Exoscale SOS with object lock can be used with software products from Veeam to create an immutable, secure and safe backup environment. This can be used to substitute WORM off-site backup architectures as well as to actively store backups from clients, mobile devices, O365 and workloads running on Exoscale.

Prerequisites

As prerequisites you’ll have to: * access to Exoscale environment * an Exoscale API key (unrestricted or restricted to storage) * aws s3 cli installed * The SOS Quick Start Guide gives you more details for using the aws s3 cli

Available Exoscale zones can be found here and have a mapping like below:

Geneva, Switzerland: ch-gva-2
Zurich, Switzerland: ch-dk-2
Vienna 1, Austria: at-vie-1
Vienna 2, Austria: at-vie-2
Frankfurt, Germany: de-fra-1
Munich, Germany: de-muc-1
Sofia, Bulgaria: bg-sof-1

Create SOS bucket with object lock enabled

Use the aws s3api command to create a bucket with object lock:

aws s3api create-bucket --bucket <BUCKET_NAME>
aws s3api put-object-lock-configuration --bucket <BUCKET_NAME> --object-lock-configuration '{"ObjectLockEnabled": "Enabled","Rule": {"DefaultRetention": {"Mode": "GOVERNANCE","Days": 365}}}'

An example with Zurich as zone and veeam-immutable-backup as bucket name:

aws s3api create-bucket --bucket veeam-immutable-backup
aws s3api put-object-lock-configuration --bucket veeam-immutable-backup --object-lock-configuration '{"ObjectLockEnabled": "Enabled","Rule": {"DefaultRetention": {"Mode": "GOVERNANCE","Days": 365}}}'

Alternatively you can spawn a default virtual compute (just leave all settings as is) and use the cloud-init to let it create your bucket. Once that bucket is created you can delete the virtual compute and the API key used to create the bucket. To do so copy and paste the following script into the “User data” field on the virtual compute creation page:

#cloud-config
packages:
  - unzip

write_files:
  - path: /home/ubuntu/init.sh
    permissions: 0744
    owner: ubuntu
    content: |
      #!/usr/bin/env bash
      set -e
      export AWS_ACCESS_KEY_ID=EXOxxx
      export AWS_SECRET_ACCESS_KEY=xxx
      export AWS_REGION=ch-dk-2
      export AWS_ENDPOINT_URL="http://sos-ch-dk-2.exo.io"

      aws s3api create-bucket --bucket veeam-immutable-backup 
      aws s3api put-object-lock-configuration --bucket veeam-immutable-backup --object-lock-configuration '{"ObjectLockEnabled": "Enabled","Rule": {"DefaultRetention": {"Mode": "GOVERNANCE","Days": 365}}}'

runcmd:
  - curl -s "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "/tmp/awscliv2.zip"
  - unzip -q /tmp/awscliv2.zip -d /tmp && /tmp/aws/install
  - bash /home/ubuntu/init.sh

Check in the UI that the bucket is created and visible. If you used a virtual compute to create the bucket you can now delete the virtual compute and the API key used to create the bucket if it was a dedicated key

Use cases with Exoscale SOS and Veeam

using Exoscale SOS and Veeam for different use cases

Veeam 12 SOS backup repository

creating Veeam 12 backup repository on Exoscale SOS to provide a valid endpoint for different use cases with Veeam

Prerequisites

  • access to Veeam 12 Backup&Replication server
  • Exoscale SOS bucket with object lock enabled
  • API key for bucket to use (can be restricted to storage and the bucket to use)

Configure exoscale SOS repository in Veeam

  • Open the Veeam backup and Replication console
  • Navigate to “Backup Infrastructure”
  • Navigate to “Backup Repositories”
  • Click on “Add Repository”
  • Select the last option “Object storage”
  • Select the first option “S3 Compatible
  • Give the repository a name
  • Enter “Service point”, “Region” and use the API Key to create credentials for this bucket

Veeam service point region and Exoscale

  • click on Browse and select the bucket
  • click on Browse and create a new folder for this process
  • check the “Make recent backups immutable for:” box and configure days backups should be immutable

Immutable Veeam 12 and Exoscale

  • configure as you need and finish the process
  • The repository is visible in “Backup Repositories” and can now be used in Veeam 12

Veeam 12 repository with Exoscale

Using Exoscale SOS repository as immutable Scale-out for existing performance tier

Prerequisites

  • access to Veeam 12 Backup&Replication server
  • Configured backup repository with object lock enabled on Exoscale SOS

Configuration

  • Open the Veeam backup and Replication console
  • Navigate to “Backup Infrastructure”
  • Navigate to “Scale-out Repositories”
  • Click on “Add Scale-out Repository”
  • Give the repository a name
  • Add the Performance Tier the backups are initially written to
  • Choose either “Data locality” or “Performance” mode
  • Check the “Extend scale-out backup repository capacity with object storage”
  • Click on “Choose…” and select the Exoscale SOS based repository
  • Configure when backups should be scaled out from the configured Performance Tier to the Scale-out repository
  • We highly recommend enabling encryption of the backups
  • Finish the process

Using Exoscale SOS repository as Performance Tier to backup workloads running on Exoscale or move clients over the internet

Prerequisites

  • access to Veeam 12 Backup&Replication server running on Exoscale with a minimum of 200GB disk
  • access to potential systems to be backed up
  • Configured backup repository with object lock enabled on Exoscale SOS

Configuration

  • Open the Veeam backup and Replication console
  • Navigate to “Home”
  • Click on “Backup Job”
  • Select the job you want to create
  • Note: For Exoscale this is “Windows computer” or “Linux computer”
  • Configure the backup job as documented from Veeam 12
  • Run the backups