Posts

Disaster Recovery Planning

Disaster Recovery Planning

It seems like it’s almost every day that the news reports another major company outage and as a result, the massive operational, financial and reputational consequences experienced, both short- and long-term. Widespread systemic outages first come to mind when considering disasters and threats to business and IT service continuity. But oftentimes, it’s the overlooked, “smaller” threats that regularly occur. Human error, equipment failure, power outages, malicious threats and data corruption can too bring an entire organization to a complete standstill.

It’s hard to imagine that these organizations suffering the effects of an outage don’t have a disaster recovery plan in place — they most certainly do. But, why do we hear of and experience failure so often?

Challenges with disaster recovery planning

Documenting

At the heart of any successful disaster recovery plan is comprehensive, up-to-date documentation. But with digital transformation placing more reliance on IT, environments are growing larger and more complex, with constant configuration changes. Manually capturing and documenting every facet of IT critical to business continuity is neither efficient or scalable, sending to us our first downfall.

Testing

Frequent, full-scale testing is also critical to the success of a thorough disaster recovery plan, again considering the aforementioned scale and complexity of modern environments — especially those that are multi-site. Paired with the resources required and potential end-user impact of regular testing, the disaster recovery plan’s viability is often untested.

Executing

The likelihood of a successful failover — planned or unplanned — is slim if the disaster recovery plan continues to be underinvested in, becoming out-of-date and untested quickly. Mismatched dependencies, uncaptured changes, improper processes, unverified services and applications and incorrect startup sequences are among the many difficulties when committing to a failover, whether it’s a single application or the entire data center.

Compliance

While it is the effects of an IT outage that first come to mind when considering disaster recovery, one aspect tends to be overlooked — compliance.

Disaster recovery has massive compliance implications — laws, regulations and standards set in place to ensure an organization’s responsibility to the reliability, integrity and Availability of its data. While what constitutes compliance varies from industry to industry, one thing holds true — non-compliance is not an option and brings with it significant financial and reputational risks.

 

veeam

Veeam Availability Suite 9.5 Update 3

Just before Christmas (2017) Veeam released Update 3 for Veeam Availability Suite 9.5 in addition to  updates for Veeam Agent for Windows and Veeam Agent for Linux. The links to the KB release notes are at the bottom of the post but below is a quick summary of some of the features announced.

Built-In Agent Management

The first big feature to mention with update 3 is the ability to manage and deploy Veeam Agents for both Windows and Linux directly through the Backup and Replication management console. Whilst previous versions of the agent have been able to protect the last few remaining physical servers that have not been virtualised it has always been a standalone process to manage these. Now with this integration everything can be managed from one console. Don’t forget the agent can also be used to protect cloud workloads as well.

It is also now possible to protect Microsoft Windows Server Failover Clusters with the latest release of the agent. This includes SQL Server failover clusters and SQL AlwaysOn Availability Groups.

Cloud Connect Insider Protection

This new functionality will allow backup data held by a service provider to be retained for a set number of days after it’s been deleted. Today there are many risks to our backup data from malicious activity such as ransomware to accidental deletion by employees. This new feature acts like a recycle bin so if all other backup data is lost then the Cloud Connect service provider can effectively save the data.

Data Location Logging

This will allow you tag locations of Veeam repositories and other associated objects to ensure that data sovereignty compliance requirements are met. If backups, restore or replication jobs are performed to the wrong location a warning can be issued with full auditing capability if the action is confirmed.

Storage Array Integration

If you have an IBM Spectrum Virtualise or Lenovo V Series then you can now backup from Storage Snapshots and also use the Veeam Explorer for Storage Snapshots. Remember that backup from storage snapshots is an Enterprise Plus feature.

Support for VMware Cloud on AWS

With update 3 this you can not only protect virtual machines running in the cloud but also migrate or replicate from on-premises vSphere deployments to VMware Cloud on AWS and vice versa. It’s great see to Veeam supporting this already.

I hope to get this update installed to our demo environment shortly and evaluate some of these new features. I’m particularly interested to understand the support of failover clusters as I know a few of our customers will be interested in this.

Links


This article was provided by our service partner Veeam.

veeam 10

Veeam 10 highlights

At the recent VeeamON Forum in London – some teasers were released of What’s new in Veeam V10. It doesn’t seem that long ago since Veeam version 9.5 was released but Veeam version 10 doesn’t disappoint with some much sought after new features.

Agents – became available in Veeam 9.5 and allow the backup of physical machines and VM’s in the cloud. This was a welcome feature, the only disadvantage was that you had to manage your agents from a separate interface. Version 10 allows you to manage all your agents from the standard Veeam Backup and Replication Console. Management of agents will be standard in version 10 from the B & R Console but if you’re on 9.5 you can also get this functionality early by applying update 3 which should be available shortly.

NAS backup – this was a real chink in Veeam’s armour previously as there was no way to backup NAS devices. The presenter mentioned this was one of the most popular feature requests, no surprise there. Version 10 will allow backups of NAS devices, and this will not be NDMP based. The feature is actually enabled with the addition of a new proxy role, the File Backup Proxy. This backup method allows the backup process to be vendor agnostic and also allows out of place restores to be performed to any target.

Continuous data protection – (CDP) allows for a near zero RPO. Those familiar with traditional continual data protection will remember physical appliances which acted as write splitters. Veeam’s implementation is of course software based and works by harnessing the VMware VAIO API which splits the write and creates a secondary copy of it. The picture below demonstrates a write being written across two different VMware clusters via the CDP proxy.

Continuous data protection is configured in the following screen which allows you to specify an RPO in seconds as well as how long it is stored for.

Veeam CDP setting screen

Storage integration API – storage integration is nothing new for Veeam, they have offered  integration with vendors such as HPE and NetApp for a number of years. In version 10 of Veeam there is now a universal storage integration API available, so storage vendors can develop integrations and they will all be based on a standard model. Previous storage integrations have been unique to each vendor. Storage based snapshots will of course bring the benefits of offloading the grunt work from the hypervisor and minimise the risk of VM stun

RMAN backups – Oracle DBA’s can continue to use the RMAN native backup tool they are familiar with but target a Veeam repository

Archive tier – will be available as a tier within a Scale-Out Repository. This allows backup data to automatically tier down to cheaper storage and is policy driven.

Role based access – is based on vSphere roles and allows users to perform their own simple operations such as restores

TAAS – possibly my favourite new feature, bringing new to old. Tape As A Service. This basically means that Veeam will tape out for you. Giving you the benefit of tape such as low cost per GB storage and offline media without the hassle of tape management

The Veeam backup and replication version 10 release data has not been announced yet, the official V10 page just lists it as coming soon. Veeam 9.5 update 3 is expected imminently.

MSP

Overcoming the MSP Stereotype in 5 Steps

Some of the best clients on any technology solution provider’s radar might already have an in-house IT resource, and while you’re busy building relationships with the right people to get that contract signed, that in-house IT person may not know you exist until the deal is done. The uphill battle to finding success with that first in-house IT client? The MSP Stereotype.

What IS the MSP Stereotype?

As crazy as it seems, there’s an unofficial caste system in IT that revolves around career paths and specialization. Most IT professionals start out in desktop support to learn basic concepts, then move on to application support for a deeper understanding of business-critical applications. Their time in troubleshooting opens new doors to managing the systems or networks those applications rely on.

What About MSPs?

This general path leaves out the traditional MSP, who some IT pros see as a failed desktop support specialist. Every time an MSP says they’re “concentrated on making money, not learning some new technology” it reinforces the stereotype that MSPs are peddling half-baked fixes, useless hardware, and needless up-selling. It’s a mentality that gives the entire community a bad name, and overcoming it is the key to building a healthy, long-term relationship with your clients’ in-house IT.

So how do you overcome the bias / bad press? How do you avoid being undermined and build a mutually beneficial relationship?

5 Steps to Overcome the Stereotype

1. Find Their Passion

Make time to meet with in-house IT staff. Take them out to lunch or drinks, and assure them you want to help. Find out what part of IT excites them. If they’re passionate about troubleshooting and the instant gratification it brings, give them first refusal on break/fix issues with an agreed upon SLA. If strategic planning lights them up, give them a voice in those meetings. In other words, give in-house IT a chance to redefine their roles and responsibilities.

2. Build Credibility

Provide in-house IT with credentials for their assigned technicians/engineers. If your team has a slew of certifications and/or years of experience, let your client’s in-house staff see for themselves. Be prepared to handle objections. Some IT pros believe in certifications, while others think certifications are useless. Address objections calmly and professionally. At the end of the day, it’s about winning trust. It won’t happen overnight, but making efforts early help you both better understand what you’re walking into.

3. Collaborate Often

With a solid understanding of what the in-house IT staff is passionate about, take the time to collaborate with them on the direction of their account. In-house IT will understand why you have standards to uphold for supportability and consistency –give them a chance to voice preferences before options are finalized. Involving them as much as possible will do wonders for your long-term relationship.

4. Communicate Decisions

As an MSP, you bring recommendations and options for clients to decide on. Which means you likely have more access to your client’s decision makers than their own staff, including In-house IT. Decisions get made multiple times a day, but top-down communication is often a problem. Treat In-house IT the way you’d want them to treat you. If you get out of a meeting where a decision is made that could impact In-house IT, let them know the decision and, if possible, the logic behind it. Face-to-face will go a long way, but a simple phone call works too.

5. Maintain Trust

The problem with stereotypes is that you need to constantly prove you’re different. Doing the 4 steps above get the ball rolling, but you can’t slack off. Stay actively engaged with your client’s In-house IT to remind them you’re constantly looking out for their best interests.

Many MSPs already understand the benefit of clients with in-house IT. You get an extra set of hands without any of the overhead. You get an advocate when you’re not in the room, and a champion for your team and business…if you simply overcome the MSP stereotype. Invest the time to nurture your in-house IT relationships and they’ll help you build a stellar reputation.


This article was provided by our service partner : Connectwise

Disaster Recovery

Improve your disaster recovery reliability with Veeam

The only two certainties in life are death and taxes. In IT, you can add disasters to this short list of life’s universal anxieties. Ensuring disaster recovery reliability is critical to ensure your organisations enduring viability in your chosen marketplace.

Regardless of the size of your budget, people power and level of IT acumen, you will experience application downtime at some point. Amazon’s recent east coast outage is testimony to the fact that even the best and brightest occasionally stumble.

The irony is that while many organizations make significant investments in their disaster recovery (DR) capabilities, most have a mixed track record, at best, with meeting their recovery service level agreements (SLAs). As this chart from ESG illustrates, only 65% of business continuity (BC) and DR tests are deemed successful.

disaster recovery readiness

In his report, “The Evolving Business Continuity and Disaster Recovery Landscape,” Jason Buffington broke down respondents to his DR survey into two camps: “green check markers” and “red x’ers.”

Citing his research, Jason recently shared with me: “Green Checkers assuredly don’t test as thoroughly, thus resulting in a higher passing rate during tests, but failures when they need it most — whereas Red X’ers are likely get a lower passing rate (because they are intentionally looking for what can be improved), thereby assuring a more likely successful recovery when it really matters. One of the reasons for lighter testing is seeking the easy route — the other is the cumbersomeness of testing. If it wasn’t cumbersome, most of us would likely test more.”

DR testing can indeed be cumbersome. In addition to being time consuming, it can also be costly and fraught with risk. The risk of inadvertently taking down a production system during a DR drill is incentive enough to keep testing to a minimum.

But what if there was a cost-effective way to do DR testing that mitigates risk and dramatically reduces the preparation work and the time required to test the recoverability of critical application services?

By taking the risk, cost and hassle out of testing application recoverability, Veeam’s On-Demand Sandbox for Storage Snapshots feature is a great way for organizations to leverage their existing investments in NetApp, Nimble Storage, Dell EMC and Hewlett Packard Enterprise (HPE) Storage to attain the following three business benefits:

  1. Risk mitigation: Many IT decision makers have expressed concerns around their ability to meet end-user SLAs. By enabling organizations to rapidly spin-up virtual test labs that are completely isolated from production, businesses can safely test their application recoverability and proactively address any of their DR vulnerabilities.
  2. Improved ROI: In addition to on-demand DR testing, Veeam can also be utilized to instantly stand-up test/dev environments on a near real-time copy of production data to help accelerate application development cycles. This helps to improve time-to-market while delivering a higher return on your storage investments.
  3. Maintain compliance: Veeam’s integration with modern storage enables organizations to achieve recovery time and point objectives (RTPO) of under 15 minutes for all applications and data. Imagine showing your IT auditor in real-time how quickly you can recover critical business services. For many firms, this capability alone would pay for itself many times over.

Back when I was in school, 65% was considered a passing grade. In the business world, a 65% DR success grade is literally flirting with disaster. DR proficiency may require lots of practice but it also requires Availability software, like Veeam’s, that works hand-in-glove with your storage infrastructure to make application recoveries simpler, more predictable and less risky.


This article was provided by our service partner Veeam.

veeam

Veeam : Ransomware resiliency – The endpoint is a great place to start

Fighting ransomware has become a part of doing business today. Technology professionals around the world are advocating many ways to stay resilient. The most effective method is to have end-user training on how to handle and operate attachments and connectivity to the Internet. One other area to look is frequent endpoint devices: Laptops and PCs.

Veeam has taken ransomware resiliency seriously for a while. We’ve put out a number of posts such as early tips for some of the first attacks and some practical tips when using Veeam Backup & Replication. Now with Veeam Agent for Linux and Veeam Endpoint Backup FREE available as well as Veeam Agent for Microsoft Windows (coming VERY soon) as options for laptops and PCs, it’s time to take ransomware resiliency seriously on these devices.

Before I go too far, it’s important to note that ransomware can exist on both Windows and Linux systems. Additionally, ransomware is not just a PC problem (see recent survey blogpost), as at Veeam we see it nearly every day in technical support for virtual machines. We’ll see more content coming for the virtual machine side of the approach for most resiliency, in this post I’ll focus on PCs and Laptops.

Veeam Agent for Linux is the newest product in which Veeam has offered image-based Availability for non-virtualized systems. Veeam Agent for Linux is a great way to do backups of many different Linux systems with a very intuitive user interface:

veeam linux agent

For ransomware resiliency for Veeam Agent for Linux, putting backups on a different file system will be very easy to do with the seamless integration with Veeam Availability Suite. In this way, backups of Veeam Agent for Linux systems can be placed in Veeam Backup & Replication repositories. They also can be used in the Backup Copy Job function. This way, the Linux backups can be placed on different file systems to avoid propagation of ransomware across the source Linux system and the backups. The Backup Copy Job of Veeam Agent for Linux is shown below writing Linux backups to a Windows Server 2016 ReFS backup repository:

veeam backup copy config

Now, let’s talk about Microsoft operating systems and resiliency against ransomware when it comes to backups. Veeam Endpoint Backup FREE will soon be renamed to Veeam Agent for Microsoft Windows. Let’s explain this changing situation here briefly. Veeam Endpoint Backup FREE was announced at VeeamON in 2014 and since it has been available, it has been downloaded over 1,000,000 times. From the start, it has always provided backup Availability for desktop and server-class Windows operating systems. However, it didn’t have the application-aware image processing support and technical support service. Veeam Agent for Microsoft Windows will introduce these key capabilities as well as many more.
For Veeam Agent for Microsoft Windows, you also can put backups on several different storage options. Everything from NAS systems to removable storage, a Linux path, tape media, a deduplication appliance when integrated with Veeam Availability Suite and more. The removable storage is of interest as it may be the only realistic option for many PC or laptop systems. A while ago, Veeam implemented a feature to eject removable media at the completion of a backup job. This option is available in the scheduling option and when the backup target is a removable media and is shown below:

veeam backup schedule

This simple option can indeed make a big difference. We even had a user share a situation where ransomware encrypted one’s backups. This underscores a need for completely offline backups or otherwise some form of an “air gap” between backup data and production systems. Thus, behave as if when you have ransomware in your organization the only real solution is to restore from backup after it is contained. There is a whole practice of inbound detection and prevention but if it gets in, backup is your only option. Having media eject offline is another mechanism that even with isolated PCs and laptops can have more Availability by having the backup storage offline.
Availability in the ransomware era is a never-ending practice of diligence and configuration review. Additionally, the arsenal of threats will always become more sophisticated to meet our new defenses.


This post was provided by our service partner : Veeam

veeam

Five considerations when searching for an off-site backup solution

For a number of years now, Veeam has been talking about the 3-2-1 rule of backups, whereby you keep three copies of your backup data on two different media types with at least one of those backups held off-site. Traditionally, most organizations have been able to put this into play by taking advantage of on-premises storage and media hardware along with multiple data center locations to cater for the off-site backup solution. This is where off-site data backup services can come into play to satisfy the off-site backup services requirement.

 
Off-site backup solutions offer numerous benefits to organizations, including increased efficiency and reliability based upon features and capabilities that not many companies may afford. There’s also no need to worry about infrastructure maintenance as that burden lies with the service provider, and the scalability of service providers can be leveraged without an upfront CAPEX spend. Another advantage of off-site backup solutions is accessibility, as the data is accessible from any internet-connected location and device.

 

Since Veeam Backup & Replication v8, Veeam has offered Cloud Connect as a means for the Veeam Cloud & Service Provider (VCSP) partners to provide off-site data backup services. With Veeam Cloud Connect, they can give their customers the ability to leverage cloud repositories to store virtual machines in service provider facilities. By leveraging Veeam Cloud Connect Backup, a number of VCSPs around the world have built off-site backup solutions. The Veeam Cloud & Service Provider directory lists out VCSP partners in your region of choice… but how do you choose between them?

 
Below are five considerations when searching for an offsite backup solution:

1. Data locality and Availability

Data sovereignty is a still a major concern for organizations looking to back up off site to the cloud. With the VCSP network being global, there is no shortage of locations to choose from to have as an off-site repository. Drilling down even further, some providers offer multiple locations within region, which can increase the resiliency and Availability of off-site backups and let you choose multiple repositories to further extend the 3-2-1 rule. It’s also a good idea to do some research into the service providers uptime and major event history, as this can tell you either way if a provider offering the off-site backup service has had any history of Availability issues.

2. Recoverability and restore times
It’s hard to defeat the laws of physics, and in searching for an off-site backup solution you should think about how long the data you have in a cloud repository will take to restore. This goes beyond the basics of working out recovery time objectives (RTOs) in that taking backups off site means that you are at the mercy of the internet connection between you and the restore location and in the restore capabilities of the service provider. When looking for a suitable off-site backup solution, take into consideration the roundtrip time between yourself and the service provider network and also the throughput between the two sites making sure you test both, upload and download speeds to and from each end.
Note that Veeam-powered off-site backup services can improve recovery times compared to those that rely on tape-based backup due to Cloud Connect repositories at the service provider end being housed on physical disk.

3. Service provider certifications and SLAs

As with data locality, more and more organizations are looking for offsite backup solutions that meet or match their own certification requirements. This extends beyond more common data center standards such as ISO 9001 and 27001, but also now looks at more advanced regulatory compliance to do with data retention and goes as far as service providers abiding by strict security standards. If your organization is in a specific vertical, such as Healthcare’s HIPAA standard, then you may look for an off-site backup solution that is compatible with that.
It’s also worth noting that service providers will offer differing service level agreements (SLAs) and this should be taken on board when searching for an off-site backup service. SLAs dictate the level of responsibility a service provider has when it comes to keeping to their promises in terms of services offered. In the case of off-site backup, it’s important to understand what is in place when it comes to integrity and security of data and what is done to guarantee access to your data when required.

4. Hypervisor support

Multi-hypervisor support does come into play when looking forward towards extending off-site backup and looking at recoverability in the cloud. For example, Veeam Cloud Connect works with both VMware and Microsoft hypervisors, and VCSPs have the ability to offer one or both of these platforms from a replication point of view. However, with Cloud Connect Backup, the off-site backup repository is hypervisor agnostic; cloud repository is acting as a simple remote storage option for organizations to back up to. With Veeam Backup & Replication 9.5, you can now replicate from Cloud Connect Backups and choose a provider that has one or the other, or both hypervisors as platform options.

5. Cost

Cost might seem obvious, but given the variety or services offered through the service providers it’s important to understand the difference in pricing models. Some service providers are pure infrastructure providers (IaaS) offering Backup as a Service (BaaS), which means you are generally paying for a VM license, storage and there might be additional charges for data transfer (however, this is fairly rare in the IaaS space). These service providers don’t cover any management of the backups — generally this is handled by managed service providers that wrap service charges on top of the infrastructure charges offering end-to-end off-site backup solutions.

The five tips above should help you in searching for an off-site backup service. You need to remember that each service provider offers something slightly different, which means your organization has choice in terms of matching an off-site data backup service that suits your specific requirements and needs. My recommendations will also help you navigate through Veeam Cloud & Service Provider partners that leverage Veeam Cloud Connect for their off-site backup offerings.


This article was provided by our service partner. Veeam

veeam

Veeam : Your Cloud backup customization option

Cloud backup is a viable option for many use cases, including but not limited to storage, critical workload management, disaster recovery and much more. And as we have covered in our previous concerns related to this series, it can also be made secure, reasonably priced, and migration can be simplified. We found one of the major cloud concerns in last year’s end user survey to be customization. Let’s dive into where customization and the cloud meet.

How customizable is the cloud?

In order to get the most out of their cloud investment, businesses need to be able to tailor the cloud to their exact needs. And even though cloud customization seems to be a concern, there is a general consensus in the IT community that the cloud is customizable. And when you consider the premise of AWS, Azure and other IaaS offerings that allow you to customize services specifically to your needs from day zero, it’s easy to see why. The cloud and customization seems to go hand-in-hand in some respects. Customization is a key component when it comes to the ability to configure cloud security. Being able to customize your cloud environment to meet exact compliance needs depending on what industry you are in, or in which region or country your data resides, makes customization a vital capability within cloud.

Supreme scalability of cloud

Talking about cloud customization would not be possible without also mentioning the flexibility and scalability that come with utilizing cloud over on-premises. If operations are conducted on-premises, then scaling up typically means buying new servers, and will require time and resources to deploy. The cloud offers pay-as-you go models and scaling happens instantly with no manual labor required. If there is a peak in activity, cloud resources can be added and scaled back down when business activity returns to normal. This ability to rapidly scale up or down through cloud can give a business true operational agility.

Customizing your backup data moving to the cloud

When depending on the data management software you use, you can enable a highly customized approach when it comes to handling data moving to the cloud. Veeam offers ultimate flexibility when it comes to the frequency, granularity and ease of backing up data to the cloud, helping you meet 15 minute RPOs which then impact RTOs. What’s great is the products used for backup and replication in Veeam can also be used as a migration tool to make the task of moving to cloud easier than it seemed at first. Let’s go over existing Veeam Cloud backup offerings and new ones to see how they can be utilized to customize various aspects of cloud backup needs.

Veeam and cloud customization

First and foremost: Backup and replication. The two functions used in virtually any environment to ensure the safety and redundancy of your data. You can send your data off site with Veeam Cloud Connect to a disaster recovery site or you can create an exact duplicate of your production environment that will have 15 minutes between them. And you can use these same options to get your data into the cloud, be it a cloud repository for storing backups or a secondary site via DRaaS, all within a single Veeam Backup & Replication console.

Since Veeam Cloud Connect operates through the network, we’ve made sure that we provide an encrypted traffic and built-in WAN acceleration to optimize every bit of data that is sent over. WAN acceleration minimizes the amount of data sent, excluding blocks that were already processed and can be taken from the cache on site. That comes really handy during migrations since you may be processing a lot of similar machines and files. This acceleration is included in Azure proxy as well as other optimizations that help reduce network traffic usage.

Additionally, you can use Direct Restore to Microsoft Azure to gain an extra level of recoverability. First setup and pre-allocate Azure services, then simply restore to any point of time for your machine in a couple of clicks. What’s really cool is that you’re not limited to restoring only virtual workloads, but can migrate physical machines as well!

The Veeam Agent for Microsoft Windows (beta version soon available), and the now available Veeam Agent for Linux will help you create backups of your physical servers so that you can store them on the Veeam repositories for further management, restores and migration, should you ever need to convert your physical workloads to the virtual and cloud. Not only does Veeam provide multiple means for getting data to the cloud, but you can also backup your Microsoft Office 365 data and migrate it to your local Exchange servers and vice versa with Veeam Backup for Microsoft Office 365! Many companies have moved their email infrastructure to the cloud, so Veeam provides an ability to have a backup plan in case something happens on the cloud side. That way you’ll always be able to retrieve deleted items and get access to your email infrastructure.

All these instruments are directly controlled by you, and most of them can be obtained with a service provider to take the management off your plate. When working with a provider, it is important to inquire into what can be customized or configured in order to ensure the cloud environment is able to meet your specific needs. This makes working with a cloud service provider a very valuable asset. As they can give you expert advice, reduce any complications and set expectations when it comes to cloud environments and their ability to be customized.


This article was provided by our service partner: Veeam

veeam

Migrating to the cloud backups

We have already talked about how secure backups can be in a cloud environment and what the cost may be of not leveraging the potential of DRaaS. The next step would be to start thinking about how to migrate your infrastructure or backups/replicas to cloud backups and at what scale it has to be done. We will review the main points that you need to consider and check prior to initiating your move into the world of cloud.

Who can benefit from the cloud?

The short answer is a bold one: Everyone. Regardless of the size of the operation, there is a good incentive in road mapping your migration over to the cloud as it brings a whole new level of accessibility, scalability and long-term cost savings. But what does that really mean?
When it comes to conventional disaster recovery sites, it’s hard to plan everything beforehand because you have no way of knowing when the disaster is going to strike and at what scale. You’re only as flexible as the hardware that you’re provided with. Any additional capacity would require time and more money to acquire and install.
That’s where the cloud steps up the game. You are presented with a variety of options that allow you to build a flexible DR environment with the ability to grow and shrink its capacity at will. The only price you’ll pay is for the actual hardware in use, thus granting an incredible scalability that is ready for any DR needs. Not every provider possesses such ability at a full scale, but there’s plenty of options to pick from based on your particular needs.
The two approaches Veeam has for businesses with on-premises deployments wanting to get backups or replicas to the cloud are Backup as a Service (BaaS) and Disaster Recovery as a Service (DRaaS). These approaches utilize cloud and service provider technologies which are flexible enough for any use case and you can avoid the cost and complexity of building and maintaining an offsite infrastructure.

So, how hard is it to migrate to the cloud?

What’s important to remember is that migrating data to the cloud is not a one-day feat and is a project that will require planning and a timeline. However, depending on what data management software you use, getting data offsite to the cloud can be a very simplified experience.
Migrating to the cloud certainly doesn’t require you to drop all the investments in your existing DR infrastructure, should you have one. If you’re already running an on-premises infrastructure, then you know that any hardware has its lifecycle and will eventually be replaced. So, you can plan to move your servers and applications to the cloud environment as the time for hardware renewals shows up on the calendar.
If you’re just starting off at the stage of designing your infrastructure then it would be even more beneficial, as you are getting high-class disaster-proof hardware used on Enterprise levels of operation at an affordable price and right-away at your disposal. No need to worry about building and maintaining your own DR site, all the more so about the time to set everything up from scratch.
In any case scenario, Veeam® has the tools to make your migration to the cloud as easy as your daily backup tasks. In fact, even though Veeam Cloud Connect Backup and Replication are used for archival purposes and providing continuous synchronization, they’re a perfect instrument for migrating your infrastructure to the cloud without any hassle.

What should be migrated first?

The first contenders are the servers that will fully benefit from the flexibility and added performance of the cloud. But, not every server or application needs to or can be migrated right away. You need to plan it in the way that won’t obstruct your production performance more than usual hardware migration or upgrade. It’s important to make sure the migration to the cloud won’t cause you trouble during the process or after the completion. That can be done by testing the performance of servers or applications in the lab to find out about any hiccups beforehand. Sometimes an existing set of dependencies, like an on-site SQL database or Active Directory, can make it harder to simply move some applications without correcting their workflow.
In such scenarios the use of hybrid cloud might be helpful. In a hybrid setup one part of your cloud infrastructure is private and running under your full control on-premises and the other part is in public cloud, making use of all the servers that are easily moved to cloud or will benefit from it the most.

Where do you start?

No matter the size of the infrastructure, Veeam Cloud Connect offers a solution to fully control and easily migrate on premises data to highest standard cloud environments – requiring no network (VPN) setup or change to the customer environment. And whether you plan on implementing a big bang migration strategy or the trickle migration strategy, Veeam Cloud Connect allows for both methods.

_________________________________________________________________________________________________________________

This article was provided by our service partner Veeam

veaam

Cloud backup security concerns

Many CIOs are now adopting a cloud-first strategy and backing up and recovering critical data in the cloud is on the rise. If you don’t have a permanent CIO to manage your IT department, consider hiring an interim CIO. As more and more companies explore the idea of migrating applications and data to the cloud, questions like “How secure are cloud services?” arise. While there isn’t a standout number one concern when it comes to cloud computing, the one thing we can be sure about is that security is front and center in CIO’s minds. Veeam has identified the top two concerns from our recent 2016 customer survey to be security and price. See the graph of responses below:

img01-2

Quite inevitably, cloud has come with new challenges and we’ll be exploring them all in this cloud challenges blog series. It has also come with some genuine security risks but as we will uncover, cloud backup security has more to do with your implementation of it to successfully ensure data security when moving to the cloud. With cloud, security has to be top priority. The benefits of flexibility and scalability you get from the cloud should not mean sacrificing any security at all.

What are the most important cloud backup security risks?

Stolen authentication/credentials

Attacks on data happen more often than not due to weak password usage, or poor key and certificate management. Issues tend to happen as multiple allocations and permission levels begin to circulate and this is where good credential management systems and practices can really help.

One-time generated passwords, phone-based authentication and other multifactor authentication systems make it difficult for attackers wanting to gain access to protected data because they need more than just one credential in order to log in.

Data breaches

Data breaches can be disastrous for organizations. Not only have they violated the trust of their customers by allowing data to be leaked, but it also opens them up to facing fines, lawsuits and even criminal indictments. The brand tarnishing and loss of business from such an event can leave a business with a long road to recovery at best.

Despite the fact that cloud service providers typically do offer security methods to protect tenants’ environments, ultimately you – the IT professional – are responsible for protection of your organization’s data. In order to protect even the idea of a breach, you need to become a fan of encryption. If you use cloud for storage, experts agree data should be encrypted at no less than 256-bit AES (Advanced Encryption Standard) before it leaves your network. The data should be encrypted a second time while in transit to the cloud and a third time while at rest stored in the cloud. It is important to do your research and enquire into the encryption used by the application, and by the service provider when the data is at rest in order to ensure safe and secure cloud backups.

Lack of due diligence

A key reason moving data to the cloud fails, becomes vulnerable or worse becomes subject to an attack or loss is due to poor planning and implementation. To successfully implement a cloud backup or disaster recovery strategy, careful and deliberate planning should take place. This should first involve considering and understanding all of the risks, vulnerabilities and potential threats that exist. Secondly, an understanding of what countermeasures need to be taken in order to ensure secure restore or recovery of backups and replication, such as ensuring your network is secure or access to key infrastructure is restricted. Due diligence in approaching the cloud should also involve an alignment of your IT staff, the service provider and the technologies and environment being leveraged. The service provider must be seamlessly integrated with the cloud backup and recovery software you plan to utilize for optimal security and performance of your virtualized environment.

Multi-tenant environment

Service providers offer cost-effectiveness and operations efficiencies by providing their customers with the option of shared resources. In choosing a service that is shared, it’s essential that the risks are understood. Ensuring that each tenant is completely isolated from other tenant environments is key to a multi-tenant platform. Multi-tenant platforms should have segregated networks, only allow privileged access and have multiple layers of security in the compute and networking stacks.

Service provider trust and reliability

The idea of moving data offsite into a multi-tenant environment where a third party manages the infrastructure can give even the boldest IT professionals some anxiety. This comes with the perceived lack of control they might have on cloud backup security. To combat this, it is essential to choose a service provider you trust who is able to ease any security doubts. There are a variety of compliance standards a provider can obtain, such as ISO9001 or SOC 2 & SSAE 16 and it’s important to take note of these as you search for a provider. In addition to standards, look for a service provider that has a proven track record of reliability – there are plenty of online tools that report on provider network uptime.  Physical control of the virtual environment is also paramount. You must seek a secure data center, ideally with on-site 24/7 security and mantraps with multi-layered access authentication.

So, is the cloud secure?

Yes, the cloud is secure but only as secure as you make it. From the planning and the processes in place, to the underlying technology and capabilities of your cloud backup and recovery service.  All these elements combined can determine your success.  It is up to you to work with your choice of service provider to ensure the security of your data when moving to cloud backups or DRaaS. Another critical aspect is partnering with a data management company experienced in securely shifting and storing protected data in the cloud.

Veeam and security

We provide flexibility in how, when and where you secure your data for maximum security matched with performance.  With AES 256-bit encryption, you have the ability to secure your data at all times: During a backup, before it leaves your network perimeter, during movement between components (e.g., proxy to repository traffic), for when data must stay unencrypted at the target and while your backup data is at rest in its final destination (e.g., disc, tape or cloud). It is also perfect for sending encrypted backups off site using Backup Copy jobs with WAN Acceleration.

You have a choice over when and where you encrypt backups. For example, you can leave local Veeam backups unencrypted for faster backup and restore performance, but encrypt backups that are copied to an offsite target, tape or the cloud. You can also protect different backups with different passwords, while actual encryption keys are generated randomly within each session for added backup encryption security.

Here are some links with more details on encryption and related information:


This article was provided by our service partner Veeam