Veeam and AWS Storage services for off-site backups

Veeam Backup & Replication allows automated and tiered backups to Amazon S3 services. It is a good strategy for an initial Disaster Recovery strategy and to reduce data storage costs. VBR also enables application mobility between clouds without hypervisor lock-in.

How can this be done?

Veeam VBR Scale-out backup repository (SOBR) is a type of repository that allows horizontal, granular, and tiered data growth across multiple storage tiers.

SOBR has one or more disk storage systems designed as a Performance Tier. And this system can be expanded to include other object storage-type repositories for less costly data storage and archiving.

Thus, all devices and services included within a Scale-out repository behave as a single-tiered system managed by the VBR console.

As already mentioned, the Performance Tier comprises a primary block area that can be presented to the VBR via NAS, SAN, or DAS storage systems. All these resources form a storage pool with their storage capacities added together. To grow the Performance Tier capacity, add more storage systems to it.

The Capacity Tier is S3-compatible object storage that can be an AWS S3 Standard, IT, IA, or One-zone IA service.

It is possible to configure retention policies to keep at Performance Tier only the most recent backups and automatically move to the Capacity Tier the oldest ones.

It is also possible to keep a copy of the most recent Performance Tier backups at the Capacity Tier. In this case, it is possible to ensure that there is at least one off-site copy of the most up-to-date data for Disaster Recovery purposes.

Beginning in version 11 of Veeam Backup & Replication, the Archive Tier is part of SOBR.

Veeam’s idea is to reduce the data storage cost using AWS S3 Glacier and AWS S3 Deep Archive services.

For data that is eventually accessed and kept for years for compliance reasons, it makes perfect sense to move it to a cheaper storage tier.

Therefore, in Veeam SOBR, the backup starts being stored in a block area, migrates to the object store layer, such as S3 Infrequent Access. Then, according to the defined retention policy, it is moved to AWS Glacier or AWS Glacier Deep Archive.

When the data moves from the Performance Tier to the Capacity Tier, we keep the same data block size configured in the initial job of the Performance Tier. Usually, the block size is 1 Mbyte, as defined by the local target configuration in VBR.

Although the AWS S3 Glacier and AW S3 Deep Archive services have a lower storage cost, their data insertion (PUT) operations are more expensive. These costs can be up to 10 times higher compared to the same process in the S3 Standard.

https://aws.amazon.com/s3/pricing/

Suppose backup files move to the AWS S3 Glacier or Deep Archive with the same block size used in the Performance Tier or the Capacity Tier. The cost of PUT operations data can be very high.

To avoid this, Veeam provides a good approach.

At the time of transporting the data, VBR creates a temporary proxy appliance that performs the block size conversion of the data stored in AWS S3.

In other words, 1 MByte blocks are grouped into larger blocks, called Giga blocks. As a result, fewer PUT operations are required on the AWS S3 Glacier or AWS S3 Deep Archive, resulting in even more significant storage savings.

In addition, it is possible to retrieve the backups directly from Capacity Tier or Archive Tier to the production environment.

The data recovery time will depend on the AWS service modality contracted. For example, for AWS S3 Glacier, there are Expedite (from 1 to 5 minutes), Standard (from 3 to 5 hours), and Bulk (5 hours) options. For AWS S3 Deep Archive, recovery times are longer.

You can also define in VBR a period in which recovered backups will be available in the Capacity Tier.

The recovery options are: Instant VM Recovery, a full VM recovery, VM drives restore, VM GuestOS system files restore, or even application items recovery.

VBR SOBR also allows you to restore a VM backup from Capacity Tier or Archive Tier directly to an AWS EC2 instance without hypervisor lock-in.

All moving and retrieval jobs between the AWS S3 and AWS S3 Glacier/Deep Archive tiers are performed directly in the VBR console without any additional universal licensing cost.

I hope you enjoyed this brief description!