Incredible progress has been made by technology in the last couple of years. The future of technology is overwhelming for some, while it can be exciting for others. In our ‘Technical Facts’ series, we have put together some interesting and surprising facts about tech! In this technical fact, we explain how we provided our client with a new, secure backup environment.
Nowadays you often hear that companies have become victim of crypto-lockers or hacking. Therefore, it is not only important to have a backup solution, but also essential to secure it so that it can't be affected by cyberattacks either. And that is exactly what we did in the case below.
The company whose backup environment we configured, had recently become a customer. He was in need of two things: an IT audit so that he would be able to stabilize and improve his IT environment along with a new backup solution because the current one was no longer performing to standards. Due to the increasing number of impacted companies by ransomware, a hard requirement was that it needed to be set up as securely as possible.
That’s why we started off with an IT audit. This way we could gain an overview of the entire environment. When the audit was completed, we had a clear understanding of the hardware that was outdated and the software that needed an update.
As soon as we had a clear overview of the current IT environment and backup solution requirements, we brainstormed together with our team to come up with the best possible solution. The setup we concluded on consisted of two physical Lenovo servers, running a Windows Server OS that contains Veeam software.
To give you a better insight in the way we set up this solution, we will make a distinction between the physical points and the network points.
We installed two Lenovo servers on two different sites. The reason for this decision? We wanted to make sure that when one of the servers would shut down (regardless of the reason) the other server would take over. And to make the backup even more resilient, we took an additional redundancy measure. We connected the power of each server to two different feeds, of which one is a UPS.
To leave as little to chance as possible, we created 3 new separate VLAN’s. This way we could split all components and only allow access on specific required firewall ports between these VLAN’s and the existing ones.
The Firewall rules needed for the copy jobs were:
We also blocked all internet access from every single Veeam subnet. This to isolate the backup servers as much as possible. Access to the servers is also very limited from the other VLAN’s the customer uses. We renamed the local administrator user of the Veeam servers and setup NIC Teaming with LACP for optimal performance. All used passwords are of course fully randomized.
We also created a separate drive for paging files (in our case a P: drive) and turned it off on the C: drive.
Small tip: creating a separate drive for paging files will increase the overall performance of your system.
It’s important not to forget to change the authorization on this drive. This way, nobody except for the ‘System’ and the ‘Administrator’ users can make changes to the backup files. After this you can install the Veeam application on the server and configure it to your liking.
After we gave all VMs a separate backup job, our customer could once again sleep on both ears. He can be confident that his backups are of high quality and that his valuable data is protected.
Are you looking for a new backup solution yourself? Don't hesitate to contact us! We are happy to discuss the possibilities with you.