System Source Pizza Webinar - “Locking Ransomware Out ......System Source Pizza Webinar -...

System Source Pizza Webinar - “Locking

Ransomware Out of Your Backups” – 9/17

Dennis Kloster System Source Senior Consultant

[email protected]

Chris Connolly

Solutions Architect Hewlett Packard Enterprise

[email protected]

Van FlowersSystems Engineer, Veeam: VMCE, VMCT, VCP

[email protected]

mailto:[email protected]



AgendaOpening and Introductions – Chris Riley

Dennis Kloster• Why implement ransomware & DR protection

Chris Connolly• Why Veeam + HPE

• Simplivity

• Apollo

• Nimble

• StoreOnce

Van Flowers

• Veeam + HPE Demo

• Integration with HPE Solutions

• Ransomware Protection

Q&A Chris Riley

We Hope You are

Enjoying Your

Pizza!!

If you haven’t received your pizza,

then contact Mike Jones:

[email protected]


During the Webinar… Audio – In presentation mode until end

Control Panel

View webinar in full screen mode

In Chat – Tell us what you hope to learn today?

Feel free to submit written questions

Presentation and video available after webinar

Evaluation just after webinar finish

Please complete Poll, at end of webinar (just three

questions☺) – I will alert you when to start!

Dennis Kloster

1) Ransomware emails spiked 6,000% - 2018 vs. 2017

2) 40% of all spam email had ransomware

3) 92% of surveyed IT firms reported attacks on their clients

4) 70% of businesses paid the ransom

5) 20% of businesses paid more than $40,000

6) Most businesses face at least 2 days of downtime

Source: IBM via CNBC

Ransomware Prevention• Make sure antivirus is installed and kept up to date on all endpoints

• Computers and laptops

• Servers!!!!! (I constantly see servers that don’t have AV installed)

• Phones?

• Tablets?

Ransomware PreventionPatching

• Patch Windows

• Java, Flash, Adobe, etc…

• Use a patch management solution to make sure all endpoints are in compliance

• Patch everything!

Ransomware Prevention

AND THE SINGLE MOST IMPORTANT COMPMONENT………

Ransomware Prevention

END USER EDUCATION AND AWARENESS!!!!!!

Other Important Components of a Ransomware Readiness Plan

Backups• Test your backups! Just because the backup software says that your nightly backup was

successful doesn’t mean you can restore what you need.

• Disk to Disk backups: Ransomware can infect anything that is online. If you are using disk to disk backups, you must take your backups offline in order to protect them

• Best practice: 3 backups copies. 2 different formats. At least one copy is offsite

Other Important Components of a Ransomware Readiness Plan

VM level replication• Much quicker restore capabilities than a backup

• DR plan can be programmed ahead of time

• Easy testing capabilities

• Can be SAN based on software level (Veeam, Zerto, etc)

• Use your own DR site or a hosted site

• Major potential benefit is it (in theory) is a “clean” site

•Complimentary Products

•Single Vendor Solution• Traditional Acquisition

• GreenLake

•Reference Architectures and Design Guides•HPE has the most complete portfolio for deploying Veeam infrastructure

• Choose the right solution for your Veeam deployment: HPE StoreOnce, HPE Apollo, HPE MSA, HPE Nimble Storage, StoreEver

• HPE + Veeam Milestones• Integration dating back to 2012 (StoreVirtual)

• Alliance and reselling agreement since January 2017

• StoreOnce – First inline dedupe backup appliance to support IVMR

• Nimble - First inline dedupe secondary storage array supporting DR workload from Veeam backup

CONFIDENTIAL | AUTHORIZED HPE PARTNER USE ONLY 15

WHY HPE FOR VEEAM BACKUP SOLUTIONS

Federico Venier 2019

HPE SIMPLIVITY

Chris ConnollySolutions Architect

CONFIDENTIAL | AUTHORIZED HPE PARTNER USE ONLY16


HPE SIMPLIVITY AND VEEAM: BETTER TOGETHER USE CASE SUMMARY

MixedEnvironments

Extendto Cloud

Long TermRetention

App AwareBackup

GranularRestore

Built-in data protection within the SimpliVity federation

Near instantaneousbackup and restore

within the SimpliVity federation

Guaranteed Data

Efficiency

SQL Server consistent backups

File level recovery

HPESimpliVity

Different Admins: reduced risk of deleting backups along with production due to unintentional/malicious errorsDifferent platforms: prevent a firmware bug from compromising backups and production by saving to a different storage system

Protect data across mixed environments

Archive data to cloud platforms

Archive to 3rd party long term storage / tapes

Multi-app consistent backups

Multi-app granular object restore

HPE APOLLO


The best server platform for compute and high-density storage in a single chassis

• HPE Apollo 4200 and HPE Apollo 4510 are HPE servers that combine:• Legendary ProLiant compute capabilities• High-density storage• HPE iLO and all the features you expect from a ProLiant

server• HPE Apollo server can host all Veeam components• Veeam Server and Microsoft SQL Server databases• Veeam proxy and backup repository• Veeam tape server

• Data reduction based on:• Veeam compression and deduplication• New Veeam virtual-synthetic-full based on ReFSblock

cloning• For additional reduction, install HPE StoreOnce VSA


HPE APOLLO 4200 AND 4510 GEN10

HPE Apollo 45104U Intel based server60 LFF + 2 SFF disks

HPE Apollo 42002U Intel based server

28 LFF disks


HPE NIMBLE


Flash-accelerated protection Hassle-free availability

• Faster backups and instant restores with the most high-performing hybrid flash arrays

• Affordable long-term retention with always-on dedupe and compression

• Multiple workload consolidation in addition to data protection

• Backup data put to work for dev/test, DR, analytics

• Virtual sandbox spin-ups with Veeam DataLabsautomation

• RTPO <15 min with Veeam-managed HPE Nimble Storage snapshot replication and Veeam Explorer

• Storage consolidation withsix-nines HA and Triple+ Parity RAID.

• Intelligent operations with HPE-Infosight and Veeam One

• Unmatched data protection with a proven, best-in-class, advanced integration.

Active backups


Protect data with the industry’s only intelligent, predictive flash-based solutionWHY HPE NIMBLE STORAGE AND VEEAM AVAILABILITY PLATFORM?

HPE STOREONCE


• One architecture• Multiple protocols: Catalyst, NAS, VTL

• Local and cloud: Always the highest dedupe

• Physical and virtual


HPE STOREONCE PORTFOLIO

Free 1 TB usableFully licensed

VSA

VS A

VSA

Free 1 TB usable(download link)

VSA

VS A

HPE S toreOnce Catalyst

1 to 500 TB usable

3620

Up to 31.5 TB local+63 TB with Cloud Bank Storage

Up to 108 TB local+216 TB with

Cloud Bank Storage

3640

Up to 216 TB / 864 TB local+512 TB / 1728 with Cloud Bank Storage

5200 / 5250

Up to 1.7 PB local+3.5 PB with Cloud Bank Storage

5650

4 T B and 8 T B drives

Catalyst communication protocol• Source-side dedupe• Ransomware invulnerability


https://myenterpriselicense.hpe.com/cwp-ui/evaluation/STOREONCEVSAG41TB/-/null?authToken=f2d1755f-3abb-4be3-820b-50467d2d045d


Specific HPE StoreOnce advantages for Veeam solutions

• Enterprise-class storage• Built-in storage verification for silent corruption and self healing• Storage consolidation

– Single platform from small to more than 30 PB of logical capacity on a single unit (tested)

• Storage-based replication—Veeam v10 certification• Features

• Source-side deduplication, huge LAN/WAN bandwidth reduction, remote replication• Ransomware protection, hardened system• Unified Veeam backup target for virtual, physical, and plug-ins

• Appliance-based solution• Simpler administration

– Hardware and software fully tuned, tested, and managed by the same vendor

• Better support – Unified hardware and software support– No more Microsoft Windows patches and instability

• Documented and fully tested best practices for all operations, such as upgrade


WHY HPE STOREONCE FOR VEEAM?

Test job details:

Source: 1 VM, 114 GB, 3% change rateRetention: 5 weekly cycles (1 full, 6 incremental)Test duration: 14 weeks

Legacy disk capacity

HPE S toreOnce

physical capacity

HPE S toreOnce

dedupe

Job 2: Veeam — no dedupe—no compression 998 GB 60.5 GB 16.5 X

Job 1: Veeam “deduplication + optimal compression” 486 GB 69.8 GB 7 X

Question: Does HPE StoreOnce further reduce Veeam data?


Legacy disks compared with HPE StoreOnceBENEFIT OF HPE STOREONCE DEDUPLICATION FOR VEEAM REPOSITORIES

2 to 1

Answer: HPE StoreOnce requires 486 / 60.5 = 8X less disk storage than traditional solutions

Notes: Better deduplication is expected in real-world configurations with many VMsHPE StoreOnce deduplication works across all VMs increasing deduplication (operating system data portion is always the same)

Benefit: 8X less capacity than legacy disks

Test job details:

Source: 1 VM, 114 GB, 3% change rateRetention: 5 weekly cycles (1 full, 6 incremental)Test duration: 14 weeks

Legacy disk capacity

HPE S toreOnce

physical capacity

HPE S toreOnce

dedupe

Job 2: Veeam—no dedupe—no compression 998 GB 60.5 GB 16.5 X

Job 1: Veeam “deduplication + optimal compression” 486 GB 69.8 GB 7 X


• Lab test: Bandwidth reduction after 3% data change and 12% incremental backup• Up to 80—100 to 1 (98% to 99%) for full backup (after the first one)

• Up to 15—30 to 1 (93% to 97%) for incremental backup

• Why is dedupe on full backup so good?• A full backup contains a copy of all data even if the actual changes since the previous backup (full or

incremental) are limited

• HPE StoreOnce deduplication engine identifies the changed date and dedupe the large amount of “already seen” data

• Why is dedupe on incremental backup so good?• Veeam incremental backup is based on CBT technology

• CBT reports to Veeam 1 MB blocks regardless of the amount of changed data inside the block

• HPE StoreOnce can identify the actual changed data inside the 1 MB block because its deduplication engine works at a higher granularity (4 KB on average)


VEEAM AND CATALYST DEDUPLICATION OVER WAN

Benefit: Bandwidth reduction, higher throughput


Plan in advance because there are unexpected challengesRANSOMWARE AND DATA PROTECTION: DO YOU FEEL PROTECTED?

How to recover when your files get

encrypted?

It is not matter of “if” but “when”?

Pay and “pray”Yes, unencrypt may not work

FBI link

Make sure your backup data is invulnerable to ransomware attacks

Arrange a backup policy with enough retention

(snapshot + backup)

The FBI does not support paying a ransom to the adversaryPaying a ransom does not guarantee the victim will regain access to their dataIn fact, some individuals or organizations are never given decryption keys after paying a ransom


https://www.veeam.com/blog/hpe-hardware-snapshot-orchestration-integrated-feature.html

http://searchsecurity.techtarget.com/news/450304898/FBI-ransomware-alert-Dont-pay-report-defend-against-attacks

Make sure your backup data is invulnerable

• There is a technology shift from tape to disks• Newer backup solutions write data to disks rather than tapes

• In respect to ransomware, what is the main difference between disks and tapes?• Tapes: They are not accessible as a file system

• Disks: They use to be on-line and accessible as a file system

• Note: Several types of ransomware, such as Locky and Crypto, are known to destroy Windows shadow copies and restore point data


RANSOMWARE AND DATA PROTECTION (BACKUP)

Even the best data protection strategy is worthless if ransomware can corrupt your backup data along with your production

data


Veeam is used as one of the most complete examples

The problem is the same for all backup solutions

Production virtualinfrastructure


The best backup is useless if ransomware can access your backup repositoryIMMUNIZE YOUR BACKUP REPOSITORY AGAINST VIRUSES

VM

Hypervisor

VM VM VM

Benefit: Your backup repository must be protected against viruses

Oracle.VM.vbkSQL.VM.vbkDC.VM.vbk


Traditional vs Catalyst based Veeam backup repositories


Proxy/gateway

NAS share\\NAS\backup

Local disk

E:\Backup>dirVolume in drive C is VeeamVolume Serial Number is 6AE5-29

Directory of E:\Backup2016-07-27 16:04 <DIR> .2016-07-27 16:04 <DIR> ..2016-07-27 16:05 <DIR> Job-Oracle2015-11-18 18:19 <DIR> Job-SQL2015-11-18 18:19 <DIR> VeeamConfigBackup

0 File(s) 0 bytes4 Dir(s) 17,381,437,440 bytes free

👿👿👿

All restore points are encrypted

All restore points are encrypted

All restore points are healthy

HPE StoreOnce

Catalyst API

VM VM VM VM

Ransomware

Access denied to virus;repository visible only using Catalyst API

Storage snapshot

Storage snapshots are not connected

👿

👿👿

Tapes may be offline and are “unsupported” by ransomware



Widely accepted best practice among storage communityNEW 3-2-1-1-0 VEEAM RULE

2Different media

1of which is off-site

WAN

0No errors afterbackup recoverabilityverification

1is offline

HPE StoreOnceCatalyst API

Invisible to ransomware and virusThis repository is visible only using proprietary Catalyst API

3Different copiesof data

VM


HPE + VEEAM IVMR


INSTANT VM RECOVERY ON HPE STOREONCE, HPE APOLLO, AND HPE NIMBLE STORAGEThe three best-of-breeds in their own categories


vPower NFS

Veeam server

Catalyst

Backup filededuped and compressed

HPE S toreOnce: Few VMs

HPE Apollo: Multiple VMs

HPE Nimble S torage: Many VMs—Put your backup to work

HPE StoreOnce

HPE Nimble Storage

HPE ApolloHPE StoreOnce

HPE Nimble Storage

HPE Apollo

LocaliSCSI/FCiSCSI/Fibre Channel

• The vPower technology allows to power-on VMs directly from the backup target

• VMs are up and running in a matter of minutes

• HPE has solutions designed for all kind of workloads

VMware

Prod

Benefit: No-worry choice—each platform is tested, certified, and fully supported


VEEAM + HPE DEMO


Van FlowersSystems Engineer, Veeam: VMCE, VMCT, VCP

© 2020 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.

30 + Years working in IT Storage – Virtualization –Networking – Data Centers - Presentations

Started with Veeam April 9, 2018

Guitar Builder – Guitarist – Music Junkie – Mac Geek

I am married to the most amazing woman on the planet – 4 Kids from 30 to 17 – too many animals –living in the woods in a big house with lots and lots of land

Van Flowers| Systems Engineer| VMCE VMCT VCP | DC, MA and Northern VA

© 2020 Veeam Software. All rights reserved. All trademarks are the property of their respective owners.

Welcome…


Data security

• The only cure for ransomware is prevention• Companies have to choose between paying or losing data• Brand damage control post-compromise

Data security and data reuse challenges

Data reuse

• Providing fresh data for development and security testing• Providing fresh data for data mining scripts and applications• Dealing with increasing requests for these operations


Ransomware


Cloud Tier & SoBR Enhancements

• Policy-based• Transparent• Space efficient• Self-sufficient• No extra costs• Immutable (S3)

Oldest Backupsand / or

Immediate Copy+

Immutability

DAS

NAS

DedupeAppliance

PerformanceTier

Capacity Tier

Microsoft AzureBlob Storage

Amazon S3(w/Object Lock)

IBM CloudObject Storage

S3 Compatible


Veeam Availability Suite V10 & HPE Integrations

Expanded HPE StoreOnceCatalyst Support

HPE Primera Snapshot Integration

HPE StoreOnce Catalyst Copy Integration

HPE’s new storage platform for mission critical applications, with a 100% availability guarantee; includes HPE Infosight for

proactive monitoring and maintenance.

NEW Native HPE Primera integration with Veeam Backup & Replication.

• Snapshot orchestration

• Backup from Storage Snapshot

• Peer-persistence support

HPE Proprietary backup protocol optimized for efficient, secure, and flexible disk based data protection.

• Catalyst support for virtual environments and backup copy jobs

• NEW Catalyst Support for agents:

• Windows Agents

• Linux Agents

• Future Agents (Solaris, AIX)

• NEW Catalyst Support for Enterprise Application PlugIns:

• Oracle RMAN Plugin

• SAP HANA Plugin

Built in StoreOnce functionality for efficiently moving back up copies offsite for disaster

recovery.

NEW Backup data copies from one StoreOnceto another StoreOnce without rehydration of data in flight.

NEW NEW NEW


Expanded HPE StoreOnce Catalyst Support

Veeam Windows Gateway

Windows Agent

BackInt Plugin

RMAN Plugin

Future Agents

Linux Agent

HPE StoreOnce

Catalystsource side

dedupe

Solution benefits:

• Comprehensive Veeam backup leveraging HPE StoreOnce Catalyst

• Increased data security by utilizing HPE Catalyst Store

• Multiple sources processed by Veeam gateway using Catalyst

• Support additional workloads:

• Nutanix AHV hypervisor in addition to WMware, Hyper-V

• Physical windows and linux servers

• Oracle RMAN & SAP HANA backups

NEW


HPE StoreOnce Catalyst Copy Integration

Solution Benefits:

Improves performance for copying backup data between 2 HPE StoreOnce systems

Eliminate data rehydration and improve backup and recovery performance

Reduces amount of data to be transferred across WAN freeing up bandwidth for other applications

Decrease costs to move data off site

HPE StoreOnceCatalyst

Copy

write to repository with catalyst protocol

Backup server coordinates

HPE StoreOnce 1 HPE StoreOnce 2

NEW


Let’s look in the Lab

Q & A

Kindly complete the survey at the end of this webinar. We will use your feedback to help us improve.

Poll Questions:

Question 1 - Which StoreOnce backup target provides the best protection from ransomware?

Question 2 - The 2 in the 3-2-1 rule refers to?

Question 3 - Which HPE Storage platform supports running the highest number of VMs via IVMR

We will announce and send out prizes within three days

System Source Pizza Webinar - “Locking Ransomware Out ......System Source Pizza Webinar -...

Documents

Transcript of System Source Pizza Webinar - “Locking Ransomware Out ......System Source Pizza Webinar -...