What role does data protection play in the current digital landscape? With the increasing threat of ransomware and other malicious activities, ensuring the integrity and availability of your backup data is crucial. Veeam Data Platform offers reliable solutions for immutable data backups to Amazon S3 through a secure foundation powered by Veeam Backup & Replication. This blog post explores how Veeam uses S3 immutability and discusses the recent changes in the default block generation period in Veeam Backup & Replication.
Backing Up Data to Amazon S3 With Immutability
Veeam Data Platform allows users to back up their data to Amazon S3 and use the S3 Object Lock feature to make their backups immutable. Immutability ensures that once data is written, it cannot be altered or deleted until the specified immutability period expires. This feature is particularly beneficial in protecting against ransomware attacks, since it prevents malicious actors from tampering with backup data. Adding encryption to your data also helps prevent a bad actors from stealing your data since it’s useless without the proper key.
How Immutability Works
When configuring a backup repository in Veeam Data Platform, users can enable immutability for their S3 buckets. Once enabled, Veeam will use Amazon S3 Object Lock to enforce that immutability period. During this period, your data is protected from any deletion or modification attempts, therefore ensuring its integrity and availability for recovery purposes.
Your immutability period is set based on the retention policy configured in your backup policy settings. For example, if a retention policy specifies a 30-day period, your data will remain immutable for those 30 days. This immutability period can be extended by Veeam’s block generation mechanism, which I will discuss in the next section.
Block Generation in Veeam Data Platform
To optimize backup data management and reduce I/O operations, Veeam Data Platform employs a mechanism called block generation. This mechanism extends the immutability period of data blocks, thereby reducing the frequency of I/O operations and associated costs.
Recent Changes in Block Generation
Prior to version 12.1.2, Veeam Data Platform added 10 days to the immutability period for data blocks stored in object storage repositories. However, recent updates have increased this default block generation period to 30 days for Amazon S3 and IBM Cloud object storage. It remains 10 days for other types of object storage repositories.
We’ve also made similar changes to Veeam Backup for AWS v8, where the only difference is that the default block generation period in Veeam Backup for AWS is 25 days.
This change means that if you set your immutability period to 30 days for an Amazon S3 repository, Veeam will automatically add 30 days (25 in Veeam Backup for AWS), resulting in a total immutability period of 60 days (55 in Veeam Backup for AWS). This extension helps reduce the number of I/O operations required to manage data blocks, thereby optimizing performance and lowering costs.
How Block Generation Works
When the first data block (i.e., a full backup) is created, its immutability period is set to the retention period plus the block generation period. For instance, with a 30-day retention period and a 30-day block generation period, the total immutability period would become 60 days. Subsequent incremental backups within this generation will also share the same immutability expiration date as the full backup, therefore ensuring consistency across the backup chain.
This approach ensures that all data blocks within a generation will remain immutable for at least your specified retention period to enhance the overall security and reliability of the backup data.
In summary, Veeam Data Platform’s integration with Amazon S3 and the use of immutability features provide a robust solution for protecting your backup data against deletion and tampering. The recent change in the default block generation period from 10 to 30 days for Amazon S3 further enhances this protection by reducing I/O operations and associated costs. By leveraging these features, organizations can ensure the integrity and availability of their critical data, even in the face of evolving cyberthreats.
For more detailed information on configuring immutability and block generation in Veeam Data Platform, refer to the official Veeam documentation and user guides.
You can also learn more about how Veeam Data Platform support various organizations in achieving data resilience.
