An advantage of software-defined Veeam products is that they can be installed in many different ways and on any hardware your company owns and uses. They can be installed on-premises, or in any hyper-scale public cloud, you choose. To help customers architect, size, and secure the various Veeam products and features, the Veeam Solutions Architect team has created Veeam Security Blueprints (SBP) and they are publicly accessible.
Veeam Security Blueprints can be found at https://www.veeam.com/security-blueprints.html
Veeam Security Blueprints (SBP) are short (3 – 4 pages) scenario-based reference architectures covering common scenarios seen in the field.
Types of scenarios include:
- On-premises environment using multiple different vendor storage targets (HPE, Cisco, Pure, Exagrid, Cloudian, Lenovo, Zadara, Hitachi Vantara).
- Veeam cloud backup products (Veeam Backup for Azure, GCP, AWS)
- VMC on AWS and hybrid environments
- Veeam Plugins for Enterprise Applications (Oracle and Microsoft SQL)
- Veeam Backup for M365
- Veeam One
- Veeam Backup and Replication features (CDP and classic replication, YARA scanning and Secure Restore)
The SBPs include:
- A diagram describing component placement and traffic flow.
- A description of the scenario
- Component amounts and sizing
- Component Security recommendations based on industry standards (NIST, CIS, MiTRE)
The SBP follows the Veeam architecture method and is presented in easy-to-read sections.
Diagram and introduction:
The first section of the SBP includes a diagram and environment of what the SBP is describing.
The environment description sets the stage for the sizing information. A basic requirements, constraints, and assumptions (RAC) table has been added to further the scope and requirements of the SBP. This helps define the environment described in the SBP and helps define the component sizing and placement.
Component sizing:
The component sizing table lists the needed Veeam components and how they should be sized. These calculations are an example of what would be needed for a given size of an environment. The sizing shown has been “normalized” to match available hardware specs.
Some SBPs show sizing and hardware components (storage) needed from our alliance partners like HPE, Pure, Cisco, Lenovo, Cloudian, Exagrid, and Zadara. Others will be added as they are created.
Security recommendations:
This last section provides recommendations on securing the Veeam environment.
These recommendations include:
- Recommendations from NIST, CIS, and MiTRE as well as Microsoft
- Links to Veeam security best practices and alliance vendor best practices
- Recommendations for network switch (ethernet, Fibre channel) security
The Security Blueprints are updated to reflect new product releases and sizing guidelines. New Security Blueprints are created regulary as posted on the website as they are completed.
Veeam Security Blueprints can be found at https://www.veeam.com/security-blueprints.html
