Download Veeam.VMCA2022.VCEplus.2024-12-15.39q.tqb

To make backup files immutable in a Scale-out Backup Repository, you need to use XFS extents with the reflink attribute enabled. This attribute allows Veeam Backup & Replication to create immutable backup files using the fast clone technology. If some of the XFS extents do not have this attribute enabled, they will not support immutability and the backup files stored on them will not be protected from deletion or modification1

To access encrypted datastores in VMware, you need to use a transport mode that supports encryption. The following transport modes support encryption:* Network mode with Encryption (NBDSSL): This mode uses an encrypted network connection between the backup proxy and the ESXi host to read and write data from the encrypted datastore. This mode does not require direct access to the datastore, but it can be slower than other modes due to network traffic and encryption overhead2* Virtual Appliance (HotAdd) mode: This mode uses a virtual backup proxy that runs on an ESXi host and attaches virtual disks of the encrypted VMs to itself using the VMware vSphere API. This mode requires that the backup proxy and the source VMs reside on the same datastore or on datastores that are accessible by the same ESXi host. This mode can offer better performance than network mode, but it can also cause SCSI reservation conflicts if multiple backup proxies access the same datastore simultaneously3* Direct SMB: This mode uses a physical backup proxy that accesses the encrypted datastore over the SMB protocol. This mode requires that the datastore is configured as an SMB share and that the backup proxy has read and write permissions on it. This mode can offer high performance and scalability, but it also requires additional configuration steps and security considerations4The following transport modes do not support encryption:* Network (NBD) mode: This mode uses an unencrypted network connection between the backup proxy and the ESXi host, which cannot access encrypted datastores2* Direct SAN: This mode uses a physical backup proxy that accesses the encrypted datastore over the SAN fabric, which cannot decrypt encrypted data5* Direct NFS: This mode uses a physical backup proxy that accesses the encrypted datastore over the NFS protocol, which does not support encryption61: Hardened Repository - User Guide for VMware vSphere 2: Network Mode - User Guide for VMware vSphere 3: Virtual Appliance Mode - User Guide for VMware vSphere 4: Direct SMB Access Mode - User Guide for VMware vSphere 5: Direct SAN Access Mode - User Guide for VMware vSphere 6: Direct NFS Access Mode - User Guide for VMware vSphere

* The RMAN plugin is a component that integrates Veeam Backup & Replication with Oracle RMAN, which is a native tool for Oracle backup and recovery12.* The RMAN plugin allows you to use Oracle RMAN commands to back up and restore Oracle databases to Veeam backup repositories, as well as perform log shipping and point-in-time recovery12.* The RMAN plugin supports Oracle databases running on any supported operating system or hypervisor, as well as physical servers or cloud environments12.* The RMAN plugin leverages the features and benefits of Veeam Backup & Replication, such as compression, deduplication, encryption, scalability, and reliability12.

The Gateway Server is a component that acts as a data mover between the backup proxy and the NFS storage. By placing the backup proxy and the Gateway Server together at the source site, you can reduce the network traffic and latency between them, and improve the data transfer speed. The Gateway Server will read data from the NFS storage and send it to the backup proxy over a local connection, and the backup proxy will process and compress the data before sending it to the target site1

Immutable repositories are backup storage locations that prevent unauthorized modifications or deletions of backup data, ensuring its integrity and recoverability.Immutable repositories are essential for protecting backups against ransomware attacks, accidental deletions, or malicious insiders1.Veeam Backup & Replication supports several types of immutable repositories, such as hardened repositories, immutable object storage repositories, and immutable deduplicating storage appliances2. Among these options, the best configuration for ensuring SLA compliance and providing protection against ransomware is to leverage hardened repositories at both primary and secondary sites, and offload to object storage in a public cloud with immutability enabled.Hardened repositories are Linux-based repositories that use XFS file system with immutability flag to protect backup files from changes or removals.Hardened repositories can be used as primary or secondary backup targets, and can be combined with Veeam Scale-out Backup Repository to simplify backup management and optimize storage utilization3.Object storage repositories are cloud-based repositories that use object storage services, such as Amazon S3, Microsoft Azure Blob Storage, or Google Cloud Storage, to store backup data. Object storage repositories can be used as secondary backup targets, and can leverage the immutability feature of the cloud provider to prevent backup data from being overwritten or deleted.By using hardened repositories at both primary and secondary sites, you can achieve high availability and redundancy for your backup data, as well as fast and reliable restores. By offloading to object storage in a public cloud with immutability enabled, you can achieve long-term retention and compliance, as well as cost savings and scalability. This configuration also follows the 3-2-1-1 backup rule, which recommends having three copies of data, on two different types of media, with one copy off-site and one copy immutable.You can find more information about immutable repositories and how to configure them in the following resources:Immutable Backup Solutions: Linux Hardened RepositoryUnstructured Data Backups in Immutable RepositoriesHardened Repository[Immutability for Object Storage Repositories][3-2-1-1 Backup Rule]

The repository type that will be most impacted by using Veeam's native encryption is dedupe repositories. Dedupe repositories are backup repositories that use deduplication appliances or software to reduce backup size and optimize storage utilization. However, if you use Veeam's native encryption for backup jobs that target dedupe repositories, you will lose most of the deduplication benefits, as encrypted data blocks cannot be deduplicated effectively. Therefore, it is recommended to use either the encryption feature of the deduplication device or software, or avoid encryption altogether for dedupe repositories.

The gold tier backup jobs have the most stringent recovery point objective (RPO) of one hour for image backup and 15 minutes for transaction log backup. This means that they need to run more frequently than the other backup jobs and create more restore points per day. Therefore, to properly plan the backup copy job settings, you will need more information on the gold tier backup jobs, such as the number of VMs, the size of backups, the change rate, the retention policy, and the bandwidth available for copying backups to the offsite location.

The number of vSphere clusters and the total of virtual machines are important information related to the virtual infrastructure that are missing and must be collected during the discovery phase. These information can help you estimate the backup performance, scalability, and resource requirements for the Veeam backup infrastructure. For example, you can use the number of vSphere clusters to determine how many Veeam backup servers and proxies you need to deploy and how to distribute the backup load among them. You can also use the total of virtual machines to calculate the total amount of data to be backed up, the storage space required, and the network bandwidth needed.