Note Taking : Veeam Backup for Google Cloud Best Practice

 This is note-taking for Veeam Backup for Google Cloud (GCP Best Practice)

1. Configure Role-Based Access Control (RBAC) to manage portal users

• Portal Admin - full access (including configuration)
• Portal Operator - access management/infrastructure only
• Restore Operator - perform workload restore

2. Lower storage costs using archive class

• minimum retention 365 days
• automatic archiving to low-cost, long-term storage

3. Protect VB appliance with configuration backup

4. Monitoring Appliance Memory

• overconsumption due to high usage.
• Solution - reconfigure the appliance machine type to have more memory - n1 standard (4cpu, 15GB Memory)

Note Taking: Veeam v12 Enterprise Plug-In Enhancement

 This blog post is note-taking for Veeam v12 Enterprise Plug-in Enhancement

1. Central deployment and management for Veeam Plug-in for Oracle RMAN, SAP Hana and BR Tool (SAP on Oracle)

• Plug-in deployment via protection group
• same as Veeam agent deployment
• Policy configuration - Backup Job
• database
• transaction log backup
• compression
• channel
• scheduling

2. Veeam Plug-in for Microsoft SQL Server

• DBA-driven native backup to Veeam Repository
• Manual deployment to source SQL Server
• Able to run the backup from SQL Management Studio
• Backup data transfer to Veeam Repository
• Can do configuration, backup & recovery from this plug-in
• Supported environment
• OS: Windows Server 2012 R2 onward
• SQL : SQL 2014 SP3 - 2019 (x64 only)
• Enterprise, Standard, Web, Developer
• Cluster: Always on group including cluster less, Windows Server Failover Cluster with shared volume or shared disk

3. PostgreSQL backup and Restore

• Agentless for Linux VM
• Veeam Agent for Linux
• Log shipping
• Veeam Explorer for PostgreSQL

4. General improvement

• Hardened Linux Repo Support
• Kerberos support
• ipv6 support
• Certificate based authentication
• Linux group enhancement for plug in configuration access control

Note Taking : Veeam v12 NAS Enhancement

 This is a blog post on note-taking for Veeam V12 NAS Enhancement

1. Backup to object storage directly

2. NAS Backup - Copy mode

• copy recent data to the archive repository

3. Immutability for NAS backup

4. Storage Integration - Nutanix Files support on Veeam

• NAS Filer
• Automated snapshot creation
• Changed File Tracking

5. NAS to tape - File to Tape with new improved engine

• NAS backup to tape does not support GFS
• Tape job always writes latest restore point to tape

6. Instant File Share Restore

1. SMB shares - no longer read only and can migrate to production
2. NFS shares - can be published as read only SMB

7. Health Check available for NAS

8. Rotated Drives - with limitation

• only for backup
• Not for archive repository, backup copy

Note Taking : Veeam v12 Tape Enhancement

This is a blog post taking for Veeam v12 Tape Enhancement

LTO 9 Support

Tape Server on Linux

• Not recommended running on hardened linux repository
• Put on a separate Linux machine
• Linux uses SCSI drivers used
• Tested on IBM
• Support x64 system only. Same as VBR repository/proxy in v12

New File to tape job

• Require to license - VUL
• 1 instance = 500GB
• Allow to backup directly to tape using file to tape job
• Better performance & optimization (parallel tape drive support, database optimization, backup and enumeration run at same time, asynchronous read)
• Retain permission like NAS Backup
• Cross ACL restore is not supported (Windows to Windows/Linux to Linux)
• Path exclusion supported
• Console display for file to tape job (file share). Able to restore file to tape job
• V12 last backup time is stored in UTC format

NAS Backup to Tape

• Avoid load on production NAS storage
• Fulfill 3-2-1
• Source -> NAS backup to Disk -> File to Tape
• NAS backup/and or NAS backup copy as source
• Tape job always writes latest restore point to tape
• NAS backup to tape does not support GFS
• A periodic full backup is available for file to tape/NAS to tape
• Files are store in native format. Restore files as files
• Does not consume license for NAS to tape

Other tape enhancement

• Support backup object storage to tape
• Daily GFS & Monthly media set
• Display current activity on tape drives
• Eject after inventory or catalog
• Audit for tapes
• Windows event
• File from tape restore audit
• General options > security > audit logs location
• Default to C:\ProgramData\Veeam\Backup\Audit

Note Taking: Veeam v12 Security Enhancement

This is a blog post on note-taking for Veeam V12 Security Enhancement

Your responsibility

1. Secure your infrastructure

2. Secure your data

3. Secure your session

4. Secure your application

5. Secure your visibility

Base security

• Support ipv6
• All supported except
• Veeam Backup for Nutanix and RHEV
• Plug in for AWS, Azure and GCP
• Unmanaged Veeam Agent
• Kasten - not tested

Data Security

• Any repository with immutability
• Hardened repository
• Object lock for object storage
• Storeonce catalyst
• Primary Backup and archive
• NAS backup immutability
• Enterprise Plug-in backup immutability

Authentication

• Group managed service account for Application-Aware Image processing
• Backup Server does not store password 
• Backup Server gets password on-demand from Active Directory
• Recovery Token for bare metal recovery on Veeam Agent

Application Security (Session)

• MFA for Veeam Console
• Auto Log off after X minutes

Visibility

• Classified data marking- by use tag/label. Required for security certification.
• New column in inventory: last backup. To identify who perform the action 

Security update subscription

• https://veeam.com/knowledge-base.html
• Select security advisory
• Enter your email address