Skip to main content
Answer

Air Gapped copy of configuration backup

  • September 23, 2024
  • 5 comments
  • 77 views
N
Forum|alt.badge.img

We have multiple backup servers and run a configuration backup on them daily.

 

I’m looking for suggestions on how to keep these config backups safe ?

I originally had a script that emailed these to a mailbox to keep “air-gapped”, but the size of the file became too large.  Perhaps there’s a way of reducing these, but I suspect the size will creep up again making them too big.

 

Currently the config backup for Site A goes to Site B and visa versa, but i want something better. Yes, I  could have a scheduled task to copy them elsewhere.

 

Any other thoughts / suggestions.

 

TIA

 

Best answer by Dynamic

Hi @nozzermac,

what about a small amount of object storage for this? Wasabi for example is very cheap with ~7€/TB. 
Don‘t know how many sites in total you have, but i think this would be easier then make an additional file copy job to another site.

 

Jean.peres.bkp
Dynamic
leduardoserrano

5 comments

Dynamic
Forum|alt.badge.img+12
  • Dynamic
  • Veeam Vanguard
  • Answer
  • September 23, 2024

Hi @nozzermac,

what about a small amount of object storage for this? Wasabi for example is very cheap with ~7€/TB. 
Don‘t know how many sites in total you have, but i think this would be easier then make an additional file copy job to another site.

 

Markus Hartmann | Veeam Vanguard | Veeam Legend 2024 | VMCA 2024 & VMCE 2024 | VMware Certified Implementation Expert - DCV | https://markushartmann.blog/
gregersen
Scott
Forum|alt.badge.img+9
  • Scott
  • Veeam Legend
  • September 23, 2024

 

I agree having it go to Wasabi set immutable is one of the best inexpensive options works great.

Scheduled task is also a good option, along with having it go to a second site.

To take it a step further, having your Veeam server at the DR site, or one that is ready to go, and a copy of your config backup that is totally airgapped can save critical time when you need it. 

Dynamic
Mohamed Ali
E
Forum|alt.badge.img
  • eblack
  • Experienced User
  • September 23, 2024

We write them to off host immutable. Could be LHR or S3 depending on setup. 

Mohamed Ali
Forum|alt.badge.img+2
  • Mohamed Ali
  • VUG Leader
  • September 24, 2024

I agree with keeping the config backups in an S3 immutable repository and away from the VBR server.

To add an additional layer of protection, you could also replicate the S3 bucket to other regions for redundancy.

Mohamed Ali | VUG leader | VMCE 2024, VCP-DCV, CCP-V
Scott
k00laidIT
Forum|alt.badge.img+7
  • k00laidIT
  • Veeam Vanguard
  • September 25, 2024

I very much so advocate for writing it out to immutable Object Storage. I’ll add to the other comments here to make sure you encrypt your configuration as well before writing it anywhere.

My company is a big AWS S3 partner so I’ve been talking about this quite a bit. Here is an example restore scenario:

 

Jim Jones, @k00laidIT, AWS Community Builder, Cisco Champion, vExpert, Veeam Vanguard
Dynamic
Terms & ConditionsAccessibility statement