Welcome to the first episode of “You Asked, We Answered” a new series from CyberFortress where we’ll be discussing Veeam and disaster recovery questions that you’ve sent to us. In this episode, we’ll be discussing some commonly forgotten best practices to use with Veeam.
The first best practice is to put your components in their own separate domain or workgroup and on a separate network or VLAN. This is crucial for environments because if your production environment is ever penetrated, you want to make sure that your VM stays online. Even if you have an offsite backup, you ideally want to have your on-premises components still up and communicating and accessible because it would be better to recover on-premises before you have to recover from your off-site backups.
Another important step is to put the Veeam components on their own hardware. This means a separate virtualization cluster or even bare metal VM components. This will help protect against malware that could come in and encrypt not just the VM level, but also at the hypervisor level. By putting Veeam components on their own hardware, you reduce the risk of your VMs being corrupted on the datastore, or even your backups being stored on data stores, and your backups being corrupted and encrypted.
When it comes to ensuring your data is properly encrypted, there are a few steps you can take. Firstly, all public internet traffic, by default, is encrypted in transit. You can also configure some network settings within your Veeam console to encrypt traffic locally. Additionally, all data can be encrypted with AES 256 bit encryption at rest on your repositories. You want to make sure that encryption password is set on a backup configuration job so that if you ever do have to restore or migrate your Veeam server, all passwords and connections and configuration settings are migrated over.
Finally, to ensure your data is properly protected, it’s best to contact Veeam cloud and service providers, and Veeam-accredited service partners such as CyberFortress, who can make sure you’re following best practices, leveraging the latest new features, and following the Veeam 3-2-1-1-0 Rule properly.
In the next episode, we’ll be discussing the Veeam 3-2-1-1-0 Rule in more detail. Stay tuned!