New Anomaly Extension: Client Health
In our fully isolated REDLab, the Veritas team detected abnormal activity when testing NetBackup clients with live malware samples. The Client Health anomaly extension checks the health of the digital host certificate deployed on a NetBackup client and triggers a system anomaly when a compromised certificate is detected. Once this condition is detected, the Client Health anomaly extension creates a critical audit event that indicates a break down in communication with the NetBackup client. An alert is also generated which can be relayed into the operating system logs (syslogs or event viewer), or into an external log aggregation platform such as SIEM/XDR or Veritas IT Analytics tools. You can download this new NetBackup Anomaly extension from the Veritas Download Center. For more information, review the NetBackup™ Anomaly Detection Extensions Guide.How to protect Azure Stack Hub and Azure Stack HCI
There are a lot of misunderstandings about Azure Stack solutions and how to protect each one of them. I want to help you better understand each solution within Azure Stack portfolio and how to protect them using Veritas NetBackup. As you already know, Veritas NetBackup is an enterprise-class backup and recovery suite that provides unified data protection for multi-cloud, virtual and physical environments that can be globally managed from a single console, including all Azure Stack solutions. The usual misunderstanding is to think Azure Stack is a solution itself, but Azure Stack is a portfolio of products comprised of three distinct offerings – Azure Stack Edge, Azure Stack Hub, and Azure Stack HCI. Azure Stack solutions help you extend Azure services and capabilities to your environment of choice – from the data center to edge locations and remote offices. The confusion kicks in mostly between Azure Stack Hub and Azure Stack HCI and how to protect them. https://docs.microsoft.com/en-us/azure-stack/operator/compare-azure-azure-stack?view=azs-2108 The most important feature of HCI is that it can run “disconnected” from Azure, in other words, HCI is just like your branch office server. It is a box that contains compute, power, storage, and network connections and holds Hyper-V based virtualized workloads and it has the option to connect to some Azure services. And so, as it is like a Hyper-V server, you can use Veritas NetBackup Hyper-V policy type to protect it along with all the features Veritas NetBackup already provided for Hyper-V: NetBackup for Hyper-V uses snapshot technology to keep virtual machines 100% available to users. NetBackup for Hyper-V creates quiesced Windows snapshots using Volume Shadow Copy Service (VSS) and Windows Management Instrumentation (WMI). NetBackup for Hyper-V performs full backups and file-level incremental backups of the virtual machine. With the WMI backup method, it also performs block-level incremental backups and Accelerator backups. Can restore the full virtual machine from the following: Full backups of the VM. Block-level incremental backups of the VM. Accelerator backups of the VM. Can restore individual files of the virtual machine from the following: Full backups of the VM. File-level incremental backups of the VM. Block-level incremental backups of the VM. Accelerator backups of the VM. Can restore to the original virtual machine, to other locations on the Hyper-V server, or to a different Hyper-V server. For details on how to protect Hyper-V, please check the NetBackup for Hyper-V Administrator’s Guide on the following URL: https://www.veritas.com/content/support/en_US/doc/21357025-151824041-0/v21357050-151824041 On the other hand, Azure Stack Hub is really the on-premise extension of the Azure public cloud. Almost everything you can do in the public cloud, you could also deploy on Hub: from VMs to apps, all managed through the Azure portal or even Powershell, including things like configuring fault and updated domains. In this case, you can still use the same deployment of Veritas NetBackup to protect your in-cloud workloads. The cloud data protection framework leverages the CloudPoint infrastructure to drive faster proliferation of cloud providers, since v8.3, CloudPoint can protect assets in AWS, AWS Outpost, Azure, Azure Stack hub and GCP clouds. Features includes: Automatic discovery of cloud assets: NetBackup retrieves the cloud assets pertaining to the cloud accounts every 2 hours by default. This period is configurable. Protection of intelligent cloud groups based on a set of filters called queries. All the assets satisfying the query conditions will automatically be protected. Protection of Microsoft Azure resources using resource groups. NetBackup Accelerator backups. Application consistent snapshots. You can perform original location and alternate location restores. Incremental snapshots. Backup from snapshot. Restore from snapshot copy, replica copy, backup copy or duplicate copy. Restore VMs to an alternate configuration, to a different region, to a different subscription, and restore VMs or disks to a different resource group. Granular files and folders restore For details on how to protect Cloud Assets, please check the NetBackup Web UI Cloud Administrator’s Guide on the following URL: https://www.veritas.com/content/support/en_US/doc/150074555-150074602-0/v130722342-150074602Deployment of Veritas NetBackup on Azure Kubernetes Service (AKS)
As customers adopt a multi-cloud strategy (public, private, and hybrid), the need to align services with key cloud characteristics, such as deployment, cost management, and scaling, is increasing. Microsoft Azure Kubernetes Service (AKS) is a fully managed container orchestration service used to deploy, scale, and manage Docker containers and container-based applications in a cluster environment. AKS enables the provisioning, scaling, and upgrading of resources per requirement or demand without downtime in the Kubernetes cluster. In addition to the traditional deployment of Veritas NetBackup in the cloud, customers can deploy NetBackup’s infrastructure in a native, extensible format for greater performance and resiliency and to optimize costs when using AKS. NetBackup powered by Cloud Scale Technology delivers automation, artificial intelligence, and an elastic architecture to improve the agility and data security of any cloud, at any scale. Optimized for the cloud, NetBackup simplifies data management and delivers unmatched cyber resiliency, control, and visibility. As a prerequisite to deploying Veritas NetBackup on Azure Kubernetes Services, you will need to: Create Azure Container registry Download Container images to the Azure Container registry Create a user-assigned managed identity The container images can be found here: https://azuremarketplace.microsoft.com/en-us/marketplace/apps/veritas.netbackup You will have to download all six images to the same Azure Container Registry: NetBackup Operator NetBackup Server MSPD Meta Data MSDP Controller MSDP Engine MSDP Operator Figure 1.: Azure Marketplace – Veritas NetBackup powered by Cloud Scale Technology – Container Images Once you downloaded all images, you will use the Veritas NetBackup powered by Cloud Scale Technology – Deployment on AKS, to deploy the images in an integrated manner. Now you can start configuring the parameters for each NetBackup component, you will go through the Basics, Cluster Configuration, Primary Server Details, Media Server Details, and Storage Server Details. The typical deployment, which consists of one primary server, one media server with two replicas and one MSDP (Storage Server) with four replicas will take approximately 45 minutes until the environment is fully up and running. After that, your Veritas NetBackup on Azure Kubernetes Service is ready to start protecting your workloads. For more information about Veritas NetBackup deployment on Azure Kubernetes Service, check the following links: https://www.veritas.com/content/dam/www/en_us/documents/technical-documents/TB_netbackup_deployment_on_azure_k8s_V1568.pdf https://www.veritas.com/content/support/en_US/doc/154778686-154778690-1What's new in NetBackup v10.0 - Microsoft Azure Immutable Storage with Deduplication support
I would like to share with you thatVeritas NetBackup v10.0 allows you to have greater security and compliance using immutable storage for Azure Blob Storage. Immutable storage helps healthcare organizations, financial institutions, and related industries that must comply with regulations such as from Securities and Exchange Commission (SEC), Commodity Futures Trading Commission (CFTC), Financial Industry Regulatory Authority (FINRA), Investment Industry Regulatory Organization of Canada (IIROC), Financial Conduct Authority (FCA), and more, to store data securely. Also, immutable storage can be leveraged in any scenario to protect critical data against modification or deletion as well as enable users to store sensitive information that is critical to litigation or business use in a tamper-proof state until the desired lock duration expires. Veritas NetBackup v10.0 added a feature to support cloud immutable storage with dedupe functionality for Microsoft Azure blob storage with versioning. You can leverage Microsoft’s immutable blob storage to provide you security and compliance for your backup images storing them in a write once, read many (WORM) state. Once data is written, the data becomes non-erasable and non-modifiable, and you can set a retention period so that files can't be deleted until after that period has elapsed. After you create a new Microsoft Azure blob storage volume on Azure using the msdpcldutil utility, you can create the Media Server Deduplication Pool storage server using the NetBackup WebUI to add the volume you just created to a Disk pool, check the “Use object lock” box as shown below to enable immutability on your Azure blob storage. Now you can add a storage unit to the Media Server Deduplication Server Storage Server. You will see that the disk pool is WORM capable. Simply select “Enable Worm” checkbox and it is configured.
