Veeam Backup & Replication has long been a favorite of Kraft Kennedy consultants due in large part to ease of installation and the straightforward process of configuring backup jobs, replication jobs, and file, folder, application item, and virtual machine restores. That said, while backup and copy jobs to local repositories work well and native tape support was added in version 7, until recently it has been challenging to get local backup data offsite in a secure, reliable, automated way. This is true for multiple reasons, including the following:
- Veeam Cloud Edition provides an add-on that facilitates automated copy of backup data to commodity cloud storage providers like Amazon and Azure, but does not provide the ability to process incremental backups over time. Veeam recommends a backup chain consisting of no more than 30 restore points, so a full backup must be created and seeded to the cloud at least once per month. Given the amount of backup data most firms have, and practical bandwidth limitations, this approach simply is not viable in most cases. In addition, Cloud Edition is being phased out. It is no longer available for purchase and will only be supported through 2015.
- To work around Cloud Edition limitations, it is possible to deploy a Windows instance at a provider like Amazon or Azure and use it to deploy a Veeam repository capable of processing incremental backups over time. However, prior to version 8 this approach required a VPN connection between the local and cloud networks, and this connection was very sensitive to interruption. More specifically, speaking from more first-hand experience than I would like to admit, I have found that VPN connections from local Cisco and SonicWALL equipment to remote Amazon or Azure gateways can be tricky to establish and are prone to momentary disconnection during renegotiation. In addition, prior to version 8, Veeam jobs running through VPN tunnels were very sensitive, and in the event that a brief disconnect occurred they would immediately fail. Failed jobs must be restarted from scratch.
- Finally, assuming it is possible to establish a reliable VPN connection and to complete pre-version 8 copy jobs successfully over time (a stretch, in my experience), there is still concern with regard to encryption. More specifically, since Veeam did not offer native encryption prior to version 8, data transferred to an offsite repository would be encrypted in flight via the VPN but would not be encrypted at rest unless an encryption solution was implemented on the remote repository.
Fortunately Veeam Cloud Connect, new in version 8, effectively addresses all of these concerns. Cloud Connect allows service providers like Kraft Kennedy to deploy a cloud repository that firms can connect to in about five minutes using only a user name and password. Connections between the local server and cloud repository are secured via SSL, and data is natively 256-bit encrypted in flight and at rest. Once a connection to the cloud repository is established, firms can use it to target backup and/or copy jobs. In the event that a connection is interrupted, “true resume” capability allows it to pick up where it left off. Jobs follow a “forward incremental forever” methodology with support for periodic archives (weekly, monthly, quarterly, annually).
The “3-2-1” rule states that three copies of data should be kept, on two types of storage, with one copy offsite. For many firms that means one active copy, one backup to disk, and one copy to tape. Unfortunately tape requires manual intervention in terms of loading/unloading, offsite rotation, and periodic cleaning. It also presents reliability concerns due to the nature of the magnetic media and is significantly slower than local disk or network-based storage. For firms that are running Veeam locally, Cloud Connect presents an ideal opportunity to quickly and cost-effectively replace tape with an automated offsite backup solution.
For more information on Kraft Kennedy’s Veeam Cloud Connect service please contact firstname.lastname@example.org.