Info@NationalCyberSecurity
Info@NationalCyberSecurity
0

Object First Ootbi: Simple Ransomware-Proof Backups For Veeam | #ransomware | #cybercrime


With ransomware attacks on the rise, there’s no easier-to-use solution for Veeam to protect your data than Ootbi by Object First.

The founders of Veeam, renowned for their innovative solutions in data management, have once again made a significant contribution to the field of data security with their new venture. Their company, Object First, introduced its flagship product, Ootbi (Out-of-the-Box-Immutability), in 2023. This is a testament to their commitment to securing backups against ransomware threats. Despite the common skepticism surrounding the notion of “ransomware-proof” technology, especially in the context of backups and storage, the technical prowess and on-premise testing of Ootbi suggest they can make this promise a reality for many organizations.

Veeam Direct-to-Object Storage

Object First’s groundbreaking approach, leveraging Veeam Direct-to-Object Storage, revolutionizes how organizations manage and secure their data backups. This innovative platform transcends traditional backup methodologies by initiating backups directly to Object Storage. This shift not only streamlines the backup process but also embeds a robust layer of security at its core. By adopting this strategy, Object First inherently integrates the principles of the Zero Trust Data Resilience model. This paradigm, introduced by Veeam, insists on segmenting backup software and backup storage, multiple resilience zones, immutability, and continuous verification for every access request, regardless of origin. Data is stored and protected with a security-first mindset from the first backup.

The benefits of leveraging Veeam’s Direct-to-Object Storage extend beyond the simplicity of implementation. The platform offers an unparalleled level of data immutability, essentially rendering the stored files tamper-proof and impervious to ransomware attacks. Such immutability is crucial in today’s cybersecurity landscape, where the sophistication of threats continues to escalate. Furthermore, the system boasts an exceptional degree of availability, with reliability measured at 99.999999999% (11 nines), ensuring that data is not only secure but also consistently accessible when needed.

Another pivotal advantage of this storage solution is its flexibility within VMware hyperscale environments. Traditional storage methods often require costly and complex configurations, such as staging repositories with expensive virtual hard disks. In contrast, Object First simplifies the infrastructure by eliminating the need for these intermediate steps, allowing administrators to target object storage for their primary backups directly. This efficiency reduces overhead costs and minimizes potential security vulnerabilities, adhering to the Zero Trust principle of least privilege by simplifying access paths and reducing the attack surface.

Why Object On-Premises?

The decision to opt for on-premises object storage is a strategic one. Due to its local presence, on-premises object storage offers rapid backup and recovery speeds. This model ensures that data is segmented from the backup server, reducing the risk of cross-contamination from cyber threats and facilitating immediate recovery during an attack. The architecture of Object First, including this segmentation into distinct resilience zones, is designed to intrinsically integrate Zero Trust policies, automating the enforcement of data security practices that typically rely on human intervention.

Object storage has always been a cloud-oriented offering, and many have chosen it for their long-term retention targets because of its easily enabled immutability. Still, when it comes time to recover to on-premises, object storage in the cloud is costly and slow. On-premises object storage can enhance both the speed of backup and recovery due to its locality, and it offers a unique level of segmentation from the backup server without having to send data offsite. Our backup job had a compact window and was completed in a few minutes. The size of the backup job and the amount of change data you have can change this significantly.

Additionally, having an on-premises device lets administrators get the company up and running and secure within minutes. If and when an attack or data loss occurs, and they need to restore their servers, having the appliance with the backups on-site provides that immediate connection to their data for a faster Recovery Point Objective.

Hardware Deep Dive

Object First’s hardware offerings, including Ootbi’s scalable and easily configurable storage solutions, reflect a deep understanding of the needs of modern data centers. The hardware is optimized for security, featuring immutable storage capacities and robust network capabilities to support fast and secure data transfer. This focus on hardware robustness complements the software’s streamlined configuration process, which is designed for safe, secure, and efficient integration with Veeam.

Ootbi by Object First comes in a 64TB or 128TB 2U form factor and can be racked, stacked, and configured in under 15 minutes.

Models Ootbi 64TB Ootbi 128TB
Usable Capacity Per Node 64 TB 128 TB
Maximum Nodes Per Cluster 4 4
Disk Arrangement
Primary Array 10 x 8 TB SAS HDD (RAID 6) 10 x 16 TB SAS HDD (RAID 6)
Hot Spare 1 x 8 TB SAS HDD 1 x 16 TB SAS HDD
Dedicated OS Disks 2 x 240 GB SATA SSD (RAID 1) 2 x 240 GB SATA SSD (RAID 1)
Cache 1 x 1.6 TB NVMe 1 x 1.6 TB NVMe
Specifications
Form Factor 2U Rackmount 2U Rackmount
Dimensions (W x H x D) 19” x 3.5” x 25.5” 19” x 3.5” x 25.5”
Network Interface 2 x 10GBase-T – Onboard
2 x SFP+ 10Gb/port – Card
2 x 10GBase-T – Onboard
2 x SFP+ 10Gb/port – Card
Management Dedicated IPMI 2.0 – RJ45 Dedicated IPMI 2.0 – RJ45
Power
Total Output Power 1000W/1200W 1000W/1200W
Input 100-127Vac / 15-12A / 50-60Hz
200-240Vac / 8.5-7A/ 50-60 Hz
+12V Max: 83A / Min: 0A (100-127Vac)
Max: 100A / Min: 0A (200-240Vac)
Max: 100A / Min: 0A (200-240Vdc)
100-127Vac / 15-12A / 50-60Hz
200-240Vac / 8.5-7A/ 50-60 Hz
+12V Max: 83A / Min: 0A (100-127Vac)
Max: 100A / Min: 0A (200-240Vac)
Max: 100A / Min: 0A (200-240Vdc)

We were supplied with their 64TB model. Our Ootbi is powered by the Intel Xeon Silver 4215R, a middle-of-the-pack workhorse, but that is not what this machine relies on for its strengths. For storage, the platform comes equipped with 10 8TB HDDs, which gives it 64TB of storage capacity, and a 1.6TB NVMe cache drive to help performance. For redundancy, one additional hard drive is kept as a hot spare. The OS is stored separately on a RAID1 volume across two 240GB SATA SSDs.

On the connectivity side, this platform is equipped with both SFP+ and RJ45 10GbE ports for integration into different environments. In our environment, we leverage an RJ45 10GbE connection.

This gives the on-premises device the storage capacity and network speed to contain sufficient immutable data and transfer it via S3 via HTTPS protocol to cloud storage.

Today, Ootbi can scale to four nodes in a cluster, offering up to .5PB in usable immutable storage. Expansion is simple: adding a second node to the cluster by following a short wizard will automatically load-balance the object storage pools. No additional changes or configuration on the Veeam configuration are required.

Support Infrastructure

The infrastructure supporting Object First’s products is rooted in the principles of segmentation and immutability, which are essential for preventing the spread of ransomware. By restricting access and enforcing immutability policies, Object First minimizes the attack surface and ensures that backups remain secure and accessible, providing a resilient defense against data loss and cyber threats.

When primary and secondary backup objects are stored on offsite appliances, they are locked and immutable for at least seven days. This doesn’t mean they are inaccessible; it only means that they cannot be changed or modified. If you need to use the backups to recover your environment, they are ready and waiting for you at a moment’s notice.

Finally, Object First emphatically restricts access to root and the operating system of its appliances. Zero Trust is not a joke to Object First! This prevents unintentional harm caused by an incompetent, compromised, or malicious administrator.

When we went to delete the data, our Veeam policy time-locked it. We had to pause the testing until the time-lock aged out before we could wipe the contents of that container. There is no user reset, override, or method to remove that data besides shipping the box back to Object First to re-provision. This is an excellent security practice, but it may require a shift in expectations from backup admins who are accustomed to other solutions with less rigorous access controls.

Software configuration is straightforward for Veeam because everything is secured and optimized out of the box. Ootbi admins must create an S3 key and S3 bucket, then copy over the S3 key and cluster the S3 IP to Veeam.

They then choose an immutability window (number of days), and the software configuration is complete. Once configured, no additional change/setup is required beyond the occasional software/cluster update. So, adding this backup appliance to your existing Veeam infrastructure is a quick and relatively painless process. Going through the initial setup, the only learning curve element you need to understand is planning where and when to work immutable storage into your retention window.

The update process on Ootbi is painless. The system will notify you when an updated version of the software is available and allow you to poll for an update to confirm.

When you move to update the cluster, the following screen covers updating the Ootbi software component or applying underlying OS security updates.

After you kick off the updates, it takes a few minutes to complete. Once complete, the system prompts you for a cluster reboot. So, it’s not a massive uplift to work through the process, although you would complete this during a maintenance window.

Final Thoughts

While the “ransomware-proof” claim initially made us very skeptical, after diving deeper into Object First and its Out-of-the-Box-Immutability, we are hard-pressed to find a reason not to agree. Additionally, Ootbi supports Veeam’s Zero Trust Data Resilience (ZTDR) principles, including segmentation of backup software and storage, multiple resilience zones, and immutable backup.

When it comes to setup, Ootbi provides a genuine plug-and-play on-premises storage system where the only setup required is power and network. Beyond that, create a few S3 storage buckets, and your data will soon be fully protected! Another thing worth mentioning is that system upgrades are extremely easy to execute, meaning that once Ootbi is online, there’s not much lift to keep the system operational.

With ransomware attacks on the rise across the globe, it will be challenging to find an easier-to-use solution for Veeam to protect your data than Ootbi by Object First.

To learn more about Ootbi by Object First and see a demo, go here.

Engage with StorageReview

Newsletter | YouTube | Podcast iTunes/Spotify | Instagram | Twitter | TikTok | RSS Feed





Source link

.........................

National Cyber Security

FREE
VIEW