Link Menu Expand (external link) Document Search Copy Copied

Object repositories

An object storage repository can be used for backups in multiple ways:

In the first two cases, Veeam Backup & Replication v12 will write directly to the Object storage. This can happen in two ways:

  • Direct mode: each source datamover will connect directly to the Object Storage over HTTPS protocol, initiate a session and write its own data to the storage. This mode is particularly useful if datamovers are physically distributed, like when receiving data from multiple locations (ROBO environments) or Agents managed by the Veeam Server. Be sure that all the sources have the necessary networking configuration and permissions to write to the Object Storage.

  • Through gateway server: as part of the Backup Infrastructure configuration, one or more dedicated managed servers will be configured to be gateways in front of the Object Storage. Be sure that you understand which systems can be selected by Automatic Gateway Selection when selecting this option. While automatic selection gives you ease of use, it might select or failover to systems like the backup server itself on which you don’t want the additional load. Manual selection will give you more control over the traffic flow and load. Any Microsoft Windows or Linux server can become the gateway. This choice is optimal if you want to limit the access to the Object Storage in terms of permissions (only the Gateway has to be authorized) and networking (the gateway is the only machine that needs to connect to the storage; this is particularly useful if the Object Storage is in a remote location, or reachable over public Internet). Consider pooling gateways to distribute load and increase availability.

Security

Create a dedicated bucket and user where possible for the object storage repository and limit the user account to have only the required permissions on the object storage bucket.

Additional permissions can be applied to allow the Object Storage to use itw own internal Access Lists, like IAM in AWS S3 or S3-Compatible solutions. For additional information about Secure Direct Mode read the dedicated WhitePaper: Veeam Backup & Replication V12 Enhanced security and scalability with object storage Secure Mode

Immutability

Veeam Backup & Replication supports immutability on object storage. Immutability is supported on AWS, Azure and S3-Compatible storage solutions.

Public cloud providers require that versioning and object lock is enabled on the bucket, before uploading data to it. Please guarantee that proper configuration is applied to the bucket before using it.

Also note that enabling Immutability will have an impact on disk space costs.

Additional considerations

Data in object storage bucket/container must be managed solely by Veeam, including retention and data management. Do not delete manually from an object storage bucket used for a Veeam Object Repository. Veeam will take care of deleting old objects based on your configured retention period in the backup or backup copy job.

Enabling lifecycle rules is not supported, and may result in backup and restore failures.

You can safely delete everything manually only when the Object Storage Repository is decommissioned completely (unconfigured in VBR).


References


Back to top

Copyright © 2023 Solutions Architects, Veeam Software.