Strengthening Your Security Posture
First, let’s start with the Veeam-secure approach. This year alone, Veeam added hundreds of security features into Veeam Data Platform, consisting of Veeam Backup & Replication, Veeam ONE, and Veeam Recovery Orchestrator. These features work in conjunction with each other to detect and identify cyberthreats, respond to them, and recover faster from ransomware while ensuring your business stays secure and compliant. One of my personal favorite updates is the addition of Veeam Threat Center.
Veeam Threat Center (VTC) is a fully integrated dashboard for Orchestrator from Veeam ONE that helps businesses identify their current Veeam security state and assess their overall security and infrastructure object compliance. This dashboard also shows businesses their Data Platform Scorecard, which includes overall platform security compliance, data recovery health, data protection status, and backup immutability status. Each one of these components are crucial when it comes to successfully recovering after a data loss event. The dashboard also shows malware detections, which highlights what restore points or infrastructure objects have been infected or possibly infected by geographic location. This can come in handy when you’re executing recovery plans in Veeam Recovery Orchestrator, since you can quickly identify good data vs. the possibly infected restore points. The widget on the bottom left corner shows all objects that have missed their defined Recovery Point Objective (RPO) in your infrastructure, which is another way to quickly identify if you have missing data that you can’t recover from. Finally, the service level agreement (SLA) compliance overview shows a heatmap for your SLA compliance success, which lets you deep dive into success percentages over a certain period. Kirsten Stoner will have a post going over this in detail so stay tune!
Clean Recovery
When it comes to recovery, nothing is more important than ensuring that the data you are recovering is valid and free from infection. Earlier this year, Orchestrator introduced a malware scan as part of the recovery process, where users can scan backups during recovery with updated anti-virus definitions to ensure no malicious content is detected. To build upon this functionality, you now have the option to scan backups with the YARA rules of your choosing.
A YARA rule is an open-source multi-platform tool that can be used to identify code similarities within malware samples that indicate its presence in the machine. This can be from files, scripts, patterns, or signatures. To learn more about YARA rules and how to use them, check out this blog post by Jackie Ostile.
Another small change in wording (but big differentiator) in the malware scan from v6 to v7 is the ability to “check malware flags” vs. scanning restore points. Essentially, Orchestrator can now search through backups and identify if a restore point has already been marked as suspicious or infected by Veeam Backup & Replication or another Party tool via the incident API. It will then skip these backups when scanning since it already knows it possibly contains some type of malicious threat. Finally, if Orchestrator finds a restore point to be suspicious or infected that wasn’t previously marked, it will mark it in the Veeam Backup & Replication console and provide some bi-directional communication in Veeam Data Platform as well.
Enhanced Functionality for CDP and Azure
First, let’s cover the enhancements made to Continuous Data Protection (CDP). For those new to CDP, this is a technology that helps you protect mission-critical VMware virtual machines (VMs) when data loss for minutes or seconds is unacceptable. With the 12.1 release, you can now leverage granular recovery from these CDP replicas like Guest OS files, or application-level objects like individual MS SQL tables or schemas.
There is also a new I/O Anomaly Visualizer where you can see a visual representation of the VM’s I/O throughput and rollback during a recovery up to just before a detrimental change took place. CDP functionality has been supported for a few years now; with Orchestrator we are enhancing this ability with the opportunity to test CDP replicas without stopping your policies from running. The testing itself is fully featured and can include processes like heartbeat checks, network tests, and even custom scripts. This provides additional assurance that if you ever need to failover to a CDP replica, your policies will work in any scenario. Additionally, all reporting features are also included in CDP so you can be sure that your disaster recovery (DR) documentation is never outdated.
Next, let’s cover the new enhancements for recovery to Microsoft Azure. Veeam Recovery Orchestrator lets you take backups from vSphere VMs or Veeam Agents and restore them as Azure VMs as part of your recovery plan. As part of the recovery process, you can also include custom scripts via PowerShell and inject them into your Azure VM that was recovered from a vSphere or agent backup.
What do you all think about the new updates in VRO v7? What’s your favorite new feature - comment below!
