Last month I got a POC request from my customer, they are looking for a new data protection solution to replace their current backup solution. The requirements are below.

1. Backup storage should come with encryption and immutable features.
2. The backup data retention is 31 days in on-perm. We target to have 7 days or more in object storage which will be managed by Cloud Service Provider.
3. SQL transaction log backup will be happening for every 15 mins.
4. For SQL backup, only backup the SQL instance and copy it into the object storage.
5. The Cloud Service Provider cannot access the backup data directly from object storage
6. Keep one data copy in two separate object storages.
7. If both Veeam Backup Server and Veeam Respository are attached by ransomware, we can restore data from the object storage to the production server in HQ.
8. The backup solution is fully supported with VMware vSphere 7.0 and 8.0.

I prepared the following environment for this POC.

HQ Site
1 x Veeam Backup and Replication Server v12
1 x VMware vCenter Server 8
1 x VMware vSphere 8
1 x Veeam Repository
1 x Microsoft Windows 2019 Server (file service) – Guest OS
1 x Microsoft SQL 2019 Server – Guest OS

Cloud Services Provider
1 x Veeam Backup and Replication Server v12
1 x Veeam Repository
1 x Object Storage 1 (OBS1)
1 x Object Storage 2 (OBS2)

Backup Policies in Veeam VBR at HQ Site
1 x Microsoft Windows 2019 (Agentless backup and encryption enabled)
copy 1 > Veeam Repository
copy 2 > Object Stoage 1

1 x Microsoft SQl Server (Agent backup and encryption enabled)
copy 1 > Veeam Repository
copy 2 > Object Stoage 1

Backup Policies in Veeam VBR at Cloud Services Provider
Copy the data from Object Storage 1 into Object Storage 2

Select S3 Compatible.

Scenario 1

If both Veeam Repository (HQ) and Object Storage 1 (OBS1) are attached by ransomware, the Cloud Services Provider can restore the backup data (copy 3) into OBS1 from Object Storage 2 (OBS2), then the customer can restore the data into the Prodution Servers from OBS1.

Remark: The restore operation can be successfully completed with encryption key (provided by customer) into Object Storage 1. The restore operation is failed if without this encryption key.

Scenario 2

If both Veeam Repository (HQ) and Veeam Backup Server are attached by ransomware, the customer can new deploy a new Veeam Backup Server and connect to OBS1, then the customer can restore the data into the Prodution Servers from OBS1.

Summary

• Requirement 1: Veeam backup platform supported backup encryption and immutable features.
• Requirement 4: Using Veeam Agent backup and enabled application-aware processing.
• Requirement 5: Veeam backup platform supported the object storage as the target backup repository, and backup encryption supported this access management.
• Requirement 6: 3-2-1-1-0 Golden Backup Rule is the Veeam recommended configuration.
• Requirement 8: Veeam backup platform is fully supported with VMware vSphere 7.0 and 8.0.

I’m great to work with Veeam HK team and my team for this amazing POC.