing it to a media.

If you consider that the common NAS scenario is composed of millions of small files and thousands of folders and that the tape technology has to choose for every file the location in the media (where the file will be copied)  it’s clear that this process, common to all backup servers, stresses the hardware architecture and in particular the drive header.

The backup process has a small speed advantage compared to restoring because writings to media are often sequential and not random.

Image to restore 10k files located in 10k different positions in a single tape.

The drive has to perform a great job. It is going to suffer from an effect called shoe-shining (also known as tape back-hitching)  which occurs when a tape drive cannot transfer data at an acceptable speed.

Shoe shining can contribute to data loss over time, as the repeated back-and-forth motion will wear the tape drive’s read/write heads and negatively affect the readable portion of the tape

  • Loss of Tape Cartridge Capacity
  • Increased Risk of Read/Write Issues
  • Excessively Worn Tape Drive Heads
  • Low Data Transfer Rates
  • Data Loss
  • The Veeam DB needs to be sized correctly and the best practice is to switch from SQL Express to SQL Standard
  • Media management is quite challenging when the amount of tapes is big. Remember to store them in a fireproof and non-magnetic safe.

Do you also prefer the NAS backup feature introduced in v.10? Let me know!

That’s all for now.  

See you next week for talking about NDMP

A flexible file backup Strategy – Part 1

As many of you know, one of the biggest innovations introduced in VBR version 10 is the support of NAS backup.

Does this mean that it was not possible to save the unstructured file data before?

Actually not, more than one options were already present.

The scope of the next articles is to show when and how to use those technologies to answer customer needs.

In all the cases the product used is the powerful VBR.

The four main topics are:

  1. NAS Backup
  2. File Backup to Tape
  3. NDMP
  4. File Backup to Disk

For each of the above-mentioned items, the articles will show:

  • How it works
  • Common requests and scenarios.
  • Technology, Pro & Cons.

Let’s start!

1- NAS Backup

  • How does it work?

Veeam mantra is “innovate“!  A clear example is represented in the NAS technology.

The primary idea on which this technology is based is to track the changing of the unstructured files.

Let’s clear it up with a comparison: I’m quite sure all VBR users know the CBT (change block tracking) technology strongly used by VBR to create backups of VMs. It allows saving data blocks that have been changed from the previous backup.

The ingenious idea of Veeam R&D is to use this approach when files and folders must be saved.

I called it  FCT (File change Tracking).

How does it work?

When a NAS backup is performed, VBR calculates on-fly the CRC (Cyclic redundancy check) of any single file that has to be saved. Those metadata are stored in the cache repository (points three and four of Picture 1).

Picture 1

Why is this pre-process so important? Because thx to it it’s possible to:

  • Perform incremental backup forever (only new and changed files are saved). It means a shorter backup window.
  • Speed up the restore phase; image the scenario where a customer has 5 PB of data and luckily just 1 TB of data has been attacked by a Virus or accidentally deleted by a script.
    The IT manager will ask to restore just 1 TB and NOT all PBs.

VBR using the “FCT” can understand which files have been changed /deleted with respect to a specific Restore point and restore just those needed.

This great option is called “rollback to a point in time“.

Just as a reminder, there are two more ways to restore data, Entire file share and single file and folders.

  • Common scenarios

NAS backup can be used by any customer. You need just a repository and a valid license (VUL).

The scenario I like to talk about is where the customer has big fillers in his environment.

Why?

Because it is possible to leverage the storage snapshot to gather files as shown in picture 2.

Version 11 will have improvements in this area too. Stay tuned by signing up to Veeam site (https://go.veeam.com/v11).

Picture 2

Leveraging the storage snapshot a customer can

1. Speed up the backup process.

2. Save files though they are in use (Open files can’t be saved by a backup process while they are processed by users).

This integration allows performing backups to any hour of the working day without any attention to the status of the file.

Main Pro

a -The architecture is very scalable because it leverages the concept of proxy very common to VBR.

Proxies are the data mover that collect data from the source and send them to the Repository. The File Proxy has also the responsibility to calculate the FCT.  You can add more proxies when you need to address the backup of big amounts of data.

b- The files saved to the Repository are written in a customize format. They are managed as an object in a vBLOB Storage and contain the metadata of every single file saved (they contain info about which folder the file belongs to and which are the file rights also).

Pictures 2 and 4 show the new format of the backup file for NAS.

Picture 3

Picture 4

The main advantage is that all file restore tasks are very very fast!

c- It’s possible to copy backup data to the secondary repository setting different retentions. It allows answering the common request to have a copy of backup data in another location (3-2-1 rule).

d- It’s possible to create an archiving backup file policy through the object storage VBR integration. Picture 5 (taken from the VBR user guide) shows the main repositories option available with NAS Backup.

Picture 5

Cons

It doesn’t support the transfer to Tape Devices. Please read the article about NDMP and File to Tape to get an interesting solution.

That’s all for now.

See you in a couple of days for File to Tape Backup

Ransomware defense part 3: Monitoring and more

In the previous articles, I described some good ideas to design your architecture to keep it safer as much as possible.

One of the greatest challenges the IT guys have to face is finding the right balance among design, deployment and budget.

It’s very important to have the right tools to measure architectural behaviour. In this way you can easily:

  1. Watch from a privileged point of view the architecture. Let’s image to be on the top of a mountain watching people and goods moving at the bottom of the valley”
  2. Launch the defending actions when an attack is on-going. Referring to my previous example, it’s like blocking some passages to people and goods.
  3. When the attack is over remove any possible threat left (cleaning the passages).
  4. Do a thorough workup understanding of the weak points of your architecture and create a plan to reinforce it.

Monitor tools are your sentinels, but they need to be trained to trigger also the first defense lines. Imagine the new sentinel as a lieutenant warrior with a varied arsenal of weapons.
To be clearer: the required features monitor and respond to actions in function of the severity of the alarm.

But why is measuring so important? The reason is that you can define the KPI (Key performance indicator) for your environment and periodically check if the measures are respected.
In other words, it is possible to measure the service level and understand if the budget and skill invested in the company are enough to address the backup security challenges or if more tunings actions or some great changes are needed.

Let’s see how to use Veeam One to address this common request:

The Possible ransomware activity alarm keeps tracking of the Operating system of the VM.

As shown in picture 1 the monitored counters are by default CPU, Datastore write Rates and networking transmit rate (the case of copy offsite of sensible data for future blackmail).
The value counters can be changed to adapt to your own needs (Tuning phases) and more counters can be added to monitor more objects as shown in picture 2.

Picture 1

Picture 2

Another alarm already present in Veeam One is “Suspicious increment backup size“.

It checks if the restore point size is significantly different from the previously created ones.

The two main reasons I like  Veeam ONE are:

  1. Very easy to use
  2. Customizing the action after an alarm has been triggered

Thx to “customizing action” it’s possible to launch your antivirus/antimalware on the VMs belonging to the backup job that has triggered the suspicious alarm, or disconnect the repository from the network, or what else you wrote on your incident and rescue procedure.

The main point here is that you can manually click on it or automatically execute the action as shown in picture 3

Picture 3

Veeam One has furthermore an exhaustive technology of reporting.

If an alarm is a good way to intercept an error or a misconfiguration because  it works in real-time, through the reporting it is possible to check the status of your protection (KPI, SLA….), understanding the exercise and security cost of your production environment and forecasting the new investment to implement in the next years.

Which are the reports to use?

All of them are important and an all report list is available from the following link: Reports 

Just as an example please check the use of the following

The next article will talk about which are the automatic procedures you can adopt to check your backup infrastructure.

Take care and see you soon