Skip to main content
Solved

Could anyone here using the new Inline Entropy Analisis feature in 12.1 share their experiences so far?

L

Hi All,

I am new the the community and fairly new to Veeam and was wondering if anyone would mind sharing their own opinions and/or pitfalls  experienced using the Inline Entropy Analisis feature?

My organization uses Veeam for Vsphere backup and DR and I have been asked to gather information prior to using in production.   I sounds great but from what I’ve read so far it has its limitations. Has anyone experienced any performance issues with backups or any other gotchas?   Have you found the feature useful?  Any feedback would be greatly appreciated.

Thank you!

Best answer by coolsport00

If and/or when you do implement this security feature in your environment, be aware each of your Jobs upon first run after implementing will NOT use CBT, so backups will take as long as they did upon initial run. This is so Veeam can read each VM disk and create a RIDX file on the Proxy for future job run comparison purposes. You can read more about this in the Guide:

https://helpcenter.veeam.com/docs/backup/vsphere/malware_detection_inline_scan_hiw.html?ver=120

View original
    Did this topic help you find an answer to your question?

    9 comments

    coolsport00
    Forum|alt.badge.img+20
    • coolsport00
    • Veeam Legend
    • 4187 comments
    • May 24, 2024

    Hi @lenhartj -

    Absolutely don’t mind sharing. You are indeed correct. Inline Entropy engine does have limitations. I wrote about the Inline Entropy engine in a post here on the Hub a few months back. For my experience and most of the limitations with it, I recommend reading through it:

    But, don’t fret! It is going to be getting a face lift soon! Veeam Product Managers will be updating it to help with malware event forensics and analysis. When this will be released is tbd. But, for detailed info directly from the Veeam team, follow the below thread in the Forum:

    https://forums.veeam.com/veeam-backup-replication-f2/veeam-12-1-suspicious-files-t91348-120.html#p519783

     

    Hope this helps. Let me know if you have further questions.

    Shane Williford - Veeam VMCA/VMCE | Veeam Legend | VUG Leader | VCP-DCV | Twitter: @coolsport00
    dloseke
    leduardoserrano
    L
    3 people like this
    • dloseke
      dloseke
    • leduardoserrano
      leduardoserrano
    • L
      lenhartj
    Chris.Childerhose
    Forum|alt.badge.img+21
    • Chris.Childerhose
    • Veeam Legend, Veeam Vanguard
    • 8595 comments
    • May 24, 2024

    We are just beginning to implement it with many other changes.  I have used it in my homelab without issue to performance at all leaving it on the Normal settings.

    In production our servers are more powerful so I cannot see it affecting performance.  I also want to use the Splunk App too for some of this stuff.

    Chris Childerhose - VMCA2024 | VMCE2023 | VMCE-SP2024 | Veeam Vanguard 8* | Veeam Legend 5* | vExpert 6* | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
    dloseke
    leduardoserrano
    2 people like this
    • dloseke
      dloseke
    • leduardoserrano
      leduardoserrano
    coolsport00
    Forum|alt.badge.img+20
    • coolsport00
    • Veeam Legend
    • 4187 comments
    • Answer
    • May 24, 2024

    If and/or when you do implement this security feature in your environment, be aware each of your Jobs upon first run after implementing will NOT use CBT, so backups will take as long as they did upon initial run. This is so Veeam can read each VM disk and create a RIDX file on the Proxy for future job run comparison purposes. You can read more about this in the Guide:

    https://helpcenter.veeam.com/docs/backup/vsphere/malware_detection_inline_scan_hiw.html?ver=120

    Shane Williford - Veeam VMCA/VMCE | Veeam Legend | VUG Leader | VCP-DCV | Twitter: @coolsport00
    dloseke
    leduardoserrano
    2 people like this
    • dloseke
      dloseke
    • leduardoserrano
      leduardoserrano
    L
    • lenhartj
    • Author
    • Not a newbie anymore
    • 2 comments
    • May 24, 2024
    coolsport00 wrote:

    Hi @lenhartj -

    Absolutely don’t mind sharing. You are indeed correct. Inline Entropy engine does have limitations. I wrote about the Inline Entropy engine in a post here on the Hub a few months back. For my experience and most of the limitations with it, I recommend reading through it:

    But, don’t fret! It is going to be getting a face lift soon! Veeam Product Managers will be updating it to help with malware event forensics and analysis. When this will be released is tbd. But, for detailed info directly from the Veeam team, follow the below thread in the Forum:

    https://forums.veeam.com/veeam-backup-replication-f2/veeam-12-1-suspicious-files-t91348-120.html#p519783

     

    Hope this helps. Let me know if you have further questions.

    Yours was one of the articles I read during my research and it was very informative.  Thank you for writing it!

    Chris.Childerhose
    coolsport00
    dloseke
    4 people like this
    • Chris.Childerhose
      Chris.Childerhose
    • coolsport00
      coolsport00
    • dloseke
      dloseke
    • leduardoserrano
      leduardoserrano
    L
    • lenhartj
    • Author
    • Not a newbie anymore
    • 2 comments
    • May 24, 2024
    coolsport00 wrote:

    If and/or when you do implement this security feature in your environment, be aware each of your Jobs upon first run after implementing will NOT use CBT, so backups will take as long as they did upon initial run. This is so Veeam can read each VM disk and create a RIDX file on the Proxy for future job run comparison purposes. You can read more about this in the Guide:

    https://helpcenter.veeam.com/docs/backup/vsphere/malware_detection_inline_scan_hiw.html?ver=120

    Very nice summary of how it work, thank you again!

    Chris.Childerhose
    coolsport00
    dloseke
    4 people like this
    • Chris.Childerhose
      Chris.Childerhose
    • coolsport00
      coolsport00
    • dloseke
      dloseke
    • leduardoserrano
      leduardoserrano
    coolsport00
    Forum|alt.badge.img+20
    • coolsport00
    • Veeam Legend
    • 4187 comments
    • May 24, 2024

    No problem. Let me know if you have further questions.

    Shane Williford - Veeam VMCA/VMCE | Veeam Legend | VUG Leader | VCP-DCV | Twitter: @coolsport00
    dloseke
    leduardoserrano
    2 people like this
    • dloseke
      dloseke
    • leduardoserrano
      leduardoserrano
    singbhagath
    • singbhagath
    • New Here
    • 1 comment
    • May 26, 2024

    click me

    dloseke
    Forum|alt.badge.img+8
    • dloseke
    • Veeam Vanguard
    • 1447 comments
    • May 26, 2024

    I haven’t experienced any performance issues with it.  That said, every alerts I’ve gotten appears to be some form of false positive, usually due to some form of (legitimate) encrypted data on the VM.  That said, I’d a good to have feature, but I hope there’s some better reporting/log analysis developed around it with time.

    Derek M. Loseke, Senior Systems Engineer | Veeam Legend 2022-2024 | VMSP/VMTSP | VCP6-DCV | VSP/VTSP | CCNA | https://technotesanddadjokes.com | @dloseke
    Chris.Childerhose
    1 person likes this
    • Chris.Childerhose
      Chris.Childerhose
    Scott
    Forum|alt.badge.img+9
    • Scott
    • Veeam Legend
    • 1012 comments
    • May 27, 2024

    I don’t want to enable it quite yet as I fear CBT being reset would make my backup window take WEEKS.

    Perhaps if I could enable 1 job at a time, and slowly work my way down the list as many of these large file servers have been separated from each other. 

     

    Chris.Childerhose
    dloseke
    2 people like this
    • Chris.Childerhose
      Chris.Childerhose
    • dloseke
      dloseke

    Comment


    Terms & Conditions