VMCA2022 Exam Dumps - Veeam Certification Questions and Answers

Immutable repositories are backup storage locations that prevent unauthorized modifications or deletions of backup data, ensuring its integrity and recoverability. Immutable repositories are essential for protecting backups against ransomware attacks, accidental deletions, or malicious insiders1.

Veeam Backup & Replication supports several types of immutable repositories, such as hardened repositories, immutable object storage repositories, and immutable deduplicating storage appliances2. Among these options, the best configuration for ensuring SLA compliance and providing protection against ransomware is to leverage hardened repositories at both primary and secondary sites, and offload to object storage in a public cloud with immutability enabled.

Hardened repositories are Linux-based repositories that use XFS file system with immutability flag to protect backup files from changes or removals. Hardened repositories can be used as primary or secondary backup targets, and can be combined with Veeam Scale-out Backup Repository to simplify backup management and optimize storage utilization3.

Object storage repositories are cloud-based repositories that use object storage services, such as Amazon S3, Microsoft Azure Blob Storage, or Google Cloud Storage, to store backup data. Object storage repositories can be used as secondary backup targets, and can leverage the immutability feature of the cloud provider to prevent backup data from being overwritten or deleted.

By using hardened repositories at both primary and secondary sites, you can achieve high availability and redundancy for your backup data, as well as fast and reliable restores. By offloading to object storage in a public cloud with immutability enabled, you can achieve long-term retention and compliance, aswell as cost savings and scalability. This configuration also follows the 3-2-1-1 backup rule, which recommends having three copies of data, on two different types of media, with one copy off-site and one copy immutable.

You can find more information about immutable repositories and how to configure them in the following resources:

• Immutable Backup Solutions: Linux Hardened Repository
• Unstructured Data Backups in Immutable Repositories
• Hardened Repository
• [Immutability for Object Storage Repositories]
• [3-2-1-1 Backup Rule]

The additional condition of the offsite backup that is presumed by the immutability requirement is that a copy of backup data must reside in a public cloud local to each region. Immutability means that the backup data cannot be modified, deleted, or overwritten by anyone, including the backup administrator, the cloud provider, or malicious actors1. Veeam Backup & Replication v11 supports immutability for backups stored in Amazon S3 and Microsoft Azure Blob Storage, using the Object Lock feature2. Therefore, the offsite backup must use one of these cloud providers, and must be located in the same region as the source data, to comply with the data locality and privacy laws. The other options are not related to the immutability requirement, as they are either already stated in the business requirements (option A), technical requirements (option B), or not relevant for the Veeam solution (option C). References: Immutability, Object StorageImmutability.

The configuration that would verify the SLA compliance during audits and protection against exposure to personally identifiable information in the event of exposure is to create a virtual lab environment and periodically perform staged restores with custom scripts. A virtual lab is an isolated environment where you can run your backups or replicas without affecting the production environment. A staged restore is a process that allows you to run custom scripts on the restored data before publishing it to the production environment. By using these features, you can demonstrate that your backups are recoverable and compliant with legal regulations, as well as remove or mask any sensitive data before restoring it.

The best option for the primary backup repository design that fits the requirements in the case study is a Linux Repository using XFS integration, single-use credentials, and immutability. A Linux Repository is a type of backup repository that uses a Linux server as a backup target. A LinuxRepository can leverage XFS integration to enable fast creation and transformation of synthetic full backups by using XFS file system features such as reflink and copy-on-write. A Linux Repository can also use single-use credentials to enhance security by generating unique credentials for each backup job session. A Linux Repository can also provide immutability and ransomware protection for backup files by using Linux access control mechanisms such as immutable flag or chattr command.

The gold tier backup jobs have the most stringent recovery point objective (RPO) of one hour for image backup and 15 minutes for transaction log backup. This means that they need to run more frequently than the other backup jobs and create more restore points per day. Therefore, to properly plan the backup copy job settings, you will need more information on the gold tier backup jobs, such as the number of VMs, the size of backups, the change rate, the retention policy, and the bandwidth available for copying backups to the offsite location.

References: [Backup Copy], [Backup Methods], [Continuous Data Protection]

The number of vSphere clusters and the total of virtual machines are important information related to the virtual infrastructure that are missing and must be collected during the discovery phase. These information can help you estimate the backup performance, scalability, and resource requirements for the Veeam backup infrastructure. For example, you can use the number of vSphere clusters to determine how many Veeam backup servers and proxies you need to deploy and how to distribute the backup load among them. You can also use the total of virtual machines to calculate the total amount of data to be backed up, the storage space required, and the network bandwidth needed.

References: [Veeam Backup & Replication Best Practices], [Veeam Backup Infrastructure Sizing Calculator]

The areas that would benefit from additional analysis on areas mentioned in the case study are MSSQL, NAS, and PostgreSQL. These areas have specific backup and restore requirements that need to be considered and addressed in the design and sizing of the Veeam backup infrastructure. For example, MSSQL requires transaction log backup and application-aware processing to ensure consistent backups and point-in-time recovery. NAS requires file-level backup and storage integration to optimize backup performance and storage efficiency. PostgreSQL requires pre-freeze and post-thaw scripts to quiesce the database before backup and resume it after backup.

References: [MSSQL Server Backup], [NAS Backup], [PostgreSQL Backup]

A possible issue that could arise if you put the backup repositories in the backup network only is that laptop agents cannot communicate with the repository. This is because laptop agents are not part of the backup network, which is non-routable according to the existing technical environment.Therefore, laptop agents cannot access or write data to the backup repositories in the backup network unless there is a proxy or gateway server that can bridge the communication between them.

References: [Veeam Agents Management Guide], [Veeam Backup Infrastructure Sizing Calculator]