Why should a customer choose VEEAM Cloud Connect as BaaS with a service provider?
10 reasons why it’s such an asset to put a backup copy to a service provider using Veeam Cloud Connect
1 – Offsite backup copy
You all are familiar with the 3-2-1-1-0 golden rule (see my post at 3-2-1-1-0 Golden Backup Rule | Veeam Community Resource Hub), there should always be a backup copy available at an offsite location. Not all customers have the luxury having multiple sites with IT infrastructure available. In that case syncing a backup copy to a Veeam Service Provider is a perfect option having an offsite backup copy available.
2 – Secure end-to-end encryption
Be assured that all data is encrypted at the source (before it leaves the network of the customer), in transit and in storage at the service provider. This without affecting the data reduction ratios of built-in compression. When using a small bandwidth in comparison with the volume of data, a WAN Accelerator is a possible option to use.
3 – Protection against ransomware
Ransomware is very active these days. Ransomware encrypts your important and valuable data. More and more ransomware first encrypts your backups and then it encrypts your data. Therefore it’s very important to protect your backups as much as possible. Ransomware is especially infecting local drives and shares. A solution is again a copy to VCC, it’s using an SSL-connection to the service provider, therefore an extra protection to your backups.
4 – Protection against hackers
If a hacker hacks your IT-infrastructure and can get administrator permissions on your backup-server, than this hacker can of course delete all the backups… even the backups available at the service provider using the VBR-console or Powershell commands. This is by design.
But Veeam has created a solution for that!
If the service provider has enabled the feature Insider Protection for the tenant, than the deleted backups at VCC will first being put at a seperate folder (‘recycle bin‘) where it stays for a number of days set by the SP. This folder is not visible or accessible for the tenant (or in this case the hacker), but only for the service provider.
Be aware that scheduled GFS backup(s) are needed. This has no impact on the customer, only at the service provider because of using synthetic full backups.
In case of such a disaster, the service provider is able to copy those backup files to external media or public shared storage to put it available for the customer to restore the necessary data.
5 – Proximity
In most cases the service provider has implemented the VCC environment on-premises or in a datacenter in the same region. This gives the advantage of having a greater ‘trust’ than having its data somewhere in the public cloud. It has also the advantage of having the data sooner available in case of a disaster as mentioned in topic 4.
6 – Managed and monitored by service provider
In normal behaviour of BaaS the service provider will manage and monitor your backups at the VCC environment. This gives you as a customer more peace of mind.
Recommended is that the service provider organizes also scheduled restore-tests at their side using the backups of the customer to be sure that a good valuable copy is available at the SP.
A handy way of doing that is using the feature Direct Restore to Azure or AWS if the SP has not enough resources available. The SP only needs temporarely resources at the public cloud.
7 – Protection against disaster
If a real disaster happens at the customer’s site (earthquake, flood, …), backups are perfectly available at the service provider. Several options are possible then : copy the backup-files to external media and give them to the customer, direct restore the VMs to the public cloud or if the customer has ICT hardware available : just install VBR, add the service provider credentials and restore the backups over the secure SSL-connection to the available hardware.
8 – Backup copy in secure location
As already mentioned in topic 5, most of the service providers have implemented their VCC environment in a secured datacenter. This has the advantage that a datacenter is a secure location : only allowed people are having access to the building, the servers are running in ideal circumstances (temperature, dust, electricity flow, …)
9 – Possible alternative for tapes
A lot of customers are using tape-devices for having an airgapped backup copy. The disadvantage of that is : there is always manual handling needed (the tapes must be transported to an offsite location to follow the 3-2-1-1-0 rule) and tape-devices are mechanical devices, therefore sensitive for technical failures. An alternative is VCC : full automatic, no manual handling needed. Ok, it’s not a real airgapped solution, but when the feature ‘insider protection’ as mentioned in topic 4 is enabled, in my opinion it’s a worthy alternative for an airgapped backup with less handling.
10 – No extra licensed needed
Is using VCC, no extra licenses are needed. The customer only needs to use a paid license of Veeam Backup & Replication or Veeam Agent.
The customer only needs to pay the costs mentioned in the BaaS agreement of the service provider. In many cases this is : pay-as-you-grow. The more storage is needed, the more you pay.