In Virtual Thoughts episode 2, Rick Vanover () and I sit down to talk about Veeam Endpoint, the latest free product from Veeam. Endpoint provides a method for backing up your Windows endpoints to and from a backup store. That store can be managed by Veeam Backup & Replication v8 as well. This implies that Endpoint can also run on any modern Windows Server (though that is not the initial intent) or desktop running within the cloud without having a direct Veeam presence within the cloud. Veeam Endpoint runs as an application (read this as agent) within the Windows Server or desktop.
Veeam Endpoint is, in effect, a UI on top of a data mover, and this is key. Veeam knows how to move data quite fast and well. It already dedupes, compresses, and encrypts data in motion with its existing data protection software. However, for cloud and endpoint use, there have been many modifications to make, as Veeam traditionally worked under the covers of the hypervisor, not within the virtual machines.
Please watch our video podcast:
There and back again
Our data must go there (perhaps to a cloud) and back again (to where the data once was). It may travel to different clouds on its journey, but eventually it needs to get back to us. Most tools allow you to reverse replication or backup targets, placing your data at the originating site when processing data protection within a hot site cloud or data center. Veeam Endpoint lets you recover your desktop into the cloud, into the virtual environment, or back to hardware.
Focus on recovery
Test your recovery often, and use an automated method. Your goal should be to ensure that a recovery will be successful, no matter where you place the backup (cloud, disk, tape, or elsewhere). With its SureBackup technology, Veeam started the movement to test recoveries within a dedicated test environment. We must improve recovery testing automation for the next generation of data protection. SureBackup, applied to a desktop, requires quite a bit of scripting, and that scripting and customization doesn’t come already set up straight out of the box. Perhaps this is where Veeam and LoginVSI could team up?
Must determine dependencies
All next-generation backup solutions must be able to pick out an application from a set of physical, virtual, and cloud-based systems and use that information to determine what should be backed up and where. Not only do we need to determine dependencies on the front end, but the tools need to start analyzing the recovery or recovery test to determine whether proper dependencies have been met to restore the entire application. In other words, we have the chance to capture the current application state up front by monitoring its communication between components, and we have a chance on recovery to use the same techniques to capture the state of an application during the full boot cycle. By running analytics, we can then determine whether all dependencies exist. There are no products that do both sides of this analysis today. These dependencies should be picked up by other tools as well: perhaps those that output TOSCA graphs or ingest them to produce interconnecting dependencies.Endpoint devices usually have minimal dependencies within themselves, but have plenty to other parts of the data center. Mapping these dependencies needs to be part of any Endpoint backup.
Business continuity, not just disaster recovery at the cost of backup
Ensure recovery can happen within a short window. We want to ensure that business can continue even when power or cooling is out in our data center, or even in the cloud we use. Backup recovery windows are shrinking, and we need improved mechanisms to ensure our data is readily available everywhere it needs to be for a speedy recovery of our business. Veeam Endpoint places this within the user’s hand, but when tied to Veeam Backup & Replication, it gives the administrator the ability to restore to anywhere the user can access.
Business continuity for all workloads, not just mission-critical ones
Businesses may believe that only certain applications are mission-critical, but employees tend to think otherwise. If someone cannot do their job, then they are adversely impacted. The definition of “mission-critical” changes from job to job. We should, by all means, start with mission-critical backups and data protection, but eventually the entire business environment should be considered a candidate for business continuity at an affordable cost. Endpoint devices have never been considered mission-critical, and Veeam Endpoint provides more of this “all workloads” requirement.
Make use of the near-infinite ready spare capacity within an elastic cloud
Using the cloud as your business’s hot site is a growing trend in enterprises and small businesses today. The goal is to provide elasticity for recovery as needed. The cloud has capacity that our data centers may not. A cloud could be private or public, but in either case, it tends to have better capacity. Recovery should ensure that multiple clouds can be targeted as places to recover as quickly as possible. Veeam Backup & Replication can replicate to and restore from many clouds.
No special web interfaces or server to manage
Data protection needs to be managed within the tools people use daily. Data protection is no longer “set and forget” but is an integral part of any deployment. Too often, data protection uses an interface that does not integrate into the tools we use on a day-to-day basis. Until the management is integrated, or enough information is provided as alerts, it is not possible to know the state of your data protection within, say, vCenter or System Center, or your NOC. The goal is to know about problems via alerts, or conversely, that everything is doing well. If I have to dig for it, data protection becomes “set and forget.” For Veeam Endpoint, the management is per device and uses existing Veeam management tools.
Works with my current hardware
There should be no requirement to buy more hardware to make data protection a success. Appliances must work everywhere: in the data center, the cloud, the hot site, and elsewhere. This does not mean you shouldn’t invest in hardware backup appliances. However, when you do, you need to ensure that they meet your next-gen data protection needs. Invest as needed, but do not think hardware is the only solution. Veeam Endpoint only works with the latest versions of Microsoft Windows.
Works with a cloud running a different hypervisor
Hypervisor-agnostic data protection is a modern-day requirement. There should be no need for like-to-like backup or restoration. In reality, the cloud and your choice of hypervisor should not matter. This reinforces the need for cloud-to-cloud backups and replication. Never trust just one cloud. The real issue is that many clouds use different hypervisors, which implies different drivers and virtual disk formats. Hypervisor-agnosticism implies that should not matter. Endpoint is the ultimate in hypervisor-agnostic, as hypervisors are targets for restore (with the need for some fixup).
Does not require the cloud target to “hook” into the cloud at hypervisor levels
Any data-protection tool should speak well-known APIs, like S3, EBS, vSphere SDK, Hyper-V SDK, and more. In addition, if those same tools are replicating to a cloud, they should manage a mirror, copy, and backup of the data either to another cloud or to the originator, if the originator’s and cloud’s copies are not the same. This is part of the “there and back again” data-protection mentality. However, there should be no requirement within the cloud to hook into any aspect of that cloud’s underlying hypervisor in order to work.
Encrypt/sign all traffic and storage
Data confidentiality and integrity are musts. One way to achieve them is to use encryption. Checksums, digital signatures, and other mechanisms are also suggested. Not all data should be encrypted (only that data which by policy requires encryption should be), but all data should be digitally signed to ensure its integrity. Unfortunately, most data-protection tools use only encryption, as it is easier to encrypt everything than it is to govern this via policy. Public data, for example, does not need encryption, but it does need a digital signature to ensure it has not been changed by an unknown third party.
Restore into the cloud or anywhere
This is a restore-anywhere necessity. I do not know where my data will end up, but it must be usable and available anywhere it’s required. Those tools that use clouds as pure repositories are very good at restoring to anywhere; however, the first place to restore would be into the cloud holding the repository. Why? Because it is very bad form to attempt a restore and end up having to transfer terabytes of data in a very short window of time. Instead, restore quickly, but ensure your data can get anywhere needed. This proliferates your data across clouds and data centers, but it has the added value of allowing you to restore to anywhere. This proliferation requires you to have control over your data and knowledge of where your data is. Data protection requires a well-thought-out data policy: “this data can go to this cloud, but that data cannot,” or “this data must be encrypted in location A but not in location B,” and the list goes on. Endpoint tied to Veeam Backup & Replication fillsthis need neatly.
Veeam is moving along this path, and I hope it can complete all the items on the list. Data movement is a key concept in the next generation of data protection: there and back (or somewhere else) again data protection. All Veeam needs to add is the ability to restore anywhere by modifying any and all drivers, a data policy, dependency checking, and a way to use SureBackup to test endpoint backups.
Have a watch and tell us your thoughts on Veeam Endpoint.