Increasing Operational Efficiency With Kasten K10 V6.0

Image
We are excited to announce the release of Kasten K10 version 6.0, the latest and most advanced version of our industry-leading platform that provides enterprise-grade Kubernetes data protection and application mobility. This release helps customers scale their cloud native data protection efficiently. Kubernetes deployments are growing at an unprecedented rate. Gartner predicts that by 2027, more than 90% of global organizations will be running containerized applications in production. However, today’s market conditions are scarred with financial uncertainty and a shortage of cloud native skills. Therefore, you must ensure operational efficiencies are in place to unleash the full potential of your cloud native environments while protecting your data. Additionally, security remains an imperative as organizations focus on keeping their businesses running. With this release, we also continue to innovate in this growing ecosystem, so that you can take advantage of the best-of-breed inn...
Post a Comment

Increasing Security and Minimizing Costs with AWS Gateway Endpoints

As your business embraces Amazon Web Services (AWS), it is imperative to ensure that your data remains secure/protected and you are minimizing costs. One of the ways to increase security and minimize costs in AWS is through a Gateway Endpoint.

Let us first understand what a Gateway Endpoint does. Quite simply, it allows you to connect to an AWS service (ie: Amazon S3, DynamoDB), utilizing the AWS network. This means that:

  • Data/traffic will not have to traverse the public internet
  • No data egress charges will be incurred

The following diagram highlights the flow of traffic if a gateway endpoint is not configured:

NOTE:
Please note that the example is showing Veeam Backup for AWS, but the same type of traffic flow will be generated when not using a service endpoint with:
  • When a Veeam scale-out backup repository is configured in a EC2 instance, and you are offloading to S3
  • A Veeam Backup for Microsoft 365 proxy server(s) are deployed within AWS
  • Performing a direct restore into AWS from S3

The next logical question is, what happens when a Gateway Endpoint is configured?

We can see that the Gateway Endpoint will allow the EC2 instance to connect with S3 bucket and not have the traffic traverse the Internet.

Let’s now step through how to create a gateway endpoint. Once logged into the AWS console, make your way to the VPC dashboard and select “Create Endpoint” when on the “Endpoints” dashboard:

You will now see a listing of possible endpoints that can be created. The easiest way to find/select a S3 gateway endpoint will be to filter on “s3”. Be aware that the region name will be included in the service name. Since I am using the Canada Central region, “ca-central” will be part of the service name:

Now you can select the applicable VPC where the gateway endpoint will be created in:

For whichever route table(s) are selected, AWS will automatically add a route to the gateway endpoint for all S3 traffic.

Now you can select the applicable policy — “Full Access” or Custom.

The gateway endpoint is now created… it is that easy!

Let’s look at the route table entries that have been created to get a better understanding of that is occurring under the covers.

Step 1: We can see the endpoint has been created and that there is an associated route table. Select the “Route Table ID”:

Step 2: Select the “Routes” tab and you will see an AWS managed “prefix list” in the destination column. A “prefix list” is a set of one or more CIDR blocks. You can use prefix lists to make it easier to configure and maintain your route tables.

The purpose of the new route will be to direct S3 bound traffic to an S3 bucket via the gateway endpoint… not via the internet/internet gateway.

Note that the “Prefix List” route table was not present before the gateway endpoint was created.

Step 3: When we click/investigate the added “Prefix list” (pl-*****), the list of CIDR block addresses for the S3 endpoints in the applicable region will be shown.

Believe it or not, it is that simple! From a Veeam configuration point of view, there is nothing required as the routing changes will transparently occur in the background… and Veeam just works!

Now that the Gateway Endpoint has been configured, you can be assured that your Veeam backup data will remain within AWS and there will be no unexpected egress charges.

The post Increasing Security and Minimizing Costs with AWS Gateway Endpoints appeared first on Veeam Software Official Blog.



Original post here: Increasing Security and Minimizing Costs with AWS Gateway Endpoints

Comments

Post a Comment

Popular posts from this blog

How to use a SOBR with Veeam Backup & Replication

Image
For those of us who have been in the business of backing up data for a while, we’re used to making copies of data on different types of media. I won’t date myself by mentioning reel-to-reel tapes, but the journey started with tape and then backing up data to block/file-based disk storage came along. More recently, a new kid on the block has become a popular destination for backed up data, object storage. Veeam started to use object storage as a target when we released Veeam Backup & Replication 9.5 Update 4 in January 2019 by introducing our use of AWS S3 compliant object storage via the Capacity Tier. A year later, we launched Veeam Backup & Replication v10 which featured support for object locking to provide data immutability for object storage. Immutability provides protection from ransomware attacks by locking the objects which prevents them from being modified or deleted by malicious software or humans. Today, Veeam Backup & Replication is protecting hundreds of petab...
Read more

Use Snapshots to backup SMB File Shares on your NetApp ONTAP system

Image
update notice: The information in this blog post has been updated on April 1st, 2022. Since Veeam Backup & Replication version 10, it’s possible to back up NAS shares with the SMB (CIFS) and NFS protocol. One of the challenges with backing up large file shares is doing so in a consistent state. This blog post shows how to create a consistent backup of an SMB share hosted on a NetApp ONTAP based storage. NetApp storage snapshot, Microsoft VSS snapshot or Storage Integration? Veeam offers three ways to back up a NetApp ONTAP SMB share in a consistent state. With NetApp storage integration From a NetApp storage snapshot (without integration) With Microsoft remote VSS snapshot Using the storage integration is the easiest way to get the latest state with very few configuration steps. Using an alternative snapshot path allows complex scenarios like backing up from a SnapMirror/SnapVault location but it involves scripting or a schedule on NetApp to create and delete t...
Read more

How To Migrate a Veeam Backup & Replication Configuration Database to PostgreSQL

Image
Before Veeam Backup & Replication v11, the product used SQL Server to create and store its configuration database. It has always been possible to use SQL Server Express to store a Veeam Backup & Replication, however, this version of SQL Server had some critical limitations. In the 2022 version of SQL Server Express, the most relevant limitations were: Use of one socket or four cores Use of only 1.4GB per instance 10GB limit for databases In an environment of 500 machines or fewer, these limitations may not have an impact, but if you have a large backup environment, you had to migrate to one of the paid SQL Server versions to avoid these limitations. You can check the limits for each version of SQL Server 2022 by clicking this link . For V12 and with scalability, performance and licensing cost in mind, Veeam introduced the possibility of using PostgreSQL as a configuration database. PostgreSQL is a relational database management system that’s been used for over 35 years...
Read more