Protecting Backup Data from Ransomware Made Easy With Pure Storage and Veeam

The long weekend is finally here. It’s Sunday morning, you’re having your first cup of coffee thinking about what’s for breakfast, and your phone explodes with emails and messages that your company’s users can’t access their critical files and databases. You swallow hard and your heart races as you log in to your IT systems to try to assess what is going on. In a few moments your worst fear is confirmed, your company has been attacked by ransomware and the data on your production storage has been encrypted

But wait, you’ve just completed a project to transition your old backup software to Veeam Data Platform and replaced your legacy backup storage with Pure Storage. Within minutes you are recovering clean production data from backup and the performance is amazing. While the above scenario is fictitious, the recovery performance and data security with Veeam and Pure are not!

If you had told me just two short years ago that IT organizations would replace their disk backup storage with flash storage before they replaced their disk production storage I would have said “no way”. For almost two decades I have been focused on data protection, IT had a “culture” of deploying better, faster technology into production infrastructure first, then modernizing backup infrastructure eventually. How things have changed in two years.

Today customers are implementing Pure’s flash storage for their Veeam backup infrastructure, regardless of what they still run in production. Why?

Two main reasons:

  1. Backups must be pristine and immutable
  2. Recovery performance is paramount

There are other reasons too.

  1. Dramatically reduced Total Cost of Ownership (TCO)
  2. Ease-of-use
  3. Security, including encryption-at-rest

Should your interest be piqued, you may ask: what Pure product is best for backup storage?

Well, Pure, like Veeam, believes in choice and flexibility. That is why they offer both block (FlashArray) and object (FlashBlade) storage for Veeam backup repositories.

Why consider FlashArray for Backup Storage?

The first reason centers around what type of storage you are comfortable with and knowledgeable about. As mentioned, FlashArray is block storage and can connect to your storage network via iSCSI, Fiber Channel, or NVMe-oF. Pure has two models of FlashArray that are ideal for secondary/backup workloads: the FlashArray//C and the FlashArray//E. Which model and configuration you choose will depend primarily on how much data needs protecting, and the retention period required.

Then, two additional points will likely come into consideration: data reduction/deduplication and Pure’s SafeMode immutable snapshots.

FlashArray leverages multiple data reduction technologies, including deduplication and compression, to reduce the amount of physical storage required to store your backups and their retention. This has the benefit of reducing storage costs, and reducing data center rack space, power, and cooling.

SafeMode immutable snapshots can protect the Veeam backup data stored on FlashArray from being modified or deleted by any threat, either malicious or accidental. Simply, put the FlashArray volumes where the backup data resides into a FlashArray Protection Group and specify the frequency of the snapshots (e.g., once per hour). Even if something bad happens to the FlashArray volumes containing the backup data, it takes seconds to recover those volumes back from a SafeMode storage snapshots.

Veeam recommends leveraging Veeam Hardened Repository when deploying block storage for backup repositories. With the addition of Pure’s SafeMode immutable snapshots protecting the backup data, this creates Multiple Resiliency Domains and a layered data security model.

Why Consider FlashBlade for Backup Storage?

As with the FlashArray, the first reason you may want to consider Pure’s FlashBlade has to do with your comfort and knowledge of object storage, and whether you have deployed this across your hybrid cloud enterprise as an internal standard for backup storage. FlashBlade is what Pure calls “Unified File and Object” storage, it supports NFS, SMB, and S3 protocols and connects to your storage network via Ethernet.

Backup data on FlashBlade is protected by S3 Object Lock immutability, plus Pure SafeMode Retention Lock to prevent against accidental or malicious administrator threats. What about using FlashArray and FlashBlade together?

This is a popular configuration with Pure and Veeam customers, leveraging FlashArray for on-premises backups and FlashBlade for offsite backups. But this is not the only option. You can choose to have all FlashArray, all FlashBlade, or a mix of FlashArray and FlashBlade as backup storage across your hybrid cloud enterprise. And you can even mix Pure backup storage with existing deployed non-Pure storage if that storage is not quite old enough to replace.

This all sounds good, but what testing has Pure and Veeam done to validate Pure Storage products as backup targets? Both the FlashArray and FlashBlade have been tested using the Veeam Ready program. 

What is the Veeam Ready Program you ask? Here is the description from the Veeam Alliance Technical Programs web page:

“The Veeam Ready Program provides a solution qualification process to help Veeam Alliance Program partners meet Veeam functional and performance standards.

By attaining Veeam Ready status, customers are assured that storage solutions are compatible with Veeam Backup & Replication features.”

If we return to our opening scenario, we see that the cyber resiliency offered by the combined Veeam and Pure backup offerings enabled IT to recover pristine backup data with incredible performance.  IT was able to fully recover the end-user applications and data before the end of the long weekend.

Related Resources

If you would like to see how Veeam and Pure can improve your backup infrastructure, check out these resources:

Exit mobile version