The 3-2-1-1-0 rule
The availability of the IT system and the integrity of the data is an important point not to be neglected. The tape drive is therefore an essential part of the backup system.The 3-2-1-1-0 rule is a good practice that should be followed. This involves
- 3 : Keep three copies of the data. One copy concerns the “primary” data, the other two are two backups. This prevents data loss in the event of a location malfunction or data deletion. It is very rare for all three locations to malfunction at the same time.
- 2 : Store the backup on two different support. It’s recommended to store one copy of the backup on the OnPrem Server and the other copy on the cloud or on the tape. If all copy are stored on the same location, the risk of lose the backup chain (deletion, ransomware, etc.) is very high.
- 1 : Keep a copy outside. A backup copy must be stored in a different location from the data. In the event of a natural disaster (flood, fire, etc.), the backup is safe and can be restored. The copy must be stored on another company site, a private cloud or a public cloud
- 1 : Get an offline copy.This section complements the previous one. The copy outside must be an offline copy, she must separate of the network and IT infrastructure. If the backup infrastructure is compromised, the hacker can be deleted or crypted all backup copies.
- 0 : Verify the backup.It’s important to check the results of your backups and correct any potential problems as soon as possible. This is to ensure an error-free backup. Nevertheless, every company should test its backups at least once a year. Unfortunately, this point is still sometimes overlooked. This enables restoration procedures to be validated, but also ensures that data can be restored.
Configure Tape drive
For my lab I use a virtual tape drive, the next section permit to implement a virtual tape drive (you can skip it if you use physically tape drive). A virtual machine running debian is used, the installation of the virtual machine is not documented.
Install and configure Virtual Drive Tape
Before starting the installation, the repositories must be updated. Run the command below. This must command must be running in root mode (su or sudo command).
Quadstor software emulates a tape drive. It requires the installation of a few prerequisites. Run the following command on the Linux server
apt install uuid-runtime build-essential sg3-utils apache2 psmisc linux-headers-`uname -r`
Restaurt Apache sevice with the following command
systemctl restart apache2
In order to run Quadstor, you need to install an older version of libssl. Download the installation file with the command
wget -c http://security.debian.org/debian-security/pool/updates/main/o/openssl/libssl1.1_1.1.1n-0+deb10u4_amd64.deb
Install libssl package on the linux server with the following command
apt install ./libssl1.1_1.1.1n-0+deb10u4_amd64.deb
The Quadstor package is now available for download. Check the package version at https://www.quadstor.com/vtl-extended-edition-downloads.html. Run the following command
wget -c https://www.quadstor.com/vtldownloads/quadstor-vtl-ext-3.0.75-debian-x86_64.deb
Install the package with the following command
apt install ./quadstor-vtl-ext-3.0.75-debian-x86_64.deb
After installing the package, configure the service to start automatically. The server can then be started. To perform both operations, run the following commands
systemctl enable --now quadstorvtl.service
I use a second disk on my VM to hold the various backup chain. If the second disk was formatted after Quadstor installation, run the following commands to detect the second disk and restart the server.
Once the server has been started, access the URL http://NomServeurLinux from a browser. A type A record has been added to the DNS, so you can obviously use the server’s IP.
Click on Physical Storage, the Linux server’s second physical disk is present. Click on Add.
Only one Storage Pool is present. Leave the default choice and click Submit.
The disk has been added.
Click on Virtual libraries and then on Add VTL to add a new library.
Enter the desired name and leave the other values as default. It’s possible to select a different tape drive (HP, IBM, etc.). In this case, please ensure compatibility with your operating system.
Backup cartridges (backup tapes) can now be added. These are, of course, virtual. Click on Add VCartridge.
Enter the prefix desired for the vCartridge
QuadStor is now correcly configured.
Add tape drive to Veeam
From the Veeam console, click on Tape Infrastructure then click on Add Tape Server
The tape server can now be installed on Linux Server. From the wizard, click on Add New for add new server (the server selected by default is the Backup Server). If the Tape server must be installed on the same server, click on Next.
Click on Linux. Select Windows if you want install the Tape Server on other windows server.
Enter the DNS name or IP address of the Linux server.
If the credetials has previously added, select it. If not click on Add. This credential is used to connect to the server using ssh. In the drop-down list, select Linux account.
Enter the username and the password then check Elevate account privileges automatically then check Use “su” if “sudo” fails. Click on OK then on Next.
The previously installed components it’s detected. If the componants is not installed, it’s will be installed. Click on Apply.
If all components has been installed, click on Next then on Finish.
The server has been added, click on Next then on Apply. The server has been added.
Configure Backup Job
From the Veeam console, click on Tape Job. Select Backups in the scroll-down list.
Enter the name of the job and click on Next.
Click on Add and select the desired job.
If you don’t have any Media Pool, click on Add otherwise select it.
Enter the name of the new Media Pool and click on Next.
Click on Add to add new tape.
Configure the retention then click on Next.
You can configure encryption if you want. After that, the media pool is correctly configured.
Leave the configuration by default if you want archive incremental backups to tape.
Configure the schedule windows and click on Apply.
Manage Tape Infrastructure
Veeam Backup & Replication can manage the tape drive from the Veeam console.
This option permit to inventory the tape library. This process can be used when the new tape is load in the tape device. The tape are presented to Veeam Backup & Replication as Unrecognized. When the inventory process is runnning this unrecognized tape is identify. From the Veeam console, open Tape Infrastructure and expand Libraries.Select the drive and click on Inventory Library in the ribbon.
Inventory is in progress
Catalog library permit to catalog all data stored in the tape. This process can be used if the data is not registered in the Veeam database (exemple : A tape is written by another Veeam Backup & Replication). During the catalog job, the tape is inventoried, the information about backup contents on tape are read from tape catalog information. The content of the tape is scanned and the veeam database is updated.
From the Veeam console, open Tape Infrastructure and expand Libraries.Select the drive and click on Catalog Library in the ribbon.
Catalog is in progress…
The job permit to rescan tape library to update it’s network status. From the Veeam console, open Tape Infrastructure and expand Libraries.Select the drive and click on rescan Library in the ribbon.
The job is running
The same action can be performed on the tape.
- Inventory : This process permit to inventory only the tape selected
- Catalog : This process permit to catalog only the tape selected
- Move to : Move the tape to another media pool
- Erase : Erase the selected tape