Deep Dive - How our Veeam platform helps protect from ransomware and allows for quicker RTOs
28 Jul 2023, by Slade Baylis
Whilst we’ve never put out an article on the tools that are available for it – one re-occurring point that we’ve touched on many times is the importance of backing up your systems. Without them, not only are you exposed to data loss due to user error, corruption, or systems failing - but you also are much more exposed to cyber-security risks such as ransomware. In fact, that’s underselling it – as by some accounts, the threat of ransomware is so large that they believe that a mitigation strategy utilising separate backups is the only reliable way to limit their impact and potential damage.
That's why today we'll be looking to start rectifying that - in this article we'll be going over some background on the technology used with our different backup platforms, as well as go into some detail about our flagship backup platform Veeam.
Just a note of clarification - although we'll be going into a lot of detail about our particular implementation of these services - it is by no means intended to be an exhaustive list of what each platform is or isn’t capable of.
More protection vs added cost – The benefits of running multiple backup platforms in parallel
When looking to implement backups to protect your systems, one question that often comes up is why would you need to use separate backup platforms concurrently? Surely if they work, only one would be required and the second would be redundant. Whilst technically true, our common recommendation to our customers is to run both of our backup platforms in parallel. This is based around the idea that it is better to be protected and not need them, rather than then need them and not have them.
Not only does diversifying your backups mean that you’re more protected should something fail with your primary backup platform, but it also means that it’s much less likely that your backup platforms will be fully compromised should you get hit by a cyber-security incident, such as a ransomware attack. However, security and redundancy aren’t the only reasons to use multiple systems – the other reason that most of our customers look to using multiple backup platforms is due to each one possessing different strengths.
Here at Micron21 we use two backup platforms primarily for protecting our own systems and that of our customers, namely Veeam and Acronis. Both of these systems are great and offer protection for our users’ data, as well as reduced storage costs and faster restoration times through “block-level” backup technology.
File-level vs block-level Backups – Reducing storage costs and improving disaster recovery times
One of the primary advantages to block-level backups it that they allow for quicker restores. To understand how this happens, we’ll need to explain the alternative method of backing up systems, that of using “file-level” backups. Definitely the more traditional form of backup, file-level backups are actually quite easy to understand – as at its most basic level - it is just a copy of the files from your systems. A file-level based backup system will take a copy of your files every so often, likely storing them away from your systems for security.
Whilst these types of backups are great for the basic task of making sure you have a copy of your data, what they’re not so great at is getting your systems back into working order should something go wrong. If your systems crash irreparably, getting back up and running from this type of backup often means hours, days, or sometimes even weeks of work! This often involves setting up replacement systems from scratch and then manually copying your backup data back into them.
If that wasn’t enough, these systems can also get dramatically more expensive if you need to store backups for a long amount of time. Due to each backup needing to take a full copy of your files, each backup will be of the full file taking up large amounts of space. This isn’t usually much of an issue when you only need to keep a few copies of your data, but for those who need to keep months or years worth of data, this can cost more than is feasible.
Whilst some of that usage can be mitigated through use of compression, there are actually other ways of backing up that can offer much better ways of mitigating that disk usage – and this is where "block-level" backups enter the equation.
A block-level backup is a technology that allows for data to be backed up in the same way as it’s stored on your file-system, in blocks. Without getting too much into the weeds - which can be difficult - when data is saved to a drive in your computer, that data is stored within a contiguous set of “blocks”. These blocks are what make up your entire hard drive, with each one of these blocks allowing you to store a small amount of data. The overall capacity of your hard drives is actually just how much data one of these blocks can contain, multiplied by the total number of them.
So with that explanation out the way, block-level backups therefore read and backup the data from your storage at this block level directly. This allows for an approach to backups wherein the changes to files are backed up, rather than taking an entire new copy of each file with each new backup. This approach is called using “incremental backups”, which we’ve covered in more details in our previous Backing up your data – What should you consider when protecting your business? article. In short, through utilising these incremental backups that only back up what has changed since the last backup, you are able to massively reduce the storage requirements for storing your data - especially over large periods of time.
In addition to saving on storage costs, due to the backups being replications of the underlying storage at this granular level, these systems also allow for entire servers to be restored in their entirety without needing to be manually rebuilt first.
It’s for all these reasons that we choose to utilise block-level backup systems, which includes our Veeam and Acronis platforms - with Veeam being our primary recommendation for our customers using VMware. The reason for this is due to Veeam’s increased ransomware protection and the near-immediate restore times that are possible due to its unique technology and our implementation.
Veeam – Utilising hypervisor-integrated backups for ransomware protection and instant recovery
Considered our flagship backup service, our Veeam backup platform is configured to take block-level replications of the virtual machines running on our VMware platform and stores them remotely on secure and redundant storage. For Veeam, the way this is achieved is through taking backups of virtual machines at the hypervisor level.
A hypervisor, also known as a virtual machine monitor (VMM), is software that creates and manages virtual machines (VMs). Through integrating with the underlying hypervisor that manages VMs, the backup platform is able to perform feats that would be impossible otherwise, such as backing up systems without requiring that system to have access to the backup platform. This one-way protection allows for backups to be completely isolated from the systems that they’re backing up, which allows for protection from cyber-attacks that look to spread throughout a network, such as ransomware.
In ransomware attacks, once a system is compromised, the malicious third-parties often attempt to use it as a beachhead, looking to spread throughout all other connected systems to also compromise them. As reported by Block and Files1, a technology news site focussed on news about storage and data, Veeam’s CTO Danny Allan said that “Veeam’s own ransomware report showed that 93 percent of ransomware attacks the backups, and 75 percent of the time the attack was successful.”
With our hypervisor-integrated backup platform, this level of access isn’t possible from the compromised machines, meaning that if any of those systems are compromised, they have no way of accessing their own backups. Due to this isolation, we, as well as our clients, are able to rely on this platform to protect our data from loss due to both unfortunate circumstances, as well as deliberate malicious attack.
In addition to this security benefit, through Veeam’s technology called “Instant Recovery”, any protected virtual machine is able to be recovered within 15 minutes, which can be a godsend for anyone looking for disaster recovery protection. Due to the block-level nature of their backups and integration with our VMware platform, Veeam is able to immediately recover VMs by running them directly from the backup infrastructure they’re stored on, whilst migrating that data back to production systems in real-time.
This level of near real-time protection usually requires investment in geographically highly available systems, where replicated copies of systems are run in parallel to switch to in case the primary systems fail – which usually doubles your infrastructure costs at a minimum.
As you can imagine, having the option of achieving similar RTOs (Recover Time Objectives) as highly-available clustered configurations - without requiring that cost - is one of the primary reasons our customers rely on it to protect their production systems.
That being said, with our VMware services specifically, our customers actually get a High-Availability service out of the box as well! For more information on this, check out our earlier Protect your mission critical systems with Hyper-Convergence article.
Direct Comparison – Acronis & Veeam
| Features | Acronis | Veeam |
| Platform Coverage | Shared Web Hosting, KVM VPS, VMware Platform & External Devices | VMware Platform |
| Backup Technology | Block-level | Block-level |
| Disaster Recovery (RPO) | Limited | Instant Recovery |
| Disaster Recovery (RPO) | Fully Customisable | Fully Customisable |
| Secured Backup Network | Not Included | Included |
| Self Service Portal | Included | Upon Request |
| Device Integration | Included | Unavailable |
Security, RTOs, and ease-of-access – Different factors to consider when choosing a backup platform
Overall, when considering which backup platform to use, it’s important to consider how that choice will impact both your DRP (Disaster Recovery Plan) as well as protect you against cyber-security threats. Other key points to consider are how you will access those backups as well as how easy it will be to restore from them.
We’ll be covering this in our other article this month, but our other backup platform, called Acronis, integrates differently to Veeam – as it uses an "installed agent" on the VM instead of backing up via the hypervisor. Using an installed agent means that some of the benefits of a hypervisor approach – that of better ransomware protection and quicker restores – are lost, but on the other hand, it actually allows for better integration with those VMs and easier restoring of data.
As mentioned earlier, as every platform will have different benefits, our recommendation is to look at using multiple systems in parallel with strengths that complement each other. Doing so, allows you to have more redundancy and copies of your data, better protecting you from data loss – it also allows you to not have to sacrifice one benefit to gain another, getting the best of both worlds!
Have any questions about our different backup platforms?
If you have any questions about the different backup services that we offer and which would work best for you, let us know! You can reach us via email on 1300 769 972 (Option #1) or via email at sales@micron21.com
Sources
1, Blocks and Files, “Veeam CTO on SaaS backup, chatbots and ransomware”, <https://blocksandfiles.com/2023/07/11/veeam-cto/>