Question

Veeam-data domain


Userlevel 6
Badge +1

Hey guys,

If I am using data domain as a storage repository for veeam backups, does the retention lock feature in data domain good enough to provide immutability?


12 comments

Userlevel 7
Badge +5

Hi @Anandu, Immutabily is provided by “-i” attribute that is native only in Linux enviroiment (and AWS with buckets) and VBR know what’s locket and what is not. With DD in theory Veeam doesn’t know nothing, like John Snow.
And integration with veeam should not be directly supported, if I’m not wrong.

Userlevel 7
Badge +6

Hi,
this seems not to be supported natively by Veeam. But there are some possible ways to utilize this feature.

Please see this thread in the forums:

https://forums.veeam.com/veeam-backup-replication-f2/veeam-and-emc-data-domain-retention-lock-t32890.html

I cannot say if it is advisable to use as I didn't use it by myself up to now….

Userlevel 7
Badge +5

Found this thread in R&D:
https://forums.veeam.com/veeam-backup-replication-f2/veeam-and-emc-data-domain-retention-lock-t32890-60.html
:)

Userlevel 6
Badge +1

Hi @marcofabbri, thanks for the information. I know veeam doesn't provide Immutability feature for DD, but if I set retention lock feature in DD, then can backups be deleted? This feature is provided from DD side

Userlevel 7
Badge +6

As long as the attacker can't format the DD the files cannot be deleted protected by retention lock feature.

But it is no Veeam natively supported solution.

Userlevel 7
Badge +5

Hi @marcofabbri, thanks for the information. I know veeam doesn't provide Immutability feature for DD, but if I set retention lock feature in DD, then can backups be deleted? This feature is provided from DD side

I think you should config delete with script or manual , but I never recommend unsupported solutions.

If DD data is locked, how Veeam can modify .vbm?

Try look at this: https://educationstg.dellemc.com/content/dam/dell-emc/documents/en-us/2020KS_Steen_Immutable_Data_Protection_for_Any_Application.pdf this pdf was linked in thread posted by @JMeixner and mine (it’s the same thread 🙂 )

Userlevel 7
Badge +6

As @marcofabbri and @JMeixner hage said (but just to reiterate the point) you must not leverage any lock systems that Veeam isn’t aware of.

 

All that awaits you there is data corruption & loss.

 

I’d suggest requesting support for this feature via the Veeam R&D forums.

 

As a side note, to use retention lock you need an additional license, there’s no point buying the license for a feature that you can’t leverage in a supported way.

Userlevel 7
Badge +5

Well said everyone! The retention lock functionality of the data domain is absolutely a superb feature used to prevent modification or deletion of certain sets of files for a predetermined periodYou may want to read this guide: https://helpcenter.veeam.com/docs/backup/vsphere/emc_dd.html?ver=110

Userlevel 6
Badge +1

It sounds like the DD could lock the files and prevent deletion but that would be outisde the scope of Veeam’s native capabilities.  That said, I’d certainly run a test…...run a backup, get some files on there, and then try and delete them.  Personally, I like to test and see for myself…..seeing is believing.

Userlevel 7
Badge +6

Everyone has commented on the retention lock but I would suggest not using DD as primary storage and rather secondary storage for longer retention. The only reason is restore from DD is very slow and if this is your only means of backup you need to set expectations for SLAs and RTO cause it will take longer being a deduplication appliance.  Never myself used the retention lock feature but we do have a DD we use for LTR for clients with Cloud Tier also.

Userlevel 5
Badge

Everyone has commented on the retention lock but I would suggest not using DD as primary storage and rather secondary storage for longer retention. The only reason is restore from DD is very slow and if this is your only means of backup you need to set expectations for SLAs and RTO cause it will take longer being a deduplication appliance.  Never myself used the retention lock feature but we do have a DD we use for LTR for clients with Cloud Tier also.

Chris is absolutely correct about this. One of the thing that we always get on Veeam Support it’s customers upset about the slow restore from DD.

Unfortanely, on majority of these cases we can’t do anything to help. Try to not use DD as primary storage for backup.

Userlevel 3
Badge

Everyone has commented on the retention lock but I would suggest not using DD as primary storage and rather secondary storage for longer retention. The only reason is restore from DD is very slow and if this is your only means of backup you need to set expectations for SLAs and RTO cause it will take longer being a deduplication appliance.  Never myself used the retention lock feature but we do have a DD we use for LTR for clients with Cloud Tier also.

 

100% agree; as a secondary target for backupcopy jobs with or without GFS or as VTL/replacement for physical tape library datadomain/storeonce/other dedup appliances are working well; they are build for backup but can´t hold the todays requirements for restore or anything like “instant recovery”.

we are using hpe storeonce as a secondary target and even the at the time biggest appliance 5650 with a lot of disks and 2 dedicated physical 48 core proxys will not delivering a “great” performance.
we also do all the dedup stuff on the proxy side and yes veeam and the vendors working hard to make such applances better and faster but it will not even come close to an standard server with disks.

best regards
daniel

Comment