Veeam Backup And Replication //FREE\\ Download Old Versions
Tanesha Jankoff
Veeam Backup & Replication is a proprietary backup app developed by Veeam for virtual environments built on VMware vSphere, Nutanix AHV, and Microsoft Hyper-V hypervisors.[3] The software provides backup, restore and replication functionality for virtual machines, physical servers and workstations as well as cloud-based workload.[4]
Veeam Backup & Replication operates both the virtualization layer as well manages physical machine backup. It backs up VMs at the image-level using a hypervisor's snapshots to retrieve VM data.[5] Backups can be full (a full copy of VM image) or incremental (saving only the changed blocks of data since the last backup job run).[6] Backup increments are created using the built-in changed block tracking (CBT) mechanism. The available backup methods include forward incremental-forever backup, forward incremental backup, and reverse incremental backup. Additionally, there is an option to perform active full and synthetic full backups.[7]
Veeam Backup & Replication provides automated recovery verification for both backups and replicas. The program starts a VM directly from a backup or replica in the isolated test environment and runs tests against it. During the verification, the VM image remains in a read-only state. This mechanism can also be used for troubleshooting or testing patches and upgrades.[8][9]
Veeam Backup & Replication supports software-defined storage technology. It allows organizing a scalable backup repository from a collection of heterogeneous storage devices. Backups can be stored on-premises, transferred to off-site repositories via the WAN,[10] saved to tape media for long-term retention, or sent to cloud storage. Cloud storage support is available on an Infrastructure-as-a-Service (IaaS) model. Veeam's technology, Cloud Connect, provides integrated and secured backup to the cloud through Veeam-powered service providers.[11][12]
Veeam Backup & Replication is storage-agnostic, but it also has specialized storage integrations with some storage systems such as Cisco HyperFlex, EMC VNX, EMC VNXe,[13] HP 3PAR, HP StoreVirtual,[14] Nimble,[15] NetApp,[16] IBM,[17] Lenovo Storage V Series.[18] In addition, through a separate Universal Storage API and plug-in, Veeam also provides storage integrations with INFINIDAT [19] and Pure Storage.[20] It uses storage system snapshots as a source for backups and recovery of VMware VMs with disks residing on storage volumes.[21][22] Veeam Backup & Replication also have build in direct NFS agent which allows to access NetApp snapshots directly from NAS storage bypassing hosts for backup, restore & storage scan operations.
Along with backup, Veeam Backup & Replication can perform image-based VM replication. It creates a "clone" of a production VM onsite or offsite and keeps it in a ready-to-use state. Each VM replica has a configurable number of failover points.[23] Image-based VM replication is also available via Veeam Cloud Connect for Disaster Recovery as a Service (DRaaS).[24]
Veeam Backup & Replication decreases backup files size and data traffic with built-in data deduplication and compression. There is support for deduplicating storage systems such as EMC Data Domain,[26] ExaGrid[27] and HP StoreOnce Catalyst and NetApp Cloud Backup (AltaVault).[28] Using deduplicating storage appliances as backup repositories allows achieving greater levels of deduplication ratios. Veeam Backup & Replication also provides built-in WAN acceleration to reduce the bandwidth required for transferring backups and replicas over the WAN.
Built on a modular scheme, Veeam Backup & Replication allows for setting scalable backup infrastructures. The software architecture supports onsite, offsite and cloud-base data protection, operations across remote sites and geographically dispersed locations.[29] The installation package of Veeam Backup & Replication includes a set of mandatory and optional components that can be installed on physical or virtual machines.[30]
Activity related to this CVE has not yet been observed in the wild, but affected parties should expect attempts at exploitation in the coming weeks. Severity and ease of abuse make this an extremely attractive vulnerability to attackers. Any credential managed by Veeam Backup & Replication could be exposed in cleartext, potentially allowing threat actors to escalate their privileges, move laterally, and more effective ransom attempts if an attacker gains access to backup infrastructure hosts.
Kudelski Security recommends patching as soon as possible. In the meantime, If you use an all-in-one Veeam appliance with no remote backup infrastructure components, you can alternatively block external connections to port TCP 9401 in the backup server firewall as a temporary remediation until the patch is installed.
Veeam said on March 7: If you use an earlier Veeam Backup & Replication version, please upgrade to a supported version first. If you use an all-in-one Veeam appliance with no remote backup infrastructure components, you can alternatively block external connections to port TCP 9401 in the backup server firewall as a temporary remediation until the patch is installed. The patch must be installed on the Veeam Backup & Replication server.
Backup software is a big target. The Veeam vulnerability warning comes days after CISA warned that server backup software from ConnectWise was being exploited in the wild by attackers, who were using the vulnerable software agent to tailgate into other servers that were being backed up; effectively surfing backwards from backup systems to live environments from which they can steal critical data or drop malware as they choose.
Veeam Backup & Replication is a powerful data protection and disaster recovery solution for virtual, physical, and cloud-based workloads. Version 9.5 was a major release that introduced many new features and improvements, including faster backup performance, enhanced data deduplication, and support for cloud-based storage providers.
Veeam ONE 9.5 is a powerful monitoring, reporting and capacity planning tool for Veeam Backup & Replication, VMware vSphere, and Microsoft Hyper-V environments. With Veeam ONE 9.5, you can monitor your backup and replication environment to ensure that your data is protected and recoverable in the event of a disaster.
It is recommended that you upgrade to a supported version of Veeam Backup & Replication and Veeam ONE to ensure that your backup and replication environment is up to date, secure, and supported by Veeam.
However, since v12 is the first version to support PostgreSQL, it is still recommended to use Microsoft SQL Server when you backup more than 5000 VMs. Refer to the flow chart below for the best choice matching your environment. Also, if you have implemented High Availability as discussed in Database placement section and you have no licensing concerns, there is no hard requirement to migrate to PostgreSQL. Finally, if you are in a complex environment with multiple Veeam Backup & Replication servers and Veeam Enterprise Manager, consider that all of them must use the same Database Engine.
Migrating to PostgreSQL is not a straight forward process and requires careful planning. All backup servers must be based on the same database engine as Veeam Backup Enterprise Manager (PostgreSQL or Microsoft SQL Server).
Veeam Backup & Replication may consume high amounts of CPU and RAM while processing backup or replication jobs. To achieve better performance and load balancing it is necessary to provide sufficient RAM and CPU resources to Veeam components. Remember to add additional resources, if the backup server is responsible for multiple roles, such as repository server or backup proxy.
It is possible to leverage a remote SQL Server as staging server during restores in Veeam Explorer products. For example if you use PostgreSQL for your configuration database engine, you might consider the production host as a staging server or any other Microsoft SQL Server.
If you are using the explorers extensively, you might want to consider a Full Micrsoft SQL Server on the backup server for lowest latency and highest performance.
This pattern details the process for sending backups created by Veeam Backup & Replication to supported Amazon Simple Storage Service (Amazon S3) object storage classes by using the Veeam scale-out backup repository capability.
Network connectivity from on premises to AWS services with available bandwidth for backup and restore traffic through a public internet connection or an AWS Direct Connect public virtual interface (VIF)
Veeam Backup and Replication software protects data from logical errors such as system failures, application errors, or accidental deletion. In this diagram, backups are run on premises first, and a secondary copy is sent directly to Amazon S3. A backup represents a point-in-time copy of the data.
In accordance with IAM best practices, we strongly recommend that you regularly rotate long-term IAM user credentials, such as the IAM user that you use for writing Veeam Backup & Replication backups to Amazon S3. For more information, see Security best practices in the IAM documentation.
If you want to enable immutability, choose Make recent backups immutable for X days and set the period of time during which your backups should be locked. Note that enabling immutability results in increased costs because of the increased number of API calls to Amazon S3 from Veeam.
If you want to enable immutability, choose Make recent backups immutable for the entire duration of their retention policy. Note that enabling immutability results in increased costs because of the increased number of API calls to Amazon S3 from Veeam.
For EC2 instance type, choose the instance type for the proxy appliance, based on your speed and cost requirements for transferring the backup files to the archive tier of your scale-out backup repository.
If needed, add performance extents. You can also use your existing Veeam local backup repository as your performance tier. Starting with Veeam version 12, you can add an S3 bucket as a performance extent for direct-to-object (DTO) backups, bypassing a local performance tier.
df19127ead