April 2024 - The Art of Data Protection

Veeam – Wasabi Object Storage

Posted on April 28, 2024April 28, 2024 by BAdmin

When we talk about backup repositories in Veeam, we have to mention object storage, a technology that has been growing in popularity in recent years.

From version 12 of Veeam B&R, in fact, it is possible to directly write a backup to this type of repository.

Since version 12.1, it has also been possible to back up data stored on an object storage.

Unlike file system type storage architectures, which manage data hierarchically within directories, object storage architecture is flat, and is designed to store unstructured data, such as backups.

Specifically, the data is divided into blocks with associated metadata and unique identifiers, which are used by the system when accessing it.

The main advantages include that it can hold large amounts of data at no excessive cost, is easily scalable, and is compatible with HTTP/HTTPS and REST API protocols.

Wasabi is one of the cloud-based object storage vendors, so we can compare it to the better-known S3 from AWS or Azure Blob Storage from Microsoft.

Unlike the large vendors mentioned above, the price/TB is much lower, and there are no costs for ingress/egress traffic or API calls.

Wasabi is listed in the Veeam Ready compatibility directory as an object storage backup target (S3 compatible), and with native support for immutability (object lock) functionality.

The first thing to do to use Wasabi for our Veeam backups is to create a storage account by registering for the free 30-day trial; after that, it is possible to continue using the account in Pay As You Go or Reserved Capacity Storage mode.

Once registered and logged into the dashboard, generate a new access key/secret key pair, and create the bucket that will store our Veeam backups:

Now we can go to our Veeam B&R console, and from the main menu click on “Add Repository,” then select “Object Storage” and “Wasabi Cloud Storage”:

Once the wizard starts, enter the name we want to give on Veeam to our Wasabi repository:

Next, enter the details of the storage account and region on which we created our bucket:

At this point, enter the details of the bucket and folder to be used for our backups:

NB: for this tutorial in a lab environment the immutability flag was not enabled, but for production environments it is always recommended to use it

Finally, specify the mount server and complete the wizard:

Here is our Wasabi repository to use for our backup jobs:

Enjoy! 💚

Veeam ONE 12.1 – Threat Center

Posted on April 12, 2024April 12, 2024 by BAdmin

Veeam ONE is Veeam software’s solution for monitoring virtual environments, such as vSphere, Vmware Cloud Director, Hyper-V, and data protection environments, such as Veeam Backup and Replication and Veeam Backup for Office 365.

As mentioned in a previous post, the latest VONE 12.1 release introduced the Veeam Threat Center dashboard: this tool allows us to view the overall security status of our VBRs, verifying compliance with the various best practices indicated by Veeam.

Specifically, the widgets we find are:

Data Platform Scorecard: shows an overall score of the health of our VBRs, defined by the parameters Platform Security Compliance, Data Recovery Health, Data Protection Status and Backup Immutability Status
Malware Detections: shows any malware or suspicious infections on our restore points
RPO Anomalies: shows objects that are out of range from the defined RPO
SLA Compliance Overview: highlights the percentage of achievement of our SLAs based on a period and success rate defined in the widget configuration

In order to take advantage of the potential of this dashboard, we must first add our VBR, making sure to also check the “Provide access to embedded dashboards” checkbox

Before configuration, within the VBR console the integration will not be active:

After configuration, the dashboard will be populated with the Veeam Threat Center view of Veeam ONE and other useful widgets.

Tip: when adding a VBR, pay attention to the compatibility of the licenses of the two products

https://helpcenter.veeam.com/docs/one/deployment/license_types.html?ver=120#compatibility-with-veeam-backup—replication-licenses

Enjoy! 💚

Linux xz library vulnerability

Posted on April 2, 2024April 2, 2024 by BAdmin

Last Friday, a major vulnerability was reported on the xz library, used by some Linux distributions as a data compression program.

Specifically, the source code on Github was infected with malicious code properly obfuscated, allowing attackers to create a backdoor for ssh access to infected systems.

The CVE is currently listed by NIST with criticality 10.0, which is highest:

https://nvd.nist.gov/vuln/detail/CVE-2024-3094

The vulnerability, discovered almost accidentally by a Microsoft developer, is present in versions 5.6.0 – 5.6.1

Therefore, it is recommended to downgrade the xz library version on systems with this release, or to uninstall it if not in use.

Below is also the official note from Red Hat:

https://access.redhat.com/security/cve/CVE-2024-3094