Skip to main content
  • EN

Veeam Data Cloud Vault (VDC Vault) is a secure, fully managed cloud storage solution designed to simplify data protection for hybrid and multi-cloud environments. It offers zero-configuration, management, or integration complexities, making it easy to safeguard Veeam Backup and replication backup archives in a secure off-site location with a consistent subscription price.

 

With Veeam Data Cloud Vault, you can effortlessly achieve the 3-2-1 rule: three copies of data, two different types of media, and one copy offsite.

 

The Veeam Data Cloud Vault ensures data immutability, logical air-gapping from production, and AES 256-bit encryption, providing robust protection against cyber threats.

 

Technical Requirements

 

Security Blueprint

The Veeam Security Blueprint reference architecture for an on-premises backup copy to VDC can be found on the Veeam Community site at https://community.veeam.com/security-blueprints-126.

Storage options

The following Veeam Backup & Replication backup archives can be stored in VDC Vault:

  • Backup archive copies created with Veeam Backup Copy Jobs (BCJ), including GFS long-term retention.
  • SOBR offload to capacity tier, including GFS long-term retention

Unstructured data cannot be stored in VDC Vault.

Retention period

All Backup Archives copied to VDC Vault by a backup copy job (BCJ) or by using a Scale out Backup repository (SOBR) offload to capacity tier (VDC Vault) are immutable by default for the duration of the retention period set in the job. The immutability flag is set by default and cannot be removed.

 

The retention period can be changed as needed to meet your business’s requirements regarding backup archive retention.

 

Encryption requirements

All backup archives copied to VDC Vault must be encrypted as part of the BCJ or SOBR offload job(s).  This includes any backup archives that need to be copied to the VDC Vault using the Veeam backup move function.  

 

Backup copy jobs can have encryption set on the Advanced settings page.

 

In a SOBR, the encryption is set in the properties of the SOBR on the Capacity tier page.

 

Make sure your encryption key is kept in a safe and secure location.  KMS is supported.

 

Immutability period

Veeam Backup & Replication allows you to prohibit deletion of data from the VDC Vault by making that data stored temporarily immutable and to protect data against malware activity by maintaining several versions of a single backup.

 

Immutability is enabled by default and cannot be disabled. The default immutability period is 30 days, but it can be changed to meet business requirements at setup. 

 

Migration Strategies

 

Two main strategies for migrating data to Veeam Data Cloud Vault exist: letting data age out or actively migrating. There are different considerations for each strategy that must be considered when determining the best course of Action.

Large backup archive sets can be “seeded” from existing backup archive repositories (other object storage providers, on-prem storage) using the “Veeam Data Mover Service” (VM Move) function - https://helpcenter.veeam.com/docs/backup/vsphere/veeam_transport_service.html?ver=120.

 

When using the Veeam Mover Service to migrate data to VDC Vault, consider the following:

  • The Veeam backup archives on the source repository must already be encrypted (BCJ, SOBR Offload)
  • If the source repo uses Veeam immutability, the data in the old source repository cannot be deleted until the immutability period has expired.
  • The source job will be disabled while the Veeam Data Service is moving data.

If your source data is not encrypted or jobs can’t be encrypted for the repo type (using a dedupe appliance), a “cut over” strategy is the simplest solution. 

To do this, change the source repository for the BCJ or the capacity tier to the new VDC Vault repository.  

Leave the old source repository(s) in the Veeam backup and Replication server, and it will age out and delete the older restore point since their retention and immutability period expires.

 

Conclusion

 

Veeam Data Cloud Vault offers a robust and secure solution for data protection in hybrid and multi-cloud environments. 

VDC Vault offers:

  • A zero-configuration approach
  • AES 256-bit encryption 
  • Immutability 
  • An immutable logical air-gap copy of Veeam Backup and Replication backup archives

By meeting the technical requirements and following the migration strategies, organizations can seamlessly transition to Veeam Data Cloud Vault and benefit from its comprehensive data protection features. Whether you choose to let data age out or actively migrate, Veeam Data Cloud Vault simplifies the process and provides a reliable storage solution for your critical data. 

This is such an interesting product so will be checking it out as we are already looking at and testing VDC for VB365.  Thanks for sharing the details Joe.

nice guide thx for share.

Always nice to see more info on the cool VDC offerings <3

Nice writeup Joe! 

Nice walkthrough. Thanks for sharing ​@vmJoe .

Nice Joe. Thanks!

Comment


Terms & Conditions