News, guidelines and various community projects
With multiple reports what seems to be about every week of ransomware attacks, especially the recent big one here in the States on the Colonial Pipeline, I thought it would be a great idea to start a continuing discussion on how best to protect your environment from ransomware. What are ways you can implement ‘security-in-layers’ and configure your backup environment to provide you and your company the best possible recovery scenario in the event of a ransomware attack?I will not provide an exhaustive list, but will instead just begin this discussion off with a few configuration options for your BU/DR environment which can help protect you in the event of a ransomware attack. First, if you’re not aware, Veeam has transitioned from its “3-2-1 rule” to a more wholistic “3-2-1-1-0 rule” > 3 copies of data, 2 media types, 1 copy offsite, 1 copy immutable/airgapped, and 0 recoverability errors. With that in mind, I will start off with the following configuration options I recommend for y
i had some discussion on the matter of retention times in context of protection against ransomware/insider attacks. Setting up a hardened repository and making data immutable for a certain amount of time is great stuff to implement. But how long is long enough?I can remember some research or reports stating there is an "average" discovery time of ransomware / encrypted data , but i cant seem to find the articles anymore.What would people here recommend for setting retention times for specifically protecting against these attacks?I'm thinking about something arround 14 - 31 days of immutable daily backups at minimum. Any shorter has higher chance of matching an attackers' maximum amount of patience for example, to just let data expire on the repo before taking action perhaps.Or are you seeing pretty short detection times in your experience and the most recent backup was used most of the time to recover? I'm crossposting from the R&D forum. Perhaps it is better to dicuss this here.
Please include NAS backup jobs in the Latest Job status Report. In general more reporting for the NAS jobs would be beneficial. We have compliancy requirement to provide a report of our Full backups completion to our finance department. This has been Surprisingly Difficult to complete with Veeam One.
Edwin Explain to Us in this Note: Ransomware 🏴☠️ : Curse or Blessing?!https://www.linkedin.com/pulse/ransomware-curse-blessing-edwin-weijdema/?trackingId=0DKQO%2FOkDL4tTvwJBriSmw%3D%3DWould you like to know more about this subject and what you can and should do? Then I would like to invite you to #VeeamON 2021, if you take data security seriously. Save your spot through this link: https://www.veeam.com/veeamon/register
For many years I have used Veeam in conjunction with NetApp storage to deliver an extraordinary backup experience for my customers running VMware. It allows me to do snap based backups and kick off replication. Then I can take the traditional streaming backup from the secondary storage to another device.The rub is that Hyper-V is NOT seeing the same amount of integration now or ever… With so many folks looking at Azure; it seems like this would be a no brainer. This would allow for customers to experience a seamless hybrid cloud experience orchestrated at the backup layer without VM stun… Maybe v11 has fixed this… Please someone chime in!!!
We have Veeam B&R 9.5U4 and need to back up a Vcenter Server appliance. Is this possible?if so, what settings should be used? What are the best practices?Storage: Advanced Settings: Backup, Storage, Vsphere?Guest processing: Application aware processing, Guest file system indexing?
Hey folks, Just had a quick call with Kasten to help me find the issue with my snapshotting. The issue was not a Kasten problem. Kasten’s great tool Kubestr that I posted about here earlier told me that I had a problem which I immediately saw when trying to run a backup with Kasten. In a quick call Kasten support very efficiently found the issue with my snapshot controller.. or lack of it for some strange reason, and we downloaded the manifests again, problem solved.. Just thought that I had to mention this since great support makes our lives so much easier!!
In this post I’m going to show you how to do SAP DB2 databases backup on Linux with Veeam. I came across a SAP DB2 installation during one of my last projects and wanted to share with you how to backup these databases. Introduction on pre-freeze and post-thaw scriptsSince there is no native integration of SAP DB2 in Veeam, we need to use pre-freeze and post-thaw scripts within the guest processing options.Pre-freeze and post-thaw scripts are being used, when an application does not support VSS for example. The pre-freeze script is used to quiesce the VM file system or the application prior Veeam triggers a VMware snapshot. After the VMware snapshot is created, the post-thaw script triggers and brings the VM and the corresponding application back to the initial state. How do the scripts work ?Pre-freeze and post-thaw scripts are used on backup jobs, replication jobs and VM copy jobs.Furthermore, you need to create the scripts beforehand. When the specific job starts, Veeam uploads the s
Dear All, we have following data protection requirement, so looking forward for your guidance for creating a Backup & retention policy. File Server - at present we have 5TB files & folders currently backing up using Veeam. The requirement is that we need a 36 months of retention period of data and the backup job should run every 1 hour. The objective is to restore any file or folder with in the period of 3 years. VM Backup with at least 2 restore points with daily incremental and weekly full. Thank you in advance
I started my first backup on the 9th. I have retention set to 12 days and Synthetic on Saturdays (default) . No files have yet been removed from my NAS. I have attached details 9kinow there are extra backups on some days) but its over 12 days now. When will deletion start ? Tony
Beeing a Veeam Architect as well as DataCore DCIE at the same time I was always pushing for this plugin.After it finally happened, I took the time to write a deep dive blogpost covering all aspects:Technical background, prerequisites BfSS jobs, howto and caveats Snapshot only jobs “Instant-Sandboxing” from storage snapshots Off-label-usage with unique functionality of DataCore: Using DataCore CDP rollbacks together with the plugin to recover without having had a snapshot in the first place… (cool stuff!)Find the article in English here:https://www.elasticsky.de/en/2020/06/veeam-storage-plugin-for-datacore-deepdive/Might come in handy if you want to combine those great products. Comments or complements welcome! Regards,Michael
More en more companies are being a victim of malware, ransomware or even hackers.It is always important to implement the golden 3-2-1-1-0 rule (in detail explained in a former post of me - 3-2-1-1-0 Golden Backup Rule | Veeam Community Resource Hub).Next to this rule, one of the first things to keep in mind is to protect as much as possible your backups because those can save you when you are being attachked and you need them.The first thing that comes in mind, is to harden your Veeam Backup & Replication server as much as possible.I will give you here 10 tips you can implement. There are of course more things possible, but it's a start.1 - Do not domain-join the backup server in the production domainA best-practice is to put the VBR server in a workgroup and not AD domain-joined for smaller environments.Why? If ransomware is nested in a roaming profile of a domain-user connecting to the domain-joined VBR server, this malware can be activated on the VBR server and impact the backup
Login to the community
Log in with your Veeam account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.