Top 5 Features to Look for in On-Premises Veeam Storage


In this article, we’ll examine some of the main challenges of today’s backup and disaster recovery procedures. Then, we’ll dive into the top five most important features to look for in an on-premises Veeam storage solution for your backups.

Data protection is one of the most critical tasks for IT administrators, and there is no doubt that it is continually growing more complex. Data volumes are rapidly increasing in size, and the threats to that data are growing both in number and severity.

Ensuring that your data backups are involatile and can be rapidly restored is vital to meeting your availability requirements and ensuring that you can recover data quickly in the event of a systems failure or cyberattack.

Many businesses use the Veeam Data Platform to protect critical data backups for their backup and replication data protection needs. Veeam is an enterprise-level backup solution with several advanced features, allowing it to integrate closely with Amazon cloud storage and take advantage of S3 buckets with immutability. While cloud storage offers several benefits, it typically does not provide the backup and restore speeds attainable with on-premises storage appliances.

Today, businesses need a purpose-built, ransomware-proof, on-premises storage solution that integrates seamlessly with Veeam’s object storage support and guarantees the immutability of its backups. Object First offers Ootbi (out-of-the-box immutability), their backup storage appliance, to meet these requirements.

Object First provides a simple, high-performance ransomware-proof primary storage target designed to be the best storage for Veeam. Object First significantly reduces Recovery Time Objectives (RTOs) with the security of object-based immutable storage.

Challenges of backup and disaster recovery with constantly emerging threats  

Although it may not be the first thing you think of when planning a security strategy, backups have become a favorite target for ransomware and hackers. Backup infrastructure inherently has a large attack surface. It requires a significant amount of storage and read/write access to your production data.

Today’s malware and ransomware often target an organization’s backups and storage. Backups are regularly the primary mechanism for recovering from a ransomware attack. But if the backup itself has been compromised, it can’t be used to recover your data to a point before the attack, stressing the need to protect your backup data.

Likewise, the speed to restore your data is more critical than ever before. In the past, recovering data that was several days old and that might take hours of recovery time was not only acceptable but expected. Today, a backup is the primary source of recovering critical data and enterprise applications and services. Businesses have a limited backup window, and fast backups are essential. Downtime and data loss during a recovery scenario must be kept to a minimum to minimize business impact.

According to the Ponemon Institute, the average cost of one minute of downtime is $9,000, making the cost per hour over $500,000. The ability to quickly restore your data with minimal data loss is a huge, high-priority challenge.

Finally, you need to make sure your backup servers and infrastructure are kept up to date. Hardware failures account for 45% of unplanned downtime. Companies should consistently update their backup and storage hardware to ensure increased data security, reduced downtime, and improved productivity. A recommended hardware replacement cycle is every three to five years.

It’s a best practice to dedicate storage just for your backups, and you need to choose the type of storage that works best for your recovery needs. Backups that are required for short RTOs are best kept on high-performance storage. While backups intended mainly for archival do not need expensive, high-performance storage, they should provide immutable storage, disk fault tolerance, fast recovery times, Zero Trust, S3 object-based architecture, and ease of use.

Immutable storage protects backups from ransomware

There’s no doubt that ransomware continues to grow as a threat to businesses of all shapes and sizes. Research by the Enterprise Strategy Group (ESG) showed that 87% of respondents are either somewhat or very concerned a ransomware attack will hit their backup copies.

Protecting your backups with immutable storage is one of the most effective ways to guard against ransomware attacks. Immutable storage has been supported by Amazon’s S3 cloud object storage since 2018, and some enterprise backup solutions, like Veeam’s Data Platform V12, fully support S3 Object Storage as a primary backup target.

Immutable storage in the cloud is great for data archival and long-term data protection. However, local data storage appliances, like Object First’s Ootbi, provide the same level of immutable storage with support for the S3 protocol in a highly performant and scalable local appliance.

Veeam storage Ootbi ObjectFirst architecture
Veeam storage Ootbi Object First architecture (Image Credit: Enterprise Strategy Group, a division of TechTarget, Inc.)

Ootbi fully supports Veeam’s “direct-to-object” functionality using the industry-standard S3 object storage security and immutability from a local storage system. Ootbi utilizes S3 Object Lock technology to enable data immutability, and its storage software runs on a hardened Linux operating system (OS), so the OS has zero access to the root account. This ensures that even if ransomware strikes, your backups are safe and fully secured, and attacks to your production environment are fully separated from your backup repository.

Disk fault tolerance with self-healing

Object First’s Ootbi provides full disk fault tolerance through RAID and its object-based platform components. If a disk in the unit fails, you can easily swap it out with a new disk. The following table summarizes the storage architecture for the Ootbi 16 and Ootbi 64 backup storage appliances.

Table 1 – Ootbi 16 and Ootbi 64 backup storage appliance architecture

StorageOotbi 16Ootbi 64
Primary Array10 x 8 TB SAS HDD (Raid 6)10 x 16 TB SAS HDD
Hot Spare1 x 8 TB SAS HDD1 x 16 TB SAS HDD
Cache1 x 1.6 TB NVMe1 x 1.6 TB NVMe
Dedicated OS disks2 x 240 GB SATA SSD (RAID 1)2 x 240 GB SATA SSD (RAID 1)
Ootbi 16 and Ootbi 64 backup storage appliance architecture

The primary disk array uses RAID 6 disk protection with a hot spare drive that provides high availability and eliminates downtime due to a disk failure. The Ootbi appliance utilizes a hardened Linux OS with RAID 1 disk mirroring for the OS. The backup storage has zero access to the OS, reducing the overall attack surface and possible sources of disruption and downtime.

Ootbi is built using the object-based S3 object storage. Object storage is better than file and block storage at handling high volumes of static, unstructured data, which backup storage typically requires.

Ootbi’s object storage creates a new file version with each modification, offering a level of built-in protection against ransomware. Further, object storage provides highly customizable metadata for each object it stores, enabling greater context for backup policy management. Ootbi’s built-in RAID disk architecture and object-based storage ensure you never lose a backup to time or hardware failure.

Fast recovery times

One of the primary advantages of Object First’s Ootbi backup appliances is its fast backup and recovery times. Being a local appliance, Ootbi can provide faster recovery times than cloud storage.

Ootbi is designed and optimized to provide maximum backup and recovery performance. Two dual-port 10 GB network interface cards (NICs) give a choice of T-base or small form-factor pluggable (SFP+) network connections. And they act to parallelize incoming data streams targeting enterprise-grade NVMe storage that automatically load balances objects to the RAID 6 array on the backend.

Object First offers scalability for up to four nodes, up to 128 TB per node, and a total usable overall capacity of up to 512 TB with 4.0+ GB/s performance. Capacity and performance scale linearly when adding additional nodes.

The object storage system uses a flat namespace architecture where all objects are given detailed metadata and placed in the same storage bucket. It’s designed to move large amounts of data to a single place rather than little bits of data to many different places.

File and block storage systems use a hierarchical architecture that places objects within folders and subfolders. File and block storage systems grow more complex with each additional storage node. As the number of users and files grows, more processing power is needed to locate a particular file.

Object storage only cares about each object’s unique identifiers, which allow it to quickly locate any object by its metadata, no matter how distributed the storage system is.

Ootbi provides multiple tiers of backup and recovery, including a highly performant tier for rapid recovery. Object First’s Ootbi has been certified to run Veeam’s Instant Recovery at scale with up to 80 virtual machines (VMs) on a 4-node cluster.

Secure storage with Zero Trust Data Resilience (ZTDR) and S3 object-based architecture

Zero Trust Architecture is a modern IT security paradigm developed and endorsed by numerous security organizations, including CISA and NIST. Zero Trust replaces the older perimeter security approach, which was not able to secure hybrid cloud, mobile, and remote work environments effectively.

Data protection experts like Veeam have recommended Zero Trust principles for backup and recovery infrastructure with the new Zero Trust Data Resilience (ZTDR) model. Applying the Zero Trust Architecture to backup requires that the backup infrastructure be segmented into multiple security zones, such as Backup Software, Primary Backup Storage, and Secondary Backup Storage. Each of these components has its own reduced attack surface.

Zero trust principles
Zero trust principles (Image Credit: Object First)

Ootbi is designed primarily for midsize enterprises with constrained IT resources. Object First’s Ootbi combines ZTDR principles with S3 object-based security to enhance backup storage by implementing the following:

  • Segmentation through the separation of backup software and backup storage
  • Multiple data security zones for multi-layered security
  • S3-native object storage immutability
  • S3-native security using least-privilege access and Multifactor Authentication (MFA)
  • S3 communication protocol with minimal attack surface for backup storage
  • A hardened object storage appliance with zero access to the OS

Object First’s object storage software is optimized specifically for the backup use case, storing everything in S3 format, allowing customers to easily migrate data to different S3-compatible repositories. It also fully supports the Veeam Smart Object Storage API (SOSAPI) for simplified management.

Veeam storage that is easy and fast to set up and scale

One of the significant advantages of Object First’s Ootbi is that it is effortless to set up and scale. Ootbi is a standard rack-mounted appliance that can be racked, stacked, and powered up in a few minutes. No object storage or security expertise is required to get the Ootbi backup storage appliance up and running.

The Ootbi scales performance and capacity linearly by simply adding additional nodes. Ootbi automatically performs load balancing, self-healing, and scaling on demand. The operating system doesn’t need any configuration.

It takes less than 15 minutes to set up the Ootbi appliance. It requires zero security and Linux expertise, and no additional setup or namespace adjustment is needed. Device configuration requires three IP addresses: two physical IP addresses and one virtual IP address that’s used for the S3 endpoint. You also need to supply a username, password, and MFA information. No changes to the Veeam Namespace or Backup Repository configuration are needed.

Ootbi makes it easier for administrators to implement a 3-2-1 backup strategy using the Ootbi backup appliance as the primary storage and then cloud storage as the archive tier. Compatible cloud storage for the cloud tier includes vendors like AWS, Azure, Wasabi, and Backblaze.

Centerbase uses Ootbi to reduce RTOs by 50%

Let’s take a closer look at how Centerbase has addressed some of their biggest backup and data protection challenges with Object First’s Ootbi and Veeam.

Centerbase is a cloud-based law office management platform that manages cases, clients, contacts, documents, tasks, calendars, and more. To mitigate financial damages from ransomware attacks, Centerbase used cloud-based backups that were protected with immutable storage for their object storage repository.

Using Ootbi Veeam storage to reduce RPO
Using Ootbi Veeam storage to reduce RPO (Image Credit: Object First)

However, Centerbase’s most significant concern was reducing the restore time from their immutable cloud repository, which is why Centerbase chose Ootbi by Object First as their primary backup solution for their Veeam storage.

According to Zach Young, Director of Information Technology, Centerbase, “Ootbi performs close to the theoretical limits of our network speed.” The introduction of an on-premises immutable solution allowed for secure backups and reduced the Recovery Point Objective (RPO) by 50% (from 8 hours to 4 hours).

Ootbi’s out-of-the-box immutability ensured data integrity and protection from ransomware attacks. Its seamless Veeam integration allowed Centerbase to add Ootbi to their existing infrastructure easily.

Young explained, “Ootbi is much faster than our other backup storage. This allows us to back up faster and replicate that data faster. As a result, we can decrease our RPO from 8 hours to 4 hours. This will also help us decrease our RTO.”

High-speed data recovery and hybrid cloud protection capabilities

Modern data protection solutions must have high-speed solid data recovery and hybrid cloud protection capabilities. They must also be quick to deploy, easy to manage, and cost-efficient. The combination of Veeam backup and Object First’s Ootbi, built on S3 immutable object storage technology, enables administrators to implement a 3-2-1 backup strategy with Ootbi as the primary storage and cloud storage as the archive tier. Its high-performance backup process and restore capabilities enable it to reduce RPOs and RTOs.