Immutable Backup is a Veeam Backup & Replication feature that protects against ransomware attacks by preventing malicious software from modifying or deleting backup data.
Immutable backup means that once data is written to a backup repository, it cannot be modified, overwritten, or deleted until a specified retention period has passed. This can prevent ransomware from corrupting or encrypting backup data because the malware cannot modify or delete the backup files.
1. Login to the Veeam Backup and replication manager server.
2. Open the Veeam Backup & Replication Console and click Connect.
3. Enter the MFA Confirmation code and click Confirm.
4. Select Jobs on the Home page and right-click Jobs.
5. Select Backup and click Virtual machine.
6. On the Name page, enter a name for the backup job in the Name field.
7. Give a brief description in the Description field for the future.
8. Click Next.
9. Click Add on the Virtual Machines page.
10. Select the VM from the Select objects list on the Add Objects page and click Add.
11. If you have multiple VMS that needs to back up in the same backup job, you can repeat the step to add them.
12. Click Next on the Virtual Machines page.
13. On the Storage page, click Choose to select a backup proxy if you don’t want to use the default Off-host backup (automatic proxy selection) setting.
14. On the Backup Proxy page, if you select On-host backup mode, the source Microsoft Hyper-V host will serve as both the source host and the backup proxy. In this mode, Veeam Data Mover runs directly on the source host, which speeds up data retrieval but places additional strain on the host.
15. If you select Off-host backup mode, Veeam Data Mover will run on a dedicated off-host backup proxy. All backup processing operations from the source host are routed to the off-host backup proxy in this model.
16. If the off-host backup mode is selected for the job, but no off-host backup proxies are available when the job begins, Veeam Backup & Replication will transition to on-host backup mode.
17. You unselect the Failover to on-host backup mode if no suitable off-host proxies are available in the checkbox. Still, the job will fail to start if off-host backup proxies are unavailable or configured properly.
18. Click OK.
19. Select the Hardened backup repository from the Backup repository drop-down list.
20. Set the retention policy settings for restore points in the Retention Policy field.
21. Select days or restore points from the drop-down list.
22. You can configure GFS retention policy settings for the backup job to ignore the short-term retention policy for some full backups and store them for long-term archiving.
23. Select the Keep certain full backups for longer for archival purposes checkbox and click Configure.
24. Select the Keep weekly full backups for checkbox and specify the number of weeks you want to prevent restore points from being modified and deleted.
25. Select the Keep monthly full backups for checkbox and specify the months you want to prevent restore points from being modified and deleted.
26. Select the Keep yearly full backups for checkbox and specify the years you want to prevent restore points from being modified and deleted.
27. Click OK.
28. On the Storage page, click Advanced.
29. On the Backup page, select Incremental (recommended).
30. Select create synthetic full backups periodically or active full backups periodically checkbox.
31. Click Configure to schedule full backups periodically and click OK.
32. Select Incremental and disable synthetic full or active full backups to create a forever forward incremental backup chain if needed.
33. On the Advanced Settings, select Maintenance.
34. To regularly perform a health check on the backup chain’s most recent restore point, select the Perform backup files health check (detects and auto-heals corruption) checkbox in the Storage-level corruption guard section.
35. Click Configure to set a timetable for the health check.
36. Select the Remove deleted items data after the checkbox and enter the few days you want backup data for deleted VMs to be kept.
37. Select the Defragment and compact full backup file checkbox and click Configure.
38. Set the schedule for the compact operation to compact a full backup periodically.
Note:
GFS retention is not compatible with defragment and compact functionality.
39. On Advanced Settings, select Storage.
40. Select the Enable inline data deduplication (recommended) checkbox.
41. Select the Exclude swap file blocks (recommended) checkbox.
42. Select the Exclude deleted file blocks (recommended) checkbox.
43. Select the compression level for the backup from the drop-down list.
44. Select the Storage optimization for the backup from the drop-down list.
45. Select the Enable backup file encryption checkbox to encrypt the content of backup files.
46. Select a password from the drop-down list. If you still need to do, click Add or use the Manage passwords link to create a new password.
47. Select Notifications on the Advanced Settings.
48. Keep the default settings.
49. Select Hyper-V on the Advanced Settings.
50. Keep the default settings.
51. On the Advanced Settings page, select Scripts and keep the default settings.
52. Click OK.
53. Click Next on the Storage page.
54. When you add VMs running VSS-aware applications to the backup job, you can enable application-aware processing to create a transactionally consistent backup. The transactionally consistent backup ensures that applications on VMs can be recovered without data loss.
55. Select the Enable application-aware processing checkbox on the Guest Processing page and click Applications.
56. On the Application-Aware Processing Options page, select the VM and click Edit.
57. On the Processing Settings, click General.
58. Keep the default settings.
59. On the Processing Settings page, click SQL if the VM is a Microsoft SQL Server VM.
60. Select Truncate logs (Prevents logs from growing forever) to truncate transaction logs after a successful backup.
61. On the Processing Settings page, click Oracle if the VM is an Oracle Server.
62. Select a user account from the drop-down list.
63. Select Do not delete archived logs checkbox.
64. On the Processing Settings page, click PostgreSQL if the VM is a PostgreSQL Server VM.
65. Select a user account from the drop-down list.
66. Select Database user with password checkbox.
67. On the Processing Settings page, click Exclusions and keep the default settings.
68. On the Processing Settings page, click Scripts and keep the default settings.
69. Click OK.
70. On the Application-Aware Processing Options page, click OK.
71. Select the Enable guest file system indexing checkbox and click Indexing.
72. On the Guest File System Indexing Options page, select the VM, click Edit and select Windows indexing.
73. On the Guest file system indexing mode page, keep the default settings.
74. Click OK.
75. Click OK on the Guest file system indexing mode page.
76. Keep the default Automatic selection setting in the Guest interaction proxy field.
77. Choose a user account on the Guest Processing page with sufficient permissions from the Guest OS credentials drop-down list.
78. If you have multiple VMs at the same job, click Credentials to Customize guest OS credentials for individual machines and operating systems.
79. On the Guest Processing page, click Test Now to verify network connectivity and credentials for each machine included in the job.
80. On the Guest Credentials Test page, ensure verification success for each machine.
81. Click Close.
82. Click Next on the Guest Processing page.
83. Select Run the job automatically checkbox on the Schedule page and select your specified schedule.
84. Define whether Veeam Backup & Replication should retry the backup job if it fails in the Automatic retry section.
85. Define the time interval the backup job must complete in the Backup window section. The backup window ensures that the job does not overlap with production hours and that there is no unnecessary overhead on the production environment.
86. Click Apply.
87. Click Finish on the Summary page.
88. Verify that the backup job has been added.
I hope you enjoy this post.
Cary Sun
Twitter: @SifuSun
Web Site: carysun.com
Blog Site: checkyourlogs.net
Blog Site: gooddealmart.com