System Source Pizza Webinar - “Locking Ransomware Out ......System Source Pizza Webinar -...
Transcript of System Source Pizza Webinar - “Locking Ransomware Out ......System Source Pizza Webinar -...
System Source Pizza Webinar - “Locking
Ransomware Out of Your Backups” – 9/17
Dennis Kloster System Source Senior Consultant
Chris Connolly
Solutions Architect Hewlett Packard Enterprise
Van FlowersSystems Engineer, Veeam: VMCE, VMCT, VCP
AgendaOpening and Introductions – Chris Riley
Dennis Kloster• Why implement ransomware & DR protection
Chris Connolly• Why Veeam + HPE
• Simplivity
• Apollo
• Nimble
• StoreOnce
Van Flowers
• Veeam + HPE Demo
• Integration with HPE Solutions
• Ransomware Protection
Q&A Chris Riley
We Hope You are
Enjoying Your
Pizza!!
If you haven’t received your pizza,
then contact Mike Jones:
During the Webinar… Audio – In presentation mode until end
Control Panel
View webinar in full screen mode
In Chat – Tell us what you hope to learn today?
Feel free to submit written questions
Presentation and video available after webinar
Evaluation just after webinar finish
Please complete Poll, at end of webinar (just three
questions☺) – I will alert you when to start!
Dennis Kloster
1) Ransomware emails spiked 6,000% - 2018 vs. 2017
2) 40% of all spam email had ransomware
3) 92% of surveyed IT firms reported attacks on their clients
4) 70% of businesses paid the ransom
5) 20% of businesses paid more than $40,000
6) Most businesses face at least 2 days of downtime
Source: IBM via CNBC
Ransomware Prevention• Make sure antivirus is installed and kept up to date on all endpoints
• Computers and laptops
• Servers!!!!! (I constantly see servers that don’t have AV installed)
• Phones?
• Tablets?
Ransomware PreventionPatching
• Patch Windows
• Java, Flash, Adobe, etc…
• Use a patch management solution to make sure all endpoints are in compliance
• Patch everything!
Ransomware Prevention
AND THE SINGLE MOST IMPORTANT COMPMONENT………
Ransomware Prevention
END USER EDUCATION AND AWARENESS!!!!!!
Other Important Components of a Ransomware Readiness Plan
Backups• Test your backups! Just because the backup software says that your nightly backup was
successful doesn’t mean you can restore what you need.
• Disk to Disk backups: Ransomware can infect anything that is online. If you are using disk to disk backups, you must take your backups offline in order to protect them
• Best practice: 3 backups copies. 2 different formats. At least one copy is offsite
Other Important Components of a Ransomware Readiness Plan
VM level replication• Much quicker restore capabilities than a backup
• DR plan can be programmed ahead of time
• Easy testing capabilities
• Can be SAN based on software level (Veeam, Zerto, etc)
• Use your own DR site or a hosted site
• Major potential benefit is it (in theory) is a “clean” site
•Complimentary Products
•Single Vendor Solution• Traditional Acquisition
• GreenLake
•Reference Architectures and Design Guides•HPE has the most complete portfolio for deploying Veeam infrastructure
• Choose the right solution for your Veeam deployment: HPE StoreOnce, HPE Apollo, HPE MSA, HPE Nimble Storage, StoreEver
• HPE + Veeam Milestones• Integration dating back to 2012 (StoreVirtual)
• Alliance and reselling agreement since January 2017
• StoreOnce – First inline dedupe backup appliance to support IVMR
• Nimble - First inline dedupe secondary storage array supporting DR workload from Veeam backup
CONFIDENTIAL | AUTHORIZED HPE PARTNER USE ONLY 15
WHY HPE FOR VEEAM BACKUP SOLUTIONS
Federico Venier 2019
HPE SIMPLIVITY
Chris ConnollySolutions Architect
CONFIDENTIAL | AUTHORIZED HPE PARTNER USE ONLY16
CONFIDENTIAL | AUTHORIZED HPE PARTNER USE ONLY 17
HPE SIMPLIVITY AND VEEAM: BETTER TOGETHER USE CASE SUMMARY
MixedEnvironments
Extendto Cloud
Long TermRetention
App AwareBackup
GranularRestore
Built-in data protection within the SimpliVity federation
Near instantaneousbackup and restore
within the SimpliVity federation
Guaranteed Data
Efficiency
SQL Server consistent backups
File level recovery
HPESimpliVity
Different Admins: reduced risk of deleting backups along with production due to unintentional/malicious errorsDifferent platforms: prevent a firmware bug from compromising backups and production by saving to a different storage system
Protect data across mixed environments
Archive data to cloud platforms
Archive to 3rd party long term storage / tapes
Multi-app consistent backups
Multi-app granular object restore
HPE APOLLO
CONFIDENTIAL | AUTHORIZED HPE PARTNER USE ONLY18
The best server platform for compute and high-density storage in a single chassis
• HPE Apollo 4200 and HPE Apollo 4510 are HPE servers that combine:• Legendary ProLiant compute capabilities• High-density storage• HPE iLO and all the features you expect from a ProLiant
server• HPE Apollo server can host all Veeam components• Veeam Server and Microsoft SQL Server databases• Veeam proxy and backup repository• Veeam tape server
• Data reduction based on:• Veeam compression and deduplication• New Veeam virtual-synthetic-full based on ReFSblock
cloning• For additional reduction, install HPE StoreOnce VSA
CONFIDENTIAL | AUTHORIZED HPE PARTNER USE ONLY 19
HPE APOLLO 4200 AND 4510 GEN10
HPE Apollo 45104U Intel based server60 LFF + 2 SFF disks
HPE Apollo 42002U Intel based server
28 LFF disks
Federico Venier 2019
HPE NIMBLE
CONFIDENTIAL | AUTHORIZED HPE PARTNER USE ONLY20
Flash-accelerated protection Hassle-free availability
• Faster backups and instant restores with the most high-performing hybrid flash arrays
• Affordable long-term retention with always-on dedupe and compression
• Multiple workload consolidation in addition to data protection
• Backup data put to work for dev/test, DR, analytics
• Virtual sandbox spin-ups with Veeam DataLabsautomation
• RTPO <15 min with Veeam-managed HPE Nimble Storage snapshot replication and Veeam Explorer
• Storage consolidation withsix-nines HA and Triple+ Parity RAID.
• Intelligent operations with HPE-Infosight and Veeam One
• Unmatched data protection with a proven, best-in-class, advanced integration.
Active backups
CONFIDENTIAL | AUTHORIZED HPE PARTNER USE ONLY 21
Protect data with the industry’s only intelligent, predictive flash-based solutionWHY HPE NIMBLE STORAGE AND VEEAM AVAILABILITY PLATFORM?
HPE STOREONCE
CONFIDENTIAL | AUTHORIZED HPE PARTNER USE ONLY22
• One architecture• Multiple protocols: Catalyst, NAS, VTL
• Local and cloud: Always the highest dedupe
• Physical and virtual
CONFIDENTIAL | AUTHORIZED HPE PARTNER USE ONLY 23
HPE STOREONCE PORTFOLIO
Free 1 TB usableFully licensed
VSA
VS A
VSA
Free 1 TB usable(download link)
VSA
VS A
HPE S toreOnce Catalyst
1 to 500 TB usable
3620
Up to 31.5 TB local+63 TB with Cloud Bank Storage
Up to 108 TB local+216 TB with
Cloud Bank Storage
3640
Up to 216 TB / 864 TB local+512 TB / 1728 with Cloud Bank Storage
5200 / 5250
Up to 1.7 PB local+3.5 PB with Cloud Bank Storage
5650
4 T B and 8 T B drives
Catalyst communication protocol• Source-side dedupe• Ransomware invulnerability
Federico Venier 2019
Federico Venier 2019
Specific HPE StoreOnce advantages for Veeam solutions
• Enterprise-class storage• Built-in storage verification for silent corruption and self healing• Storage consolidation
– Single platform from small to more than 30 PB of logical capacity on a single unit (tested)
• Storage-based replication—Veeam v10 certification• Features
• Source-side deduplication, huge LAN/WAN bandwidth reduction, remote replication• Ransomware protection, hardened system• Unified Veeam backup target for virtual, physical, and plug-ins
• Appliance-based solution• Simpler administration
– Hardware and software fully tuned, tested, and managed by the same vendor
• Better support – Unified hardware and software support– No more Microsoft Windows patches and instability
• Documented and fully tested best practices for all operations, such as upgrade
CONFIDENTIAL | AUTHORIZED HPE PARTNER USE ONLY 24
WHY HPE STOREONCE FOR VEEAM?
Test job details:
Source: 1 VM, 114 GB, 3% change rateRetention: 5 weekly cycles (1 full, 6 incremental)Test duration: 14 weeks
Legacy disk capacity
HPE S toreOnce
physical capacity
HPE S toreOnce
dedupe
Job 2: Veeam — no dedupe—no compression 998 GB 60.5 GB 16.5 X
Job 1: Veeam “deduplication + optimal compression” 486 GB 69.8 GB 7 X
Question: Does HPE StoreOnce further reduce Veeam data?
CONFIDENTIAL | AUTHORIZED HPE PARTNER USE ONLY 25
Legacy disks compared with HPE StoreOnceBENEFIT OF HPE STOREONCE DEDUPLICATION FOR VEEAM REPOSITORIES
2 to 1
Answer: HPE StoreOnce requires 486 / 60.5 = 8X less disk storage than traditional solutions
Notes: Better deduplication is expected in real-world configurations with many VMsHPE StoreOnce deduplication works across all VMs increasing deduplication (operating system data portion is always the same)
Benefit: 8X less capacity than legacy disks
Test job details:
Source: 1 VM, 114 GB, 3% change rateRetention: 5 weekly cycles (1 full, 6 incremental)Test duration: 14 weeks
Legacy disk capacity
HPE S toreOnce
physical capacity
HPE S toreOnce
dedupe
Job 2: Veeam—no dedupe—no compression 998 GB 60.5 GB 16.5 X
Job 1: Veeam “deduplication + optimal compression” 486 GB 69.8 GB 7 X
Federico Venier 2019
• Lab test: Bandwidth reduction after 3% data change and 12% incremental backup• Up to 80—100 to 1 (98% to 99%) for full backup (after the first one)
• Up to 15—30 to 1 (93% to 97%) for incremental backup
• Why is dedupe on full backup so good?• A full backup contains a copy of all data even if the actual changes since the previous backup (full or
incremental) are limited
• HPE StoreOnce deduplication engine identifies the changed date and dedupe the large amount of “already seen” data
• Why is dedupe on incremental backup so good?• Veeam incremental backup is based on CBT technology
• CBT reports to Veeam 1 MB blocks regardless of the amount of changed data inside the block
• HPE StoreOnce can identify the actual changed data inside the 1 MB block because its deduplication engine works at a higher granularity (4 KB on average)
CONFIDENTIAL | AUTHORIZED HPE PARTNER USE ONLY 26
VEEAM AND CATALYST DEDUPLICATION OVER WAN
Benefit: Bandwidth reduction, higher throughput
CONFIDENTIAL | AUTHORIZED HPE PARTNER USE ONLY 27
Plan in advance because there are unexpected challengesRANSOMWARE AND DATA PROTECTION: DO YOU FEEL PROTECTED?
How to recover when your files get
encrypted?
It is not matter of “if” but “when”?
Pay and “pray”Yes, unencrypt may not work
FBI link
Make sure your backup data is invulnerable to ransomware attacks
Arrange a backup policy with enough retention
(snapshot + backup)
The FBI does not support paying a ransom to the adversaryPaying a ransom does not guarantee the victim will regain access to their dataIn fact, some individuals or organizations are never given decryption keys after paying a ransom
Federico Venier 2019
Make sure your backup data is invulnerable
• There is a technology shift from tape to disks• Newer backup solutions write data to disks rather than tapes
• In respect to ransomware, what is the main difference between disks and tapes?• Tapes: They are not accessible as a file system
• Disks: They use to be on-line and accessible as a file system
• Note: Several types of ransomware, such as Locky and Crypto, are known to destroy Windows shadow copies and restore point data
CONFIDENTIAL | AUTHORIZED HPE PARTNER USE ONLY 28
RANSOMWARE AND DATA PROTECTION (BACKUP)
Even the best data protection strategy is worthless if ransomware can corrupt your backup data along with your production
data
Federico Venier 2019
Veeam is used as one of the most complete examples
The problem is the same for all backup solutions
Production virtualinfrastructure
CONFIDENTIAL | AUTHORIZED HPE PARTNER USE ONLY 29
The best backup is useless if ransomware can access your backup repositoryIMMUNIZE YOUR BACKUP REPOSITORY AGAINST VIRUSES
VM
Hypervisor
VM VM VM
Benefit: Your backup repository must be protected against viruses
Oracle.VM.vbkSQL.VM.vbkDC.VM.vbk
Oracle.VM.vbkSQL.VM.vbkDC.VM.vbk
Traditional vs Catalyst based Veeam backup repositories
Oracle.VM.vbkSQL.VM.vbkDC.VM.vbk
Proxy/gateway
NAS share\\NAS\backup
Local disk
E:\Backup>dirVolume in drive C is VeeamVolume Serial Number is 6AE5-29
Directory of E:\Backup2016-07-27 16:04 <DIR> .2016-07-27 16:04 <DIR> ..2016-07-27 16:05 <DIR> Job-Oracle2015-11-18 18:19 <DIR> Job-SQL2015-11-18 18:19 <DIR> VeeamConfigBackup
0 File(s) 0 bytes4 Dir(s) 17,381,437,440 bytes free
👿👿👿
All restore points are encrypted
All restore points are encrypted
All restore points are healthy
HPE StoreOnce
Catalyst API
VM VM VM VM
Ransomware
Access denied to virus;repository visible only using Catalyst API
Storage snapshot
Storage snapshots are not connected
👿
👿👿
Tapes may be offline and are “unsupported” by ransomware
Federico Venier 2019
CONFIDENTIAL | AUTHORIZED HPE PARTNER USE ONLY 30
Widely accepted best practice among storage communityNEW 3-2-1-1-0 VEEAM RULE
2Different media
1of which is off-site
WAN
0No errors afterbackup recoverabilityverification
1is offline
HPE StoreOnceCatalyst API
Invisible to ransomware and virusThis repository is visible only using proprietary Catalyst API
3Different copiesof data
VM
Federico Venier 2019
HPE + VEEAM IVMR
CONFIDENTIAL | AUTHORIZED HPE PARTNER USE ONLY31
INSTANT VM RECOVERY ON HPE STOREONCE, HPE APOLLO, AND HPE NIMBLE STORAGEThe three best-of-breeds in their own categories
CONFIDENTIAL | AUTHORIZED HPE PARTNER USE ONLY 32
vPower NFS
Veeam server
Catalyst
Backup filededuped and compressed
HPE S toreOnce: Few VMs
HPE Apollo: Multiple VMs
HPE Nimble S torage: Many VMs—Put your backup to work
HPE StoreOnce
HPE Nimble Storage
HPE ApolloHPE StoreOnce
HPE Nimble Storage
HPE Apollo
LocaliSCSI/FCiSCSI/Fibre Channel
• The vPower technology allows to power-on VMs directly from the backup target
• VMs are up and running in a matter of minutes
• HPE has solutions designed for all kind of workloads
VMware
Prod
Benefit: No-worry choice—each platform is tested, certified, and fully supported
Federico Venier 2019
VEEAM + HPE DEMO
CONFIDENTIAL | AUTHORIZED HPE PARTNER USE ONLY33
Van FlowersSystems Engineer, Veeam: VMCE, VMCT, VCP
© 2020 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
30 + Years working in IT Storage – Virtualization –Networking – Data Centers - Presentations
Started with Veeam April 9, 2018
Guitar Builder – Guitarist – Music Junkie – Mac Geek
I am married to the most amazing woman on the planet – 4 Kids from 30 to 17 – too many animals –living in the woods in a big house with lots and lots of land
Van Flowers| Systems Engineer| VMCE VMCT VCP | DC, MA and Northern VA
© 2020 Veeam Software. All rights reserved. All trademarks are the property of their respective owners.
Welcome…
© 2020 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
Data security
• The only cure for ransomware is prevention• Companies have to choose between paying or losing data• Brand damage control post-compromise
Data security and data reuse challenges
Data reuse
• Providing fresh data for development and security testing• Providing fresh data for data mining scripts and applications• Dealing with increasing requests for these operations
© 2020 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
Ransomware
© 2020 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
Cloud Tier & SoBR Enhancements
• Policy-based• Transparent• Space efficient• Self-sufficient• No extra costs• Immutable (S3)
Oldest Backupsand / or
Immediate Copy+
Immutability
DAS
NAS
DedupeAppliance
PerformanceTier
Capacity Tier
Microsoft AzureBlob Storage
Amazon S3(w/Object Lock)
IBM CloudObject Storage
S3 Compatible
© 2020 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
Veeam Availability Suite V10 & HPE Integrations
Expanded HPE StoreOnceCatalyst Support
HPE Primera Snapshot Integration
HPE StoreOnce Catalyst Copy Integration
HPE’s new storage platform for mission critical applications, with a 100% availability guarantee; includes HPE Infosight for
proactive monitoring and maintenance.
NEW Native HPE Primera integration with Veeam Backup & Replication.
• Snapshot orchestration
• Backup from Storage Snapshot
• Peer-persistence support
HPE Proprietary backup protocol optimized for efficient, secure, and flexible disk based data protection.
• Catalyst support for virtual environments and backup copy jobs
• NEW Catalyst Support for agents:
• Windows Agents
• Linux Agents
• Future Agents (Solaris, AIX)
• NEW Catalyst Support for Enterprise Application PlugIns:
• Oracle RMAN Plugin
• SAP HANA Plugin
Built in StoreOnce functionality for efficiently moving back up copies offsite for disaster
recovery.
NEW Backup data copies from one StoreOnceto another StoreOnce without rehydration of data in flight.
NEW NEW NEW
© 2020 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
Expanded HPE StoreOnce Catalyst Support
Veeam Windows Gateway
Windows Agent
BackInt Plugin
RMAN Plugin
Future Agents
Linux Agent
HPE StoreOnce
Catalystsource side
dedupe
Solution benefits:
• Comprehensive Veeam backup leveraging HPE StoreOnce Catalyst
• Increased data security by utilizing HPE Catalyst Store
• Multiple sources processed by Veeam gateway using Catalyst
• Support additional workloads:
• Nutanix AHV hypervisor in addition to WMware, Hyper-V
• Physical windows and linux servers
• Oracle RMAN & SAP HANA backups
NEW
© 2020 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
HPE StoreOnce Catalyst Copy Integration
Solution Benefits:
Improves performance for copying backup data between 2 HPE StoreOnce systems
Eliminate data rehydration and improve backup and recovery performance
Reduces amount of data to be transferred across WAN freeing up bandwidth for other applications
Decrease costs to move data off site
HPE StoreOnceCatalyst
Copy
write to repository with catalyst protocol
Backup server coordinates
HPE StoreOnce 1 HPE StoreOnce 2
NEW
© 2020 Veeam Software. Confidential information. All rights reserved. All trademarks are the property of their respective owners.
Let’s look in the Lab
Q & A
Kindly complete the survey at the end of this webinar. We will use your feedback to help us improve.
Poll Questions:
Question 1 - Which StoreOnce backup target provides the best protection from ransomware?
Question 2 - The 2 in the 3-2-1 rule refers to?
Question 3 - Which HPE Storage platform supports running the highest number of VMs via IVMR
We will announce and send out prizes within three days