• EN
Solved

Air Gap with ejectable tape.

T
Userlevel 2

We been instructed to change our environment from a tape library system to a ejectable tape.  We can fit a set of our most critical data on a single LTO-8 tape, and have it changed daily by our Colo. The tape library will be maintained for the “nice to have” data.

The basic goal is to be able to restore critical data with nothing remaining of the VEEAM install but a tape and a printed copy of the encryption password. 

To table top this:  We would like to have a single daily tape that has all of our incremental and synthetic fulls written to it.  There is plenty of room for this as the existing repo has only 6.4TB used in it.  The whole repo directory simple needs moved to tape daily when the job is complete. 

 

Q1:  Is the basic goal here achievable?

Q2: What type of tape job can ensure that both the increments and the synthetic fulls make it onto every days tapes?

 

TIA

icon

Best answer by Chris.Childerhose 5 January 2024, 21:16

View original

5 comments

Chris.Childerhose
Userlevel 7
Badge +20

Yes, the goal is definitely achievable.

I would test 2 types of jobs - Backup Job to Tape and then File Copy to Tape.  I believe that the first one which is the preference I would use should work to send all files to tape - you need to set up the tape media pool and job to process the Incremental files.

Also using the Backup to Tape ensures Veeam copies all the required files to tape for restore as well.

Chris Childerhose - VMCA2022 | VMCE2023 | Veeam Vanguard 7* | Veeam Legend 3* | vExpert 5* | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
T
Userlevel 2

Thank you, Chris.

I will plan a functional test next week.  Before we do this work, if the tape contains a full backup chain - the only thing we need to restore this data in a foreign VEEAM install is the physical tape and the encryption password? I will need to temporarily destroy a tape proxy to test a restore for this, and I don't want to waste a day of work.  

Chris.Childerhose
Userlevel 7
Badge +20

Thank you, Chris.

I will plan a functional test next week.  Before we do this work, if the tape contains a full backup chain - the only thing we need to restore this data in a foreign VEEAM install is the physical tape and the encryption password? I will need to temporarily destroy a tape proxy to test a restore for this, and I don't want to waste a day of work.  

Yes, you need the tape and encryption key.  You will import the tape on the new Veeam server to catalog it and then be able to restore.

Chris Childerhose - VMCA2022 | VMCE2023 | Veeam Vanguard 7* | Veeam Legend 3* | vExpert 5* | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
coolsport00
Userlevel 7
Badge +17

Hi @tvurt -

Were any of the comments Chris provided able to help with your tape backup/restore question? If so, could you mark the comment which best helped you as ‘Best Answer’ so others with a similar question may benefit?

Thank you.

Shane Williford - Veeam VMCA/VMCE | Veeam Legend | VUG Leader | VCP-DCV | Twitter: @coolsport00
Geoff Burke
Userlevel 7
Badge +22

Also keep in mind this solution is not officially according to NIST Air Gapped per se. The main problem is that according to the official definition there can be no automatic transfer of data only manual human transfer, see below. It is important to understand this as compliance people could bring this up. Not saying it is not a great solution just have to watch the wording:

 

https://csrc.nist.gov/glossary/term/air_gap

VMCA2022, VMCE2023, CKA, CKAD, KCNA, LFCS, PCA,TARS

Comment


Terms & Conditions