WIXLIB

System Source Pizza Webinar - “LockingRansomware Out of Your Backups” – 9/17Dennis KlosterSystem Source Senior Consultantdkloster@syssrc.comChris ConnollySolutions Architect Hewlett Packard Enterprisechris.connolly@hpe.comVan FlowersSystems Engineer, Veeam: VMCE, VMCT, VCPVan.Flowers@veeam.com

AgendaOpening and Introductions – Chris RileyDennis Kloster Why implement ransomware & DR protectionChris Connolly Why Veeam HPE Simplivity Apollo Nimble StoreOnceVan Flowers Veeam HPE Demo Integration with HPE Solutions Ransomware ProtectionQ&A Chris Riley

We Hope You areEnjoying YourPizza!!If you haven’t received your pizza,then contact Mike Jones:mjones@syssrc.com

During the Webinar Audio – In presentation mode until end Control Panel View webinar in full screen mode In Chat – Tell us what you hope to learn today? Feel free to submit written questions Presentation and video available after webinar Evaluation just after webinar finish Please complete Poll, at end of webinar (just threequestions ) – I will alert you when to start!

Dennis Kloster

1) Ransomware emails spiked 6,000% - 2018 vs. 20172) 40% of all spam email had ransomware3) 92% of surveyed IT firms reported attacks on their clients4) 70% of businesses paid the ransom5) 20% of businesses paid more than 40,0006) Most businesses face at least 2 days of downtimeSource: IBM via CNBC

Ransomware Prevention Make sure antivirus is installed and kept up to date on all endpoints Computers and laptops Servers!!!!! (I constantly see servers that don’t have AV installed) Phones? Tablets?

Ransomware PreventionPatching Patch WindowsJava, Flash, Adobe, etc Use a patch management solution to make sure all endpoints are in compliancePatch everything!

Ransomware PreventionAND THE SINGLE MOST IMPORTANT COMPMONENT

Ransomware PreventionEND USER EDUCATION AND AWARENESS!!!!!!

Other Important Components of a Ransomware Readiness PlanBackups Test your backups! Just because the backup software says that your nightly backup wassuccessful doesn’t mean you can restore what you need. Disk to Disk backups: Ransomware can infect anything that is online. If you are usingdisk to disk backups, you must take your backups offline in order to protect them Best practice: 3 backups copies. 2 different formats. At least one copy is offsite

Other Important Components of a Ransomware Readiness PlanVM level replication Much quicker restore capabilities than a backupDR plan can be programmed ahead of timeEasy testing capabilitiesCan be SAN based on software level (Veeam, Zerto, etc)Use your own DR site or a hosted siteMajor potential benefit is it (in theory) is a “clean” site

Federico Venier 2019WHY HPE FOR VEEAM BACKUP SOLUTIONS Complimentary Products Single Vendor Solution Traditional Acquisition GreenLake Reference Architectures and Design Guides HPE has the most complete portfolio for deploying Veeam infrastructure Choose the right solution for your Veeam deployment: HPE StoreOnce, HPE Apollo, HPE MSA, HPE NimbleStorage, StoreEver HPE Veeam Milestones Integration dating back to 2012 (StoreVirtual)Alliance and reselling agreement since January 2017StoreOnce – First inline dedupe backup appliance to support IVMRNimble - First inline dedupe secondary storage array supporting DR workload from Veeam backupCONFIDENTIAL AUTHORIZED HPE PARTNER USE ONLY15

HPE SIMPLIVITYChris ConnollySolutions Architect16CONFIDENTIAL AUTHORIZED HPE PARTNER USE ONLY

HPE SIMPLIVITY AND VEEAM: BETTER TOGETHER USE CASE SUMMARYHPESimpliVityMixedEnvironmentsExtendto CloudLong TermRetentionApp AwareBackupGranularRestoreBuilt-in dataprotectionwithin theSimpliVityfederationNear instantaneousbackup and restorewithin theSimpliVityfederationGuaranteedDataEfficiencySQL ServerconsistentbackupsFile levelrecoveryProtect dataacross mixedenvironmentsArchive data tocloud arobjectrestoreArchive to 3rdparty long termstorage / tapesDifferent Admins: reduced risk of deleting backups along with production due to unintentional/malicious errorsDifferent platforms: prevent a firmware bug from compromising backups and production by saving to a different storagesystemCONFIDENTIAL AUTHORIZED HPE PARTNER USE ONLY17

HPE APOLLO18CONFIDENTIAL AUTHORIZED HPE PARTNER USE ONLY

Federico Venier 2019HPE APOLLO 4200 AND 4510 GEN10The best server platform for compute and high-density storage in a single chassis HPE Apollo 4200 and HPE Apollo 4510 are HPE serversthat combine: Legendary ProLiant compute capabilities High-density storage HPE iLO and all the features you expect from a ProLiantHPE Apollo 45104U Intel based server60 LFF 2 SFF disksserver HPE Apollo server can host all Veeam components Veeam Server and Microsoft SQL Server databases Veeam proxy and backup repository Veeam tape server Data reduction based on: Veeam compression and deduplication New Veeam virtual-synthetic-full based on ReFSblockcloning For additional reduction, install HPE StoreOnce VSAHPE Apollo 42002U Intel based server28 LFF disksCONFIDENTIAL AUTHORIZED HPE PARTNER USE ONLY19

HPE NIMBLE20 YCONFIDENTIAL AUTHORIZED HPE PARTNER USE ONL

WHY HPE NIMBLE STORAGE AND VEEAM AVAILABILITY PLATFORM?Protect data with the industry’s only intelligent, predictive flash-based solutionFlash-accelerated protection Faster backups and instantrestores with the mosthigh-performing hybrid flasharrays Affordable long-termretention with always-ondedupe and compression Multiple workloadconsolidation in addition todata protectionActive backups Backup data put to work fordev/test, DR, analytics Virtual sandbox spin-upswith Veeam DataLabsautomation RTPO 15 min withVeeam-managed HPENimble Storage snapshotreplication and VeeamExplorerHassle-free availability Storage consolidation withsix-nines HA and Triple Parity RAID. Intelligent operations withHPE-Infosight and VeeamOne Unmatched data protectionwith a proven, best-in-class,advanced integration.CONFIDENTIAL AUTHORIZED HPE PARTNER USE ONLY21

HPE STOREONCE22CONFIDENTIAL AUTHORIZED HPE PARTNER USE ONLY

Federico Venier 2019HPE STOREONCE PORTFOLIO5650 One architecture Multiple protocols: Catalyst, NAS, VTL Local and cloud: Always the highest dedupe Physical and virtual5200 / 5250VSAVS A3640Free 1 TB usable(download link)VSAVS AFree1 TBusable1 to 500TB usableFully licensedUp to 1.7 PB local 3.5 PB with Cloud Bank StorageUp to 216 TB / 864 TB local 512 TB / 1728 with Cloud Bank Storage3620Up to 31.5 TB local 63 TB with Cloud Bank StorageUp to 108 TB local 216 TB withCloud Bank Storage4 T B and 8 T B drivesHPE S toreOnce CatalystCatalyst communication protocol Source-side dedupeRansomware invulnerabilityCONFIDENTIAL AUTHORIZED HPE PARTNER USE ONLY23

Federico Venier 2019WHY HPE STOREONCE FOR VEEAM?Specific HPE StoreOnce advantages for Veeam solutions Enterprise-class storage Built-in storage verification for silent corruption and self healing Storage consolidation– Single platform from small to more than 30 PB of logical capacity on a single unit (tested) Storage-based replication—Veeam v10 certification Features Source-side deduplication, huge LAN/WAN bandwidth reduction, remote replication Ransomware protection, hardened system Unified Veeam backup target for virtual, physical, and plug-ins Appliance-based solution Simpler administration– Hardware and software fully tuned, tested, and managed by the same vendor Better support– Unified hardware and software support– No more Microsoft Windows patches and instability Documented and fully tested best practices for all operations, such as upgradeCONFIDENTIAL AUTHORIZED HPE PARTNER USE ONLY24

Federico Venier 2019BENEFIT OF HPE STOREONCE DEDUPLICATION FOR VEEAM REPOSITORIESLegacy disks compared with HPE StoreOnceBenefit: 8X less capacity than legacy disksQuestion: Does HPE StoreOnce further reduce Veeam data?Test job details:Source:Retention:Test duration:1 VM, 114 GB, 3% change rate5 weekly cycles (1 full, 6 incremental)14 weeksLegacy diskcapacityHPES toreOncephysicalcapacityHPES toreOncededupeVeeam — nodedupe—nodedupe—nocompressioncompressionJob 2: Veeam—no998 GB60.5 GBGB60.516.5 XJob 1: Veeam “deduplication optimal compression”486 GBGB48669.8 GB7X2 to 1Answer: HPE StoreOnce requires 486 / 60.5 8X less disk storage than traditional solutionsNotes:Better deduplication is expected in real-world configurations with many VMsHPE StoreOnce deduplication works across all VMs increasing deduplication (operating system data portion is always the same)CONFIDENTIAL AUTHORIZED HPE PARTNER USE ONLY25

VEEAM AND CATALYST DEDUPLICATION OVER WAN Lab test: Bandwidth reduction after 3% data change and 12% incremental backup Up to 80—100 to 1 (98% to 99%) for full backup (after the first one) Up to 15—30 to 1 (93% to 97%) for incremental backup Why is dedupe on full backup so good? A full backup contains a copy of all data even if the actual changes since the previous backup (full orincremental) are limited HPE StoreOnce deduplication engine identifies the changed date and dedupe the large amount of“already seen” data Why is dedupe on incremental backup so good? Veeam incremental backup is based on CBT technology CBT reports to Veeam 1 MB blocks regardless of the amount of changed data inside the block HPE StoreOnce can identify the actual changed data inside the 1 MB block because its deduplicationengine works at a higher granularity (4 KB on average)Benefit: Bandwidth reduction, higher throughputCONFIDENTIAL AUTHORIZED HPE PARTNER USE ONLY26

Federico Venier 2019RANSOMWARE AND DATA PROTECTION: DO YOU FEEL PROTECTED?Plan in advance because there are unexpected challengesIt is not matter of“if” but “when”?How to recoverwhen your files getencrypted?Pay and “pray”Yes, unencrypt may not workFBI linkThe FBI does not support paying a ransomto the adversaryPaying a ransom does not guarantee the victimwill regain access to their dataIn fact, some individuals or organizations are nevergiven decryption keys after paying a ransomMake sure your backupdata is invulnerable toransomware attacksArrange a backup policy withenough retention(snapshot backup)CONFIDENTIAL AUTHORIZED HPE PARTNER USE ONLY27

Federico Venier 2019RANSOMWARE AND DATA PROTECTION (BACKUP)Make sure your backup data is invulnerable There is a technology shift from tape to disks Newer backup solutions write data to disks rather than tapes In respect to ransomware, what is the main difference between disks and tapes? Tapes: They are not accessible as a file system Disks: They use to be on-line and accessible as a file system Note: Several types of ransomware, such as Locky and Crypto, are known to destroy Windowsshadow copies and restore point dataEven the best data protection strategy isworthless if ransomware can corrupt yourbackup data along with your productiondataCONFIDENTIAL AUTHORIZED HPE PARTNER USE ONLY28

Federico Venier 2019IMMUNIZE YOUR BACKUP REPOSITORY AGAINST VIRUSESThe best backup is useless if ransomware can access your backup repositoryBenefit: Your backup repository must be protected against virusesRansomwareProduction virtualinfrastructureTraditionalVeeam is used as oneof thevs Catalyst based Veeam backup repositoriesmost complete examplesOracle.VM.vbkLocal diskSQL.VM.vbkThe problem is the same for allDC.VM.vbkbackup solutionsE:\Backup dirVolume in drive C is VeeamVolume Serial Number is 6AE5-29Directory of E:\Backup2016-07-27 16:04 DIR .2016-07-27 16:04 DIR .2016-07-27 16:05 DIR Job-Oracle2015-11-18 18:19 DIR Job-SQL2015-11-18 18:19 DIR VeeamConfigBackup0 File(s)0 bytes4 Dir(s) 17,381,437,440 bytes freeVM VM VM VMHypervisor StoragesnapshotProxy/gatewayStorage snapshotsare not connectedNAS shareAccess denied to virus;repository visible onlyusing Catalyst APICatalyst APITapes may be offline and are“unsupported” by ransomware\\NAS\backup All restore points are encryptedOracle.VM.vbkSQL.VM.vbkDC.VM.vbk All restore points are vbkAll restore points are healthyCONFIDENTIAL AUTHORIZED HPE PARTNER USE ONLY29