Veeam SureBackup

What is Veeam SureBackup?
"Veeam SureBackup is the Veeam technology that lets you verify VM backups. You can verify any restore point of any backed-up VM. During a SureBackup job, Veeam Backup & Replication performs a “live” verification by scanning the backed-up data for malware, booting the VM from the backup in the isolated environment, running tests for the VM, powering the VM off and creating a REPORT on recovery verification results."

The SureBackup job will utilize a Veeam DataLab to perform many tasks...

  • Ensure recoverability of a backed-up system - "Do our backups actually work?"

  • Perform a test on a system like updates, changes to an application, etc. - "OK, what happens if...?"

  • Staged and secure restore technologies.

Veeam SureBackup is composed of two parts...

  1. The application group (optional) which includes VMs or group of VMs that must be running PRIOR to testing other VMs in the backup job... example: A Domain Controller or a DNS Server, etc... required to start an application/database server.

  2. A DataLab is the way through which VMs are switched-on into a specific network that cannot communicate with the production network. This technology allows you to add a zero to the 3-2-1 rule (from 3-2-1 to 3-2-1-1-0).

To perform recovery verification, you need to create the following objects: An Application Group (maybe), a Virtual Lab, and a SureBackup Job. SureBackup and Virtual labs are built on Veeam vPower NFS Service, which allows you to power on your 'backup files' in a test/sandbox environment.

Veeam Backup & Replication can verify VMs with the following predefined tests...

  1. Heartbeat Test - As soon as the VM is started, Veeam Backup & Replication performs a heartbeat test. It waits for a heartbeat signal from VMware Tools installed inside the VM to determine that the guest OS inside the VM is running. If the signal comes regularly at specific time intervals, the test is passed. The signal is sent by VMware Tools running in the VM.

  2. Ping Test - During the ping test, Veeam Backup & Replication checks if the VM in the virtual lab can respond to the ping requests. If VM responds to ping requests from the Veeam backup server, the test is passed.

  3. Application Test - Veeam Backup & Replication waits for applications to start inside the VM and runs a script that checks application-specific network ports. For example, to verify a SQL server, Veeam Backup & Replication probes its port for a response. If the response is received, the test is passed.

When the recovery verification process is over, Veeam Backup & Replication unpublishes VMs and creates a report on their state. The report is sent to the backup administrator by email.

SureBackup and Ransomware

Detecting a Ransomware threat as early as possible gives IT organizations a compelling advantage that cannot be underestimated. In a Ransomware remediation situation, the SureBackup job can be run to ensure that the system can restore correctly and that applications will function as expected. You also have the option to leave SureBackup jobs running after they complete for a manual check to see if a Ransomware threat exists in the system before restoring .

Veeam secure restore: During secure restore, Veeam Backup & Replication mounts the disks of the machine that you plan to restore . Then, Veeam Backup & Replication triggers an antivirus process to scan files from these mounted disks. If the antivirus detects malware during the scan, Veeam Backup & Replication will either abort the restore process, restore the machine or restore its disks with restrictions that depend on secure restore settings. This is a small step in the restore process, but it can give you some extra confidence to not re-introduce a threat based on newer definitions.

GitHub repository containing scripts that enable VeeamDataLabs

FROM: Anne Neuberger, Deputy Assistant to the President and Deputy National Security Advisor for Cyber and Emerging Technology (Click Here)

  • TO: Corporate Executives and Business Leaders

  • FROM: Anne Neuberger, Deputy Assistant to the President and Deputy National Security Advisor for Cyber and Emerging Technology

  • SUBJECT: What We Urge You To Do To Protect Against The Threat of Ransomware

  • DATE: June 2, 2021

Excerpt...

"Test your incident response plan: There’s nothing that shows the gaps in plans more than testing them. Run through some core questions and use those to build an incident response plan: Are you able to sustain business operations without access to certain systems? For how long? Would you turn off your manufacturing operations if business systems such as billing were offline?"