Skip to main content

Dialogue: Resilience Strategy with Veeam

  • July 7, 2026
  • 4 comments
  • 19 views

HunterLAFR
Forum|alt.badge.img+10

Hello everyone!

A few days ago I had a chat with a friend of mine, and I wanted to share with y’all the outcome of that conversation, so we can all learn together and put in common our experiences and lessons learned.

here we go:

 

Me: Hello everyone! Welcome to a new episode. Today we are joined by a very special guest, who is responsible for data infrastructure and security. We are going to talk about a critical topic: Backup and Disaster Recovery (DR). Welcome! How are you doing?

Guest: Hello! Thank you so much for having me. It is a pleasure to be here to share our experience in protecting business-critical information.

 

Block 1: Architecture and Storage

Me: Excellent. Let's dive straight in. Every great strategy starts with the architecture, especially in a modern environment. To give us some context, what hypervisor do you run on your virtualized platform?

Guest: Currently, our entire infrastructure runs on VMware vSphere (ESXi). However, thanks to Veeam’s flexibility, our backup management would look exactly the same if we had hybrid environments running Hyper-V or Nutanix AHV.

Me: Perfect, a solid foundation. Moving on to long-term retention and the golden rule of backup, do you use cloud storage? Did you opt for S3 technology?

Guest: Yes, absolutely. We use Amazon S3-compatible object storage in the public cloud. We integrated it directly into Veeam’s Scale-Out Backup Repository (SOBR) as our Capacity Tier. This allows us to automate the data lifecycle seamlessly and cost-effectively.

Me: Very nice. Before we look at how you configured all of this, let's talk about business expectations. What RTO (Recovery Time Objective) and RPO (Recovery Point Objective) does the business demand nowadays?

Guest: The business has become extremely demanding. For Tier 1 critical services—like transactional databases and our ERP—we are required to hit an RPO of under 15 minutes and an RTO of less than 1 hour. For secondary or support servers, the margin widens to a 24-hour RPO and a 4-hour RTO. We designed the entire strategy with these targets in mind.

Me: With such tight numbers, there is no room for error in the design. How did you structure the local storage and the 3-2-1-1-0 rule using Veeam?

Guest: We follow that rule to the letter.

  • Critical virtual machines are backed up locally first onto fast storage (Tier 1) for instant recoveries.
  • Then, Veeam automatically copies that data to an immutable secondary repository on-premises.
  • Finally, we send the encrypted copy to the S3 storage we mentioned earlier, applying Object Lock policies to ensure logical air-gapping against ransomware attacks.

Me: You mentioned immutability. Nowadays, with the constant threat of ransomware, that is no longer optional, right?

Guest: Totally. We enabled Hardened Linux Repositories locally and Object Lock in S3. If malware encrypts our production network, it cannot touch, delete, or modify the backups stored there during the defined retention window. It is our ultimate safety net.

 

Block 2: DR Strategy and Orchestration

Me: Backup is only half the job; the other half is recovery. Meeting an RTO of under an hour during a complete primary site failure requires a serious DR strategy. How do you achieve that?

Guest: For DR, we don't just rely on traditional backups. We use Veeam CDP (Continuous Data Protection) to replicate our most critical virtual machines continuously to our secondary data center. This delivers an RPO of mere seconds without impacting production performance. For the rest of the servers, we use standard scheduled replication every few hours.

Me: And during a real disaster, spinning everything up manually can be chaotic. How do you manage the activation of the plan?

Guest: That is where automation comes in. We use orchestration plans with Veeam Recovery Orchestrator. With a single click, the system powers on the replicas in the correct order: databases first, then applications, and finally front-ends, while automatically verifying network mapping. We eliminate human error under pressure.

 

Block 3: Lessons Learned and Past Mistakes

Me: Nobody is born an expert, and experience is built through trial and error. What have been the most valuable lessons or mistakes you had to fix along the way?

Guest: Lesson number one was: "An untested backup is a non-existent backup." In the beginning, we mistakenly assumed that if a job ended in "green," everything was fine. One day we needed to restore a database server, and although the backup file was perfectly intact, the VM's operating system failed to boot due to an internal corruption that happened prior to the backup.

Me: A classic and painful scenario. How did you solve it?

Guest: We implemented Veeam’s SureBackup and SureReplica. Now, the system automatically boots up the backups every night inside an isolated environment (Sandbox). It verifies that the OS starts, checks internal application services (like SQL or Active Directory), and sends us a report. If it passes the SureBackup test, we know with mathematical certainty that it is fully recoverable.

 

Block 4: The Future and Next Improvements

Me: To wrap up, technology never stops, and infrastructures constantly shift. What improvements or next steps do you have planned for your protection strategy?

Guest: We are looking at two main fronts. First, container adoption; we are starting to migrate workloads to Kubernetes, so we will integrate Kasten K10 by Veeam to unify management. Second, we want to improve early threat detection by feeding Veeam’s suspicious activity alerts directly into our centralized SIEM.

Me: A strategy in constant evolution, just as it should be. Thank you so much for sharing your insights and opening up the toolbox of your infrastructure.

Guest: Thank you! The best advice I can leave everyone with is: invest in your DR strategy today, so you can sleep soundly tomorrow.

 

cheers.

4 comments

Chris.Childerhose
Forum|alt.badge.img+22

Sounds like it was a very interesting conversation Luis.


HunterLAFR
Forum|alt.badge.img+10
  • Author
  • Veeam Legend
  • July 7, 2026

Sounds like it was a very interesting conversation Luis.

It was, and the pints and food was also better!!

😉


coolsport00
Forum|alt.badge.img+23
  • Veeam Legend
  • July 7, 2026

Good points made during this discussion. Thanks for sharing Luis. 😊


wolff.mateus
Forum|alt.badge.img+12
  • Veeam Vanguard
  • July 7, 2026

Nice topic! It's great to see different environments and strategies.

Id also like to see the topology behind this.

 

Have we had any sessions about this? I think it would be interesting to have a dedicated space to
discuss topologies, environments, and deployment strategies.