• EN

Cloud City update from Veeam Resiliency Summit 2023

  • 25 October 2023
  • 4 comments
  • 114 views
HangTen416
Userlevel 7
Badge +10

On October 24th, 2023, Veeam held it’s Resiiency Summit where many security enhancements and other announcements were made around the next VBR release (12.1) as well as the full Veeam Data Platform (23H2). Both of those are expected to be released in early 2024. In addition, the next versions of the Veeam Backup for AWS, Azure, and GCP will be released around that time. VB365 v8 is also coming soon.

If you missed the Summit, you can still register here and watch the presentations on demand:

https://www.veeam.com/veeamon-resiliency-summit

The exciting thing for Cloud City was that there was a full stream of content covering topics that are of interest here:

 

Here I want to do a quick run through of announcements and enhancements which I think are exciting for anyone working with backup of public cloud data and systems.

  • Data resilience for the future cyberthreat landscape demonstration with Rick Vanover and Emilee Tellez

During this session, Emilee and Rick showed the new SIEM integration which will provide a direct connection to a Syslog for centralized log monitoring, analysis, reporting and alerting. This will be available both from a VBR server AND from a Veeam ONE server which means VB365 logs will be able to be collected and sent to a Syslog server.

  • Veeam Backup for Salesforce v2 What’s New with Rick Vanover

In this session, Rick put together a quick but comprehensive overview of why Salesforce needs backups and how easy and effective the Veeam solution is. If you’re here, you probably already know about the shared responsibility model. With Salesforce’s native “DR” plan, they will keep a copy of your data but not the metadata and if an incident occurs, it can take up to six weeks for them to send you your data in CSV form. Rick outlined nine reasons why Salesforce backup is necessary. Administrator error, user error, developer error, over-privileged users, updates from Salesforce breaking something, errors in integration with other third party tools, data corruption such as during an account merge, malicious agents, and poor hygiene.

So an effective third party solution is needed. Enter Veeam. Veeam Backup for Salesforce is a Linux based deployment with a connection to a PostgreSQL database (which can be installed with the product or connected to as part of the configuration). This allows flexibility to be deployed on premise or on any of the public clouds. It provides comprehensive backup of all data, files, and metadata. It allows fast and granular recovery. It allows custom scheduling. One great feature which Veeam has in a lot of their products is “comparison with production” and it is available in this product as well. This saves so much time in identifying and restoring only the data that is missing. In addition, there are other great capabilities, such as restoring hierarchy and sandbox seeding, and security enhancements, like SSO and MFA, which were discussed in this session.

  • 10 Veeam Backup for Microsoft 365 Security Tips​ with Emilee Tellez

This session started with a brief overview of what differentiates VB365 from other M365 backup solutions and ran through a history of the product which I found very interesting. No hints about what’s coming in v8 but I’m sure there will be some great additions when that comes out.

For those who won’t watch the session, I’ll summarize the 10 tips (and the bonus tips)

  1. use Modern app-only authentication
  2. Follow least-privilege with required permissions for application registration
  3. Don’t join backup server to same domain as protected workloads
  4. On backup proxy: use firewall to only allow necessary Veeam ports
  5. On backup proxy: use TLS v 1.2 or newer and strong cipher suites supported by M365
  6. Leverage survivable storage with object storage repositories being far more recommended than block storage
  7. Ensure separate storage accounts are used for backup, backup copies, and even per proxy
  8. Enable encryption on object storage repository
  9. Follow 3-2-1-1-0 with backup copy with immutability
  10. Use separate subscription for backup copy data
  11. Bonus! Separate Rest API/Self Service Restore Portal for larger organizations. Use a signed certificate
  12. Bonus! Restrict access to object storage to designated endpoints
  13. Bonus! Review portal operator roles and assignments

  • Five Steps to a Secure Cloud Backup Architecture​ with Sam Nicholls and Julia Furst Morgado

This was a great session covering the basic principals which apply to Cloud Backup Architecture which echo what is necessary for backups of on premise resources. The 3-2-1 rule still applies as does the need for a logical air gap. The difference is in how those are implemented. The concept of security boundaries was discussed whether they be at the account (AWS), subscription (Azure), or Projects (GCP) level. Don’t save your backup data in the same security boundary as production.

They also discussed the need to implement the Principle of Least Privilege (PoLP). It’s essential to lock down credentials to the minimum necessary and to have a system to audit, delete, and rotate credentials. Also, it’s important to leverage RBAC and MFA to further manage and secure the backup infrastructure.

Next was a summary of the immutability and encryption options which should be leveraged for AWS and Azure.

The section on validating recoverability was very interesting to me. That’s where the “rubber meets the road” so to speak. They suggested CRC health checks, staged attack and recovery testing, and recovery to alternative environments whether that is to another public cloud, another region, or on premise. I would add to that, comprehensive and up-to-date documentation.

The next part was a discussion of all the new security and other enhancements which are coming in the next releases of Veeam Backup for AWS, Azure, and GCP. I was going to put a slide here but if you’re really interested, please go watch the video! (I have to put at least one teaser in here)

The last announcement was about the new Cirrus by Veeam product which is Veeam’s new Backup As A Service offering for M365 and Azure. You can read more about that here: https://www.veeam.com/news/cirrus.html

 

That’s my recap of Veeam Resiliency Summit as it applies to Cloud City. Have a great day and keep on keeping on. 😎

VMCE2024 | VMCA2022 | Veeam Legend

4 comments

Scott
Userlevel 7
Badge +8

Great writeup! The Resiliency Summit had some pretty exciting news of upcoming features and benefits of Veeam. 

Chris.Childerhose
Userlevel 7
Badge +20

Great writeup and summary Hin.  There are some great Security features coming that we are going to leverage once they do, and I love the Object Storage backup which I have yet to test.  😁

Chris Childerhose - VMCA2022 | VMCE2023 | Veeam Vanguard 7* | Veeam Legend 3* | vExpert 5* | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
dloseke
Userlevel 7
Badge +6

The sessions were great!

Derek M. Loseke, Senior Systems Engineer | Veeam Legend 2022-2023 | VMSP/VMTSP | VCP6-DCV | VSP/VTSP | CCNA | https://technotesanddadjokes.com | @dloseke
CarySun
Userlevel 7
Badge +7

Nice recap. There are lots of new features. We have lots of work to test them and share in communities. :)

Veeam Vanguard | Veeam Legend | VMCE 2024 | Microsoft MVP | Cisco Insider Champion | CISCO CCIE #4531 | Web Site - carysun.com | Blog Site - gooddealmart.com | Blog Site - checkyourlogs.net | X: @SifuSun | LinkedIn: https://www.linkedin.com/in/sifusun/ | Amazon Author: https://Amazon.com/author/carysun

Comment


Terms & Conditions