Interested in if and when B2 cloud immutable backups might be available? From what i have read the API supports it but will it be supported by MS360 at some point? I’d like to try for some of our clients
[reply=“jeff kohl;9717”] It’s coming in September. Thanks for asking. We’ll post here when it’s available.
Thanks David. I am testing with B2 now
How about immutable file systems hardware that is local/private cloud based. Anything on that front coming? Also how about immutible backups using Azure storage?
[reply=“jeff kohl;9818”] For both Azure and local / private, there are open feature requests. I will add your requests to the system. For local / private cloud, we do support S3 compatible Minio, but we do not yet support Minio Object Lock / Immutability. But since Minio is S3-Compatible, if the feature is added, it will may end up for S3 Compatible and Minio.
Thanks David. I will continue to test with B2. None of my clients have local/private cloud hardware that supports immutability at this time but Azure is something to be considered. My current struggle is finding the configuration settings for clients that maximize protection from Ransomware while not getting surprises with regard to storage costs. Be glad to hear any ideas you have on that. eg what are the best practices?
[reply=“jeff kohl;9820”] It’s more difficult to protect local data (compared to cloud data) if there’s malware running on the network. If data is exposed as a network share, then there’s sufficient access to some of the backup data that can put it at risk.
If you had a data center at your MSP that was going underutilized, then you could look at using Minio. Minio exposes local disk as an S3 Compatible cloud and is accessed through the S3 APIs (as opposed to CIFS), which means access needs to use those APIs. You can run it on Linux or Windows.
if you lock down the Managed Backup agents (recommended) by unchecking Enable Backup Agent and uncheck Allow Data Deletion in Backup Agent from Settings - Global Agent Options you can help prevent someone or some malware from deleting backups. You could also uncheck Allow Edit of Backup Plans
and Allow Edit of Restore Plans in Options to ensure no changes are made to plans. You can also make these changes at the Company level in the management console.
You can assign a Master Password to the agents (from Remote Deploy or by editing an endpoint directly in Remote Management - Edit - Edit Options), if desired - if you need to keep the agents available or so the password is needed should you temporarily enable an agent.
Saving locally is fine, but we always recommend using the public cloud (or Minio at the MSP) as a secondary target for backups.
Immutability is available with the new backup format and is tied to GFS retention settings. Dial in how many backups of each Period (weekly, monthly, yearly) you need and they will be locked down with Object Lock if that feature was enabled when the bucket was created and enabled for the backup plan. Object Lock prevents deletion of the data before the GFS period expires. The key here is not to keep more backup sets than you need to satisfy your customers. Depending on the customers, you may need to adjust GFS settings accordingly. Obviously, the more backup sets you keep, the more storage is needed, but if your customer needs monthly backups for 12 months and yearly backups for 3 years, then that’s what they need and you can have that conversation up front to ensure there are no surprises on storage costs as time goes by and storage grows.
The strategy we use to protect our local backups.
- Put the backup USB HD on the hyperV host and then share it out to the guest VMs.
- Use a different admin password on the hyperV than is used on the guest VMs ( in case someone gets into the file server guest vm where all of the data resides).
- Do not map drives to the backup drive.
- Use the agent console password protection feature including protecting the CLI).
- Turn off the ability to delete backup data and modify plans from the agent console ( company: custom options). You can always turn it on/ back off as necessary to do modifications.)
- Encrypt the local backups as well somthat if someone walks off with the drive it ismof no use to them.
We also do image/ VHDx backups to the cloud and file backups to not one, but two different public cloud platforms.
[reply=“David Gugick;9706”] Currently we use Rundeck to call your product on the command line to request download from Amazon of the specific full/diff files that we need, so they can be restored in an automated process.
Yes, we’re keeping every full and every differential of every database for 10 years. We have a similar pattern (with 6-12mo retention) with some other application or image-based server backups where in software we have weekly or monthly full backups and then weekly or daily differential backups, going to local storage.
We do not currently have any use cases with MSP360 where we need to restore an entire system to a specific point-in-time, we merely need certain specific files (which are immutable and don’t change) downloaded.
The confusion has been how to set GFS settings so we can do recovery of the specific backup files we need for a given database, application or server without having to restore everything that was ever backed up, or incurring additional Amazon storage costs. I feel like this should be simple but for some reason it’s just not clicking for me.
I haven’t set up real backups with the new backup format yet. I’m not 100% clear that you recommend switching to it now. That is, is the feature fully ironed out. I know it is just off beta, was beta until fairly recently.
[reply=“chalookal;9999”] The team is constantly working to add more features to the new backup format. It’s been out of beta since May 2022. I would recommend you try it out and let us know how it works for you.
As for your dilemma, what you really want (and unfortunately cannot have) is the legacy format sent to Immutable storage.
Why do you need immutable storage?
Is the customer demanding that? Or are you just trying to us Immutability to protect your data?
Can the Immutable feature be added/chosen to Minio storage running on a Windows server from the Management console during bucket creation or afterwards (or from the Windows server after the bucket has been created)?
[reply=“Norm;10081”] It’s not supported for S3-compatible storage destinations yet. For Amazon S3, Wasabi, and Backblaze B2, it’s only possible to enable object lock (immutability) during new storage new bucket creation only and can’t be changed later.
[reply=“David Gugick;9688”] What is the status on the immutable storage (object lock) feature for SQL Server backup using Cloudberry?
[reply=“Alexander Negrash;10084”] Hi, is there any update on Immuteable Support for S3-compatible, like MINIO or CEPH ?
[reply=“Marcellinus;10478”] It’s available for S3-compatible. Support can enable it for your account. Soon we will enable Immutability for Minio by default.
[reply=“Alexander Negrash;10479”] Thanks!
[reply=“Alexander Negrash;10479”] I contacted Support and just got the Feedback, that this feature ist not available. Confusing - though.
[reply=“Marcellinus;10481”] Sorry, confused it with synthetic backup