Greetings friends, just a few months ago I told you that Veeam had released Veeam ONE v11a, and although it was a minor update to carry a letter and not up version, I understand that it may seem small, many improvements, but certainly a very important one, and is that Veeam ONE v11a, we can find direct visibility on our Immutability policies for our Repositories.
Quick overview of Immutability in Veeam Backup and Replication
I don’t know if I’ve ever covered this diagram with you, what I do keep in mind is that I show it every day to customers, and prospective customers. No matter the size of the company, no matter the backup strategy, whether wanting to keep everything in a local datacenter, or wanting to take advantage of Object Storage in the Public Cloud, all customers want, and need, immutability everywhere copies are stored. Good news! Veeam covers this need without any additional cost of functionality.
As we can see above, if we want to have local immutability, we need Veeam Linux Hardened Repository, which I told you all about here, if we want to use Public Cloud, we can opt for Amazon S3, or any provider that is using the latest S3 APIs, such as Wasabi, for example. Finally, if we want to use Archive Tier, for those monthly, and annual copies, Veeam also provides Immutability on this last tier.
NIST (National Institute of Standards and Technology) Cybersecurity Framework
The NIST Cybersecurity Framework is a powerful tool for organising and improving our cybersecurity programme. It is a set of guidelines and best practices to help organisations build and improve their cybersecurity posture. You can download it from here.
Veeam positions itself as a leader in this cybersecurity framework, adding features that help us on every part of the journey to a more secure environment. For example, for the detection part, we find Veeam ONE with its extensive monitoring and alerting capabilities.
Veeam ONE v11a – Immutability Monitoring and Alerts
If we have already updated to the latest version of Veeam ONE v11a, which I recommend, we can find in our Veeam ONE Client – Data Protection View – Backup Repositories, selecting a Linux repository with Immutability enabled, we can see how many days we are protected, in my case 7 days, which means that from today seven days ago I can not delete any backup, neither I, nor anyone with the limited access user that Veeam accesses the server:
The visibility doesn’t stop there, because if we go to the next Tier of the diagram I showed you above, in my case Wasabi, an S3 Storage Provider with no API costs, we can see that I have up to 30 days of protection. This already sounds better, we can assure our company that we have seven days in our data center that cannot be deleted or altered, and in case of fire, or any other disaster, we could still recover all our copies, or the one we need, from an S3 bucket that cannot be edited or deleted for 30 days, fantastic! And Veeam ONE shows all this in a simple way:
At the alarms level, two new and powerful alarms, the first one is to monitor those Backup Repositories that allow Immutability, as if we were using a Linux, or an S3 Provider, but that nevertheless do not have the option enabled.
The second alarm, even more critical if you allow me, as it will only notify us (remember that you can send them to Teams, or Slack) in case of changes in the immutability configuration, imagined by human error, or intentional:
For example, in this case, I have increased the retention in this safe zone from 7 days to 10, and automatically, Veeam ONE has generated the alert efficiently and concisely. This alert to me it is critical to receive on Teams, or Slack as soon as it occurs:
Veeam ONE v11a – Immutability Reports
Let’s go now to the Reports, you already know me, and you know that the reporting part is one of the most powerful I know in the market, I told you much more about the reports here. As usual, we connect to the Veeam ONE Web Client this time, we go to the Reports tab – Veeam Backup Overview – Scale-Out Backup Repository:
And there we have it, in my case, just what I showed you above, a Scale-Out Backup Repository with a part in my local Data Centre, with 7 days immutability, and a part in Wasabi, with 30 days of Immutability, with details of the size consumed in each part, etc.
I’ve said this several times before, but even if you are using a Windows Repository with ReFS, or deduplication, etc. today. I recommend you to have a Copy to another Repository with Linux Immutability, or a copy to one of the vendors that support Immutability, and report, and control everything with Veeam ONE v11a.
I hope this post will be useful, do not wait until it is too late, you get a ransomware, to start protecting at least one of the backups you make.