Adam Dagnall, Cloudian SE Director, Northern Europe
One of the nice things about my job is being able to look at new S3 products and services that integrate with HyperStore. I’ve spent the last couple of weeks looking at the Veeam S3 integration and what it’s capable of. Veeam has a number of new features that work with scale-out object storage platforms to provide increased customer benefits, including S3 Object-Lock, NAS backup, and Office365 Backup direct to S3 object storage solutions like Cloudian.
Before I get into some of the more advanced features, let’s first look at Veeam’s core offering, their Backup and Replication suite designed for virtual machines. Traditionally, Veeam would back up these instances to locally attached block or file devices. However, whilst these devices typically offer better performance than object, they are limited in scale. In addition, block and file storage devices have a limited lifecycle and need to be periodically refreshed. These refresh cycles can cause significant headaches for administrators who need to migrate data from old to new devices and, due to the amount of data involved, can typically be a lengthy process and also introduce some risk into the environment.
Very often new devices will be configured alongside the old, and the backup data is left to age off and expire before the devices are finally decommissioned. Object storage does not suffer from these limitations; as components within the cluster reach the end of their lifecycle, old nodes can be managed out and new nodes managed in. This process is done online without the need to migrate data or disrupt services. Additionally, object storage does not have the same limitations of scale as these block and file storage systems. With Cloudian HyperStore for example, the cluster can be expanded almost without limit simply by adding additional nodes to the cluster.
The Core Veeam Offering
Since the introduction of Veeam version 9.4, S3-compatible object storage platforms can be used to provide Scale-Out-Backup-Repositories (or SOBR’s). In this arrangement, the most recent backup data is held on local disk (as well as some metadata), and older data gets migrated over to object storage. This provides some clear benefits. Firstly the amount of data required on the local fast disk can be significantly reduced and potentially used elsewhere in the environment. Secondly, as the SOBR capacity tier is based on cost-optimised object storage, data can be retained for longer at a reduced cost, thereby allowing organisations more flexibility in the backup and recovery process. Finally, as the capacity tier is based on object storage, virtually limitless scale can be achieved without causing disruption to ongoing operations.
Many backup vendors now support S3 as a target, but the integration with Veeam does not stop there.
The second area I looked at was Veeam’s support for S3 Object Lock, which is part of Veeam Availability Suite v10 introduced earlier this year. This is one of the more advanced S3 API calls and allows for true data immutability in either governance or compliance mode.
What does this mean?
Well, effectively, Object Lock provides WORM storage (Write-Once-Read-Many), so once the data is written, it cannot be modified or deleted, even by an administrator. Cloudian HyperStore, as of version 7.2, offers native support of this specific API call and is a fully certified SEC 17a-4(f) solution. When Object Lock is enabled on a HyperStore cluster, the solution becomes hardened, and only a predetermined set of operations can be executed by the administrator. Root access to the server nodes is disabled and short of someone taking a sledgehammer or very large magnet into the data centre, your data is secured in the Object Lock-enabled bucket for as long as the retention policy is configured and controlled via Veeam.
Why does this matter?
This is really a safeguard against ransomware and other malicious threats. As more individuals are working from home due to the pandemic, ransomware attacks have increased significantly, around 97% in the last two years even without Covid-19! (a). It’s a worrying trend when you consider 75% of companies infected with ransomware are running up-to-date endpoint protection (b) and 58% of companies actually end up paying the ransom (c). This is now a very serious and real threat to organisations that, in many cases, simply would not recover if their data were lost and they could not afford to pay. It’s also a sad state of affairs as critical infrastructure and health care organisations are often targets when society needs them the most. In fact, according to the World Economic Forum, cyberattacks are one of the top 5 risks to the global economy today.
What can I do?
Backup does offer a solution here, but if your backup infrastructure is also compromised by the ransomware attack, then all of your backup data effectively becomes useless. If, however, your backup data is stored in an immutable format and cannot be changed, then even if your primary data store is corrupted, you will still have a clean set of recovery points from which you can restore. Cloudian is one of the very few on-premises vendors that support this advanced AWS S3 API call today.
Office 365 Backup
I next spent some time looking at Veeam’s support for Office 365 backup. This is clearly a differentiator: at the time of writing this blog, Veeam is the only backup vendor that supports backup of Office 365 from the cloud to an on-premise backup platform. This means data held in Exchange, Share-Point and OneDrive can be backed up and protected against accidental deletion or malicious attacks (again there is a clear theme here around ransomware protection). To complement this further, O365 backups can go direct to an object storage platform such as Hyperstore with only a small amount of metadata being held on local disk.
Complete Protection for Office 365 Data
During my discussions with my very helpful Veeam counterpart, something else came to light around this specific O365 integration with HyperStore and Veeam. When Veeam uses block or file storage as the target device for O365 backup, it uses a JetBlue database for each instance that is being protected. So, a JetBlue database is created for each users’ OneDrive, Mailbox, SharePoint, etc. instance, as well as another instance of the database based on the year, which could potentially result in a lot of JetBlue databases. Now, this is probably not an issue for most organisations, but MSPs and larger organisations could hit a threshold quite quickly which could prove to be a challenge. Object storage does not suffer this limitation. Due to the flat structure of object storage and the relationship between data and metadata, a virtually unlimited number of objects can be stored in HyperStore.
The final area I looked at was Veeam’s ability to back up SMB and NFS with its new NAS backup offering. While NAS backup itself is not new, Veeam uses a change file tracking technology similar to change block tracking, meaning that incremental backup jobs will only back up changed files in a very quick and efficient manner. There is also an integration with object storage: just like the O365 backup feature, there is an option just to store the metadata on local disk and push all file data to the Archive Repository, in this case, Cloudian HyperStore.
When you put all these pieces together, the whole becomes greater than the sum of its parts. With Veeam’s feature-rich backup suite and the flexibility and durability of Cloudian HyperStore, you end up with a very powerful platform for both end-user customers and service providers who wish to safeguard data. Data backup isn’t always the most interesting area in IT, and innovation in this space is limited. Backup is an insurance policy and it’s a given that you do it, but there are a number of new threats and challenges and backup needs to keep up. Veeam has really innovated here with some truly unique features that meet these challenges. When complemented by HyperStore, this extends Veeam’s capabilities and gives the customer a scale-out platform that can be used for a number of additional S3 use cases not limited to backup.
If you are interested in learning more about this, I’m running a BrightTalk webinar on the topic on July 2 – click here to register
- (source: Phishme)
- (source: Sophos)
- (source: securityboulevard.com) https://securityboulevard.com/2020/04/successful-ransomware-infections-surge-to-record-in-2020-as-victims-grow-more-willing-to-pay-research-shows/