Transcript
All right, so good evening everybody, good morning, thanks for joining today for the VUG India virtual event. So today I have with me Jigar, who is a system engineer from the VEEN and myself, Mohammed. I'm the VUG India leader, most of you already know that. This is the agenda we are going to talk about today. So we will cover a little bit about VUG community and we'll talk about the new features in VEEN version 13. Jigar will cover about secure deployment tips and then top security features in VEEN version 12 and 13 as well. All right, so we'll cover quickly about what is the VEEN community and resource hub here. So basically, VEEN has an amazing community, whereas it's a central platform where all the VEEN lovers, including those backup administrators and VEEN partners and customers all come together and share and collaborate in a single platform and then share all things about VEEN. It's where you'll find real-world tips and tutorials and then use case best practice, which is contributed by the VEEN experts across the globe. And we do also have discussion forums where you can ask questions and people in the community would love to help and then answer your queries. So we do have user-based, regional-based groups, which is VEEN user groups. So we have, country-wise, we have a group, which we won't have in India, which is VU India, which we focus about regional updates and then we have a post all this activity, which we do on this India region. And then you can get a real-time update about all those meetups and then the events which is happening in India. And one of the cool things about the VEEN community, it's a recognition program. If you're a super active in a community and help others, helping in the user forums, where it can be recognized as a legend. And if you're really top in the tech and then you can constantly contribute into this community in blogs, taking the platform, you can be recognized as a VEEN Vanguard. So it's a network of VEEN 100 platform. It's not only a badge, but also you will get exclusive access to this early insight programs and then exclusive sessions. It's a global network of VEEN experts who love the data platform and use data platform on day-to-day basis, love VEEN technology. So this is VEEN India, where there's already covered, which is we have exclusive group for India community and we have active virtual events once in a quarter. And then we have in-person events once a year, a couple of times a year, where we have exclusive access to connect with all this fellow VEEN colleagues and VEEN users in the community. And you also have access to all this VEEN ACs in this community, you can interact with like we have a GIGARM today. And then you can share your experience in the events too. So you have access to platform, you're going to be able to contribute and get insight from other VEEN users here. All right. So VEEN Motion 13 overview. So today we are going to talk about all these new features in VEEN 13. VEEN has recently released VEEN 13 version, which is one of the most excited version, which I've been using since like VEEN version 5. And then this is a very incredible update and one of the very major release from VEEN, I would say. The reason is this is a completely a software appliance. So this comes with a Rocky Linux, which is a just enough OS, which means it comes with backup appliance and components all packaged together as a simple appliance, which we can use as any role that you want to enable it. Or you can use a single role, or you can use enable as an all-in-one appliance. So this comes with the Rocky Linux. It's a completely Linux-based platform, which is completely eliminating the dependency of the Windows. And this is a purely software-defined model where you can deploy. This is a ISO or appliance model in a VMA or you can deploy this ISO in a bare metal hardware. This is a purely hardware agnostic model. You can deploy in any platform, the hardware model that you have. And you can also just deploy this as an appliance model in a Hyper-V or in a VMA platform. And this is all VEEN, so this is now completely VEEN Linux platform. This supports all the role components moved into Linux, so you don't need any Windows dependency here. You can use a proxy, you can use a repository, you can use a VBR, it's all ADB Linux model. And this is a completely Rocky Linux 9.2.0 version and high availability. This is a unique feature. This comes into version 13 about high availability. There's been a frequently asked feature about that, the reason that if the VEEN server crashed for some reason, you have to have rebuilt VEEN servers in a new Windows machine or in a virtual machine and then you have to import all the configuration. It works very well, but if you have a large infrastructure, if you have a huge database, it's going to take a considerable time. With the new version, it's actually pre-configured, it's in-built, so you could save a lot of time with already enabled HA. So this is exclusive support in a V13 software appliance model. This works active passively, where the passive VEEN appliance will take over the moment the primary appliance is corrupted or gone offline. So all the data is already synced, the backend layer will be synced already with this post-gross SQL. And the moment the primary goes down, all this configuration available from the secondary appliance, you can instantly fail over to secondary, you can continue your backup operation there, and then you can initiate the DR, fail backup, it's all going to be seamless. And it comes with a zero trust model. So back then, like we are a service provider and we use a third party application to have a thing using third party, so except VEEN, none of the process can be done on this backup server. But with the V13 appliance, it comes with a pre-configured, so except VEEN, there is no other process can run on this one and there is no other voice level privilege can be available for anybody on the backup administrator or any of the VEEN administrator here. So it's completely locked down model. So except the VEEN operation, you cannot do anything else, you cannot make any major voice changes on this one. So with this, it came with a new role, security officer. So basically, this is a four-way authorization model where if you want to make any changes in your repository, if you want to make any changes in the configuration of your VEEN setup, so it has to go authorized by the security officer. So a backup administrator will initiate the changes that it has to be authorized by a new user. So in order to make those accomplishments, I know this is a very important function because we have seen so much in a scenario. This is it's a life saver for so many companies, reason that you cannot make any changes without authorization from somebody who controls this infrastructure. And without that, being able to simply make any changes and then people are not aware, once the impact happens. With this, so you have full visibility on your infrastructure, you know what is happening, what are the changes you are doing, so basically following the change management. And it comes with by default, it is a disabled part of zero lockdown model. So, you know, being a security administrator, being a security best practice, there are certain controls have to be followed. So with this new V13 appliance model comes with a predefined configuration where it says it's disabled. So stronger encryption password is enforced. So basically, we say it's a stick policy. So we've been using stick policy in our organization probably more than three, four years. But, you know, this is a very important function, part of our security future. This has to be enforced. So now V13 appliance stick policy enforced within this appliance. So where you don't need to worry about security because stick policy, high level of encryption, high level of security hardening are done, which is inbuilt with this V13. So it's basically security layer is fulfilled with this configuration. And the role-based access control, enhanced role-based access control, so we already have a role-based access control for quite some time, but with this enhanced model, you can be able to improve that, you know, fine-grained more into that. So you have flexibility of giving permission by component wise. So you can be able to give a fine-grained access permission to very specific, you know, user roles to specific components and specific workload, even to specific repository. So let's say, you know, the administrator from one location, they are, you know, only allowed to access the particular resource from a particular site. So you can still have to have this fine-grained controls. And you can narrow down into this geolocations. So you have flexibility of controlling what data have to be restored in what location. So unless it is approved, you are not allowed to restore data from one geolocation to another geolocation, which is basically restricted by this role-based access control. So you can have a much more flexible control with this enhanced role-based access control here. And it's a completely new, modern web user interface. So it's an HTML5 web interface. Most of you know that it's the same as the VMware strategy, slowly eliminating the Windows dependency here. But still, it is hard that the Windows version is still available. You've been able to still manage the Veeam 13 using this thick line of management console. However, Veeam supports now moving to HTML5 version. So that means, you know, you can eliminate all this Windows dependency here. You can just control everything from the centralized dashboard console, which is web-based and browser-based. And part of the security model, Veeam have a two-layer management of the Veeam appliance. So there is a host management separately, which you do all the voice-level management. So anything the backup administrator is doing, which is inside the VBR console, and whatever you want to do, the host-level management of appliance, which is isolated from the VBR management. So you can be able to manage this voice-level changes from the host management. It's a completely separate credential and separate login, whereas it's isolated from each other. And then the automatic upgrades. So automatic upgrades has become a shared task often we do as an administrator. So whenever there is a security patch release, whenever the major version release is done, we have to plan and take a downtime and then it's going to be a change management follow-up process. With this Veeam 13, the automatic upgrades are being automatic and fully managed by Veeam backend. So this appliance comes with auto-upgrade. So whenever there is a new patch release, it gets automatically upgraded. So it's not going to impact your production, it's going to happen in the backend. So it's a seamless process. Automate happens within this appliance itself. You don't have to do separate, take a downtime and do this upgrade manually. The next one is single sign-on support. So this Veeam 13 supports SAML 2.0 identity forward integration. You've been able to integrate with your existing Azure AD or for any third party provider that's providing integrity, identity providers. So for enterprise, large organizations, this is very important because you don't have to have separate credentials for the Veeam console. So you have multiple user credentials, which would be AD integrator or any platform that provides a single sign-on platform. You can seamlessly integrate. Now it's Veeam supported. And for also for authentication, there's additional features that for the repositories and for the proxies, since it's going to be Linux platform, all the authentications, you know, it's a certificate-based, so certificate as well as the code-based, adding code. So you don't have to have a user credential in order to connect with your hardening repository or any Linux-based proxy. So with this Veeam 13 version, you're going to be able to authenticate with your proxies and repositories using the certificate-based mechanism of authentication. I know this is a very secure way, rather than, you know, doing a credential-based authentication. And the universal CDP. So back then, CDP was only available in a Veeam platform. Now the CDP becomes available for all the agents as well. So with that flexibility, you're able to lower your RPO as much, less than five minutes you can. So you're going to be able to replicate the changes from the agents as well as from platform. This is as low as possible. That way, your RPO can be less mature. So next function is going to be instant recovery to Azure. So Veeam has instant recovery, which is a very unique model. So instant recovery to any platform, it can be anything, you can do instant recovery to any platform, Veeam Hyper-V. So now with that, Veeam, in addition to the Veeam Hyper-V, Veeam supports to Azure. So you can straight away, you've been able to spin up your virtual machine or any workload to Azure, and then, you know, you can instantly access those machines in the Azure platform with production ready. So, you know, you have to connect your Azure account with this Veeam console. Once it's already, you know, established and configured, you can easily spin up those workloads into Azure. It is very seamless. OK, so we'll cover the best deployment tips here. So, Jihad, you want to take over this part? Sorry. Yeah, thank you. Thank you so much, Mohammad. Actually, the very attractive features which you highlighted right now, and we are literally looking forward to that. Yeah. So, so V13, VSA version, software applies already GA, and VSA version is already GA. And the software version is updated, like it is expected in a couple of months. So, yeah, but anyway, to optimize, I'd like to have a proper utilization of the network. I'll just disable my camera so that I can deliver what I want to. OK, so as we already said, the agenda today, we are going to talk about the secure deployment tips, I would say, as it is in best deployment tips. OK, so how you can make your environment more secure and more resilient. OK, so the first one is like approach is always a three to one. We are already aware about it. But if you can see, I have mentioned that one more one inside the bracket that is nothing but your offset backup with an air gap functionality. OK, so that is more important in nowadays. If you say the true air gap is nothing but a tape backups. OK, so once the backup is done, remove your tape, your air gap. But how? But we know the challenges, right? The maintenance of the tapes and maintenance and even the RTO recovery time. That's a big problem while using the tape for recovering. So that's that is getting replaced by the object storage. But again, that object storage also requires the continue connection between your application and the storage. So we can have a logical air gap in between. OK, the ports should be get down after backup is done. So you are quite secure in case your one copy is getting disrupted. But your offset backup, which is not having a continuous connection that might help you to recover in case of any disaster. OK, OK, I'll share my screen. I'm sorry about that. No, no worries. No worries. I'll just share my screen. Just let me know if I can see. OK, so point number two, always avoid using installing app and DB on OS drives. I know I also repeat these mistakes, but yes, we should avoid that a normal tape, but it is the best. We are all aware about the like one of the targeted event we faced in the starting of this year, right? So hence, we should avoid this mistake. All the third party component might be integrated with the DNS rather than IP address. All this best deployment tips are nothing but my experiences, my bad experiences, to be honest. So hence where I'm repeating again. So I have faced what a problem about a NAS backup. The that partner was taking a backup with the IP addresses for unstructured data. One day security team came to them. This has become a vulnerable IP. We have to change it. The problem was it was 182 terabyte of NAS data. Again, we have to kickstart everything from start because when I create the backup job, my backup job creates a chain, whatever policy name we define from that is start defining the name. So it's always the best option to do everything with the DNS. OK, so these are nothing but my experiences. Like a scenario where instant VM recovery demand is high or NAS backup with a huge capacity, always have a dedicated path for instant recovery cache memory. And cache repository and metadata repository should be always on SSDs. So it's a fair enough ask, right? Uh, when we talk about, uh, instant VM recovery. So what if I'm getting that machine to be booted on analysis? I'm not getting, I'm not going to, I'm not going to get that IOPS, which is going to handle my traffic, right? So it is always a better option to place your cache repository, always on NVMe SSDs. The reason being IOPS should be much equivalent to your production. Otherwise instant VM recovery is no, like though you have the feature, but you cannot use it optimizely, right? Having a proper understanding of immutability period and the retention period. Now, this is very important topic when I, when it comes to like immutability. So when I go to the customer and I ask them how long you want the immutable data to be immutable. They asked me, my retention is 10 years. I want data to be immutable for next 10 years. So that's not a fair ask. Okay. The reason, the reason is very clear, right? We are storing object wise backups. We are linking that data. We are cloning that data. So the data, what is available in the repository, we are reusing it. We are remapping with another stuff. So if you are going to make it immutable for so long, you have to understand what the cost it will be on you for the storage, right? So immutability is, it should be like for a shorter term. For example, today you hit the disaster. You are not going to demand the data, which is written for last two years. You are going to demand the latest one. Maybe the yesterday, yesterday's data you want to be restored, right? So immutability period, minimum, you should have 30 days. Maximum, it should be 90 days. That's fair enough to make your data to be more secure. And retention is a different stuff. How long you want to retain as per your company standards, you need to, as your company compliance says that you have to retain that. Now, the approach is always about a secure backup environment. As many of the features already, Mohammed has covered what is coming in V13 about the 4S authorization. So as of now, so we have that 4S authorization, but whatever, like limitations were there that already got covered up in V13 now. Okay. So the secure backup environment that is more important. I'll have a one more dedicated slide for that in upcoming one. I'll cover up there. Backup infrastructure should not be a part of production domain. Again, a fair ask, right? If anything goes wrong with my production, the backup is only the last line of defense for me to get everything to be restored and get, get back into the action. Okay. Now never neglect the VIM1 alarms. Uh, I know many of are working as a monitoring team, but many times, uh, we are not following that alarm lifecycle policy. That's a big challenge. And that negligence can beat you a lot. Right? So it's always a better task. Always follow the alarm lifecycle management. Once the alarm is raised, you should acknowledge in next five minutes, you should get that assigned to the respected team in next one hour. You should have a response, uh, response and a resolution available within next four hours. If you follow this particular lifecycle management, you are never going to have a problem. Right? Uh, VBR encrypted config backup must be stored on a secure place. The reason is very clear. Uh, like if anything goes wrong, see, uh, right now we are coming with HA. The reason is very clear. Uh, if anything goes wrong on a primary site, you are again available on the disaster recovery site that it is already available. That's a fair enough ask. What if, uh, I don't have any DR. Okay. I only have one data center in one location. So I have one, one VBR over there. I'm just going to create one active standby where the VBR is only installed. Okay. I'm going to replicate this config backup over there. If anything goes wrong with my active VBR, I'm just going to restore my config backup there again, and back in action, back in action, we are all aware about it. Right. But what if somebody hampers your config backup? Correct. So we should always make sure that whatever config backup we are taking, we are validating it every periodically, like every fortnightly, we should, there are utilities available. You should only open the PowerShell, trigger the command and make yourself comfortable. Whatever config backup I have, that is, uh, that is a consistent way. Uh, that is the consistent one. And in case of any disaster, this can be recoverable that much we should be assured. Right. Um, data integrity through CRC check. Uh, like I know before, uh, 12 version in a V11, what we used to do, uh, in the job, when you go to the advanced step, there is an, uh, particular tab known as a maintenance. There, uh, particular, uh, this. Checkbox is already available over there. Okay. From so many versions, but no one was taking an effort to click on that particular button. Okay. So with V12 onwards, okay. V12 or V12.1 onwards, we make it enforced now. If you're not going to take that checkbox, I am going to run the CRC check on the every last Saturday of the every month. Okay. So by seeing this inconsistent in the data, okay. So we have taken an initiative now. Now, if you're not going to, uh, enable that particular feature, it is a problem to you because you are going to miss the SLA for the last full back, uh, last weekly full backup. The reason being, I'm going to run this CRC check. So it's better to just go on the advanced step, select the respected date. When your VBR is free, when your repository is free, make sure you are running that every periodically. Otherwise we are going to enforce it now. And the last is like for DR kind of scenarios, try to place a VBR and DR backup copies on DR side. The reason is very clear. If anything goes on in the DC, you should have any control plane in the DR side so that you can make everything to be available. Okay. Uh, so this is what so far about the best deployment tips, and these are nothing deployment is. These are my own experiences, which I'm sharing with you. Okay. Now, uh, these were the top security features in VDP 12.1, 12.2, 12.3. Everything I have combined here. Okay. The only thing is how much we are aware about it and how far we are implementing it. If still we are not implementing it, try implementing straight away, like from today onwards. The reason is very clear. Uh, see, we are losing the battle with the cyber threat, uh, PR cyber criminals. We like, uh, I think like, uh, once in a week or twice in a week, I heard about the cyber attack. It's become a trend now. Okay. Often we'll keep on listening that, uh, this particular, uh, conglomerate got an attack by cyber attackers. This got safeguarded by so-and-so backups were available as they got safeguarded. So we often keep on listening that. So it's better to make our backup environment to be safe. Otherwise, uh, we are not going to survive our business. Right. So, yeah. So the first one is like security compliance analyzer. Like, uh, when you install your VBR and when you integrate the components with the VBR, you should always make sure that you are, uh, running this compliance analyzer, we provide like 35 plus checks over there in the VBR application itself and try to make maximum everything is passed. Okay. Uh, I believe, uh, I have a separate slide for that. I'll, I'll move ahead with this particular. So, uh, so whatever, uh, things are available here, I have a dedicated slides in the upcoming one. So let me go slide by slide. So, as I said, zero trust principle and it is segment should be there. Like your, uh, production segment should be different. Your VBR should be different. Your wherever, uh, network, your VBR is placed. Okay. You should never place your repository in the same lane. You should, uh, uh, segregate that, uh, repository different segment from where the VBR is placed. So in case anyone is hampering your VBR, even though your backup repository is safe so that you have like your attention for you. Okay. So if anything goes wrong with my VBR, I'll build up a new VBR server. I'll integrate this repository. I'll rescan it once my catalog is rebuilt, I can restore it easily. Right. So we always try to create that resilient domain. Okay. So VBR in another domain, your data repository in another one. And your offsite backup is also another one, another media altogether. Like the three, two, one rule says what you need to apply, right? This is nothing but a zero trust principle, like the entity segmentation. You should, uh, you should always segregate the beam components on a different, different servers and try to create the multi-tier architecture. So you don't have a total overload on one server. If anything goes wrong with that server, everything got hampered. It should not be the situation like that. So as I said earlier, one, we provide you 30 plus security checks for the security assessment. We have to make sure that maximum things are passed. Okay. Instead of not implemented. And, uh, these have a literally, uh, your auditor get, uh, literally get a relaxation in the mind. Once you see all the, everything is passed. Okay. Even while providing any audit snapshots or something, you can just provide this particular report. So one straight answer to your backup environment that yes, your backup is safe with us. Okay. To also, you know, we can sleep peacefully knowing that the environment is safe and secure. Correct. I said, not only auditors, we can sleep peacefully too. Once we know that the backup is safe and secure. Absolutely. That is the primary agenda of the VIM backup administrators. Yeah. Yeah. Yeah. Uh, so whatever, uh, security threatening or security compliance analyzer, hardening, particular, whatever you are going to perform there, that scores, we are going to provide you. Okay. So this particular VIM threat center provides a scoring to your backup environment. Okay. And these are in particular on four pillars. So there's nothing but a compliance analyzer or data recovery health. As I said, your CRC and everything like your data can be recovered, your backup SLS, okay. And immutability flags. So these are the four parameters based on these four parameters. You get a scoring on the VIM threat centers. So anytime your customer visit to your data center, he just wanted to look after, like how my data is saved, just show this console to them. And it should be, uh, the number of which we are seeing is not at all good. It should be always 80, 85 and above so that it is in a green format. Okay. As of now, it is in a high risk. So we were to make sure that whatever things we are not implemented, we start implementing from now. Okay. Uh, the primary thing SIM integration is now a primary, uh, requirement right now. Okay. With any tool for any enterprises, any conglomerate, everything. Okay. They require SIM to be integrated. Hence where we have also taken a step forward. So you should integrate your SIM with VBR, even with a VIM one, you can integrate it. We, uh, like, uh, we pass on 300 plus events where I'm talking about 300 plus events, I'm not just sharing that backup status, whether backup is done or not done. I'm also sharing the admin activities. If anyone is trying to hampering my backup environment, I'm sending that as well, user initiated attempt to delete the repository that will be sent to your SIM integration. You can, uh, create that event and trigger the alarm to the respective stakeholders so that they can take an immediate action on that. Okay. So SIM integration is must nowadays. Okay. So that is available already. So, yeah, when we were talking about like a VIM particular dashboard, which which is already, uh, came in V13. So that's, uh, what happens like any backup admin tried to make any changes in any component or any backup jobs or something, so that goes to the security officer and once he approves that, then only it gets started. But in V12, we don't have that particular, uh, differentiation in the rules. Okay. So we have a four eyes authorization here where minimum two admins are required. One admin is making any changes, like he's trying to delete the backup, delete the repository, adding the privileges to any user, it will go to the, another administrator to make sure, uh, like by accidentally he was trying to do it, uh, doing this or intentionally another administrator can avoid to do that he can reject or he can approve it if it is, uh, that much required. Okay. So with V12, we were in an impression. Okay. This can be accidental one. Hence where the four is authorization was done, but in V13, we have one force and force for everything. There is no accidental. There is every intentional and you need to take an approval. Okay. The perception got changed now. So. We are making it everything like, uh, to be compulsory, to be approved by the security officers. That is more important nowadays. Right? Yeah. The combination of four is authorization along with MFA is more, more and more required. The reason being anybody logins to a VBR tries to delete some data for as authorization can save you on a, until another administrator approves it, nobody can delete it. But if somebody is trying to log into the VBR, that is the first sign of compromise. So it's better to always have a one time, uh, password. Okay. One time, uh, time-based password, basically. So you should integrate your VBR with, uh, like Microsoft authenticator or so and so, so that anybody knows your password, but the OTP still against, uh, still, uh, it comes with you. So nobody login you until you have that particular, uh, actual authentication to log into the VBR, right? So for as authorization and, uh, this MFA, this works parallelly. Okay. And we should make sure everything is, these both are, uh, functioning in a right way. Okay. When it's come to data security and integrity, okay. We, uh, work only on AST algorithm, whether, uh, data in flight and data is, uh, data at rest, everything get encrypted with this particular algorithm only. So, which is a market accepted one. When it's come to like FIPS 140, iPhone 2 compliant, we are already compliant with this particular feature. Even, uh, you can visit to the beam trust center. You can download the certificates, whatever you want. Uh, this is already available over there. We have again came up with the KMS integration, third-party KMS. So I always prefer to say that somebody like my customers comes to me and asked to me like, uh, which is the preferable thing to use to, uh, which, what we should use to encrypt the backup data. I always say them always use the third-party KMS tool. We are a backup tool. Take that much pain only on your head. Don't take a pain of handling the encryption keys and everything. If the customer is having KMS straightforward answer is integrated with your KMS, handle your security keys. Uh, I'll maintain, I'll handle your backup data. That's all. I don't want to encrypt. I don't want to decrypt make your life easier, right? If the KMS is this, uh, if the KMS is present in the customer environment, just go blindly with the KMS. Don't take a headache of encrypting the data, right? But even though if they don't have that, but that feature is available with us, then you can surely, we have to go with the VIM encryption. Now, when it's come to data integrity, uh, whatever backup file we have, we don't have any dependency because we are self-describing backups. Okay. So as I said, if anything goes wrong with the VBS server, I have to just place my new VBS server integrated with the repository, re-scan it, rebuild it, and, uh, you are again, back in action to restore your data. So I don't, uh, create that chaos. Like I'm separating the metadata here and maintain the, um, exit data over there. I don't do that particular stuff. I maintain everything on the storage so that anything, so there is no dependency with the VBR itself. Okay. If your storage is secure, you are secured. We don't care if VBR is getting compromised. The only thing is you should always lock your connections as, as I mentioned, again, immutable storage, like you should not, don't, you should have a logical air gap over there. If anything goes wrong, make your put downs. You are safe. Okay. Sure. Backup storage level, corruption guard. We all, all we, uh, like this, all we discussed already and data as you control like data is, uh, disable that expiration in case of your retention is getting expired in some of the days or, uh, immutable flag is getting expired. You can again, extend that that is available. Now, when it's come to the ardent repository, so we, uh, pretty much compatible with multiple Linux operating systems, okay. And, uh, we integrate with that. We leverage the XFS file system, which help us to do the block cloning features along with the immutability flag to be placed a single port where, uh, everything works on a TLS 1.3 traffic management. We available with the two 50s is encryption. Even we also recommend after that, uh, uh, repository is integrated. Even, even though you disabled the SSH, we don't care. Uh, everything works on a secure mode. We never flow our traffic with the SSH mode. Right. So you should always try to place Linux ardent repository, which is the best approach to safeguard your data along with the immutable flags. Okay. Uh, from the security perspective, it is more important nowadays because 22 is making more vulnerable. Okay. So it's always better to disable your SSH. The, even though while you integrate your, uh, Linux ardent repository, the reason why we require the only thing is we have to pass on some components over there, we have to pass on some binaries to your repository. Once it is deployed there, you can disable that. We don't want after that onwards. So yeah, uh, when it's come to anomaly detections that till now we have the anomaly detection assumptions is like in, uh, daily backups are happening like five GB. Okay. Uh, suddenly it becomes 10 GB. Why there isn't great, uh, a hundred percent change rate in your backup data. What's the reason for that? That's an anomaly. That's where, uh, we are, we are doing little more over them. Uh, we are now going inside the guest OS. We are trying to identify this particular guest OS. VMA is having like 2% of encryption. Tomorrow it raises to three. So we raise an anomaly. Why there isn't suddenly change of 50% encryption data in your environment. It may be false positive. It may be intentional or maybe not intentional, but yes, we cannot ignore it. So we, we are just laser play. Hey, I found it some, uh, anomaly like inline entropies while doing the inline entropies. Can I find some anomaly? Can you please involve your infosec team? After that you involve your security infosec team, they run the scan of antivirus or something, and they can give a green flag. Uh, no worries, man. Uh, this is a, this is intentional encryption, not a problem. So you just go to the VBR console and mark it as a clean by just providing the audit reason. The reason being like my security team, as per this ticket number, I am marking it as a clean as we confirm with the security team. So you are safeguarded. If anything goes wrong, backup admin don't have a headache. Like I have informed you, you only informed me to clean it. I have done that. My job, that's your job. You have to pass on your messages to your security team. Okay. So this is all about like inline encryption scanning. So in v12, it is available for Vim, uh, VMware, Hyper-V, Vim agents for windows, uh, which is now absolutely coming in v13 for Vim agents for Linux as well now, uh, happy to share with you that so, uh, you're not to worry now, even the Linux machine can be protected, uh, with this inline entropy scanning, okay. In v13 is already available. When it's come to like file indexing, scanning for onion link detections or ransomware nodes to be detected. Now, uh, this is what suspicious activity detections. Now I'm crossing one limit. Like when I'm going to the hypervisor, I'm crossing one line. When I'm going inside the guest toys, I'm crossing the another line. So this is what I'm going. This is nothing but a content is getting scanned. Okay. So you need to provide that much privilege to go inside that will, after that scanning will be done. That's our job. Right. So this is what available in the advanced anomaly detections when it's come to like signature based scanning. Yep. That is already available. Uh, the terminology, what we use, it is nothing but a Vim threat hunter. So it is an, uh, like you can integrate with your third party tools, uh, like anti-virus as I'm mentioning that windows defender, Bitdefender, uh, Symantec, Microsoft, McAfee whatsoever. You can integrate with that. You can run the scan backup so that you can make sure that you are running that clean room recovery. Okay. So you are quite, you are quite assured that whatever backup data I'm having, that is virus free. Okay. If you don't want to use that, your third party, you can even use our own threat hunter engine. Okay. Which is nothing but a light, uh, anti-virus engine. We can keep on running that and we can give a green flag on that, that, uh, your data is safe and virus free. Okay. Uh, this is again, a one step ahead of this Yara threat detection, where, uh, we are again doing a content based scanning. You have to provide us Yara rule, uh, as per your compliance guidelines, we'll integrate that Yara rules in our VBR. Okay. And we'll scan your systems with the Yara rule, which you are defining. Okay. Now, how we do that. So for example, on the ninth day, we found some suspicious, uh, data on the backup file. What we'll do, we'll go to the eight. We'll try to find whether nine is having some, uh, suspicious data available. What about like eight today? We found something suspicion on it also. Now, what is the reason for that? From when it started, we tried to do the scanning of seven day. Also, we found that something wrong, uh, happened from seventh on from seven day onwards. What about the sixth day? We found, okay. It is a clean backup. So this is nothing but you're identifying your data, which is the last clean copy you available with. So this is nothing but you're like clean room recovery. You don't require isolate environment. You restore your data, your scan it every like no additional investments are required. You can perform this within the VBR environment. Okay. No additional investment has to be done for this particular stuff. So these are, you can identify a clean copy. You can mark these as a clean copy. For example, today you got hit by any ransomware attack. You are quite aware, uh, restoring of last three data is having a no worth better to restore the sixth day data and get the backup, uh, and get the business to be, uh, action again. Right. This is what helping you to identify which was the last clean copy we are available with. Okay. So this accelerates the clean recovery from ransomware, reducing the chance of reinfections. That is more important. Am I right? So this is the highlight. Like these are the security features which are already available with V2L.3, which is the latest version. Please, please try to leverage this, start implementing this. And as in service providers, as in, uh, like as a service for it, it is always recommended you charge your customers for this enterprise grade security features. You can always make a customer happy by safeguarding the data. And even you can make yourself happy by charging them little more. Hence we can enhance our business like a way. So, yeah, that's where I'll take a pause and, uh, we still have six minutes and we are open for Q&A. Hello. Hi, this is Venkat. Yes, sir. Yeah. I have one doubt. As you told version 13, version 12 and version 13. So version 12 is supported for the Windows inline-based scanning, right? It's not supported Linux. Correct. In version 13, it is supported Linux now. Right, sir. It's supported Windows also? There is an announcement. We are coming with the Linux now. Windows is already there. No, in 13, it is supported both OS. Both the OS's. Okay. Is there any document is there for regarding this one inline scanning? Sure. Sure. I'll do one thing after this, we'll share the MOM along with all the required documents over there. Okay. Okay. Okay. Yes, sir. Hello, Jigar. Yes, sir. Yeah, this presentation was nice, like very compact. This presentation, can we get to follow, like to go through actually again? Yeah, it will be published on this community forum. So you'll get access to it. Okay. Even recording also and PPT both will be available? Both recording and slides will be published in this community and you'll get access to it. In the YouTube, right? It's the same community in the YouTube. Correct. To search. Okay. Can you please share the link of this YouTube link, like of this group? Okay. It's there. Okay. Thank you. If you subscribe to this particular link, you will get an update. Once that is available on the YouTube. Thank you. Thank you. Thank you so much. Yeah. Yeah. My name is Yuvakumar. Hi, Mohammad. So, yeah, so this session was very interesting and you shared valuable information, so, so my question is actually currently latest version is running right, 12 dot something. So in our production that is running actually. So we are trying to upgrade to 13. So normal patch can be done or otherwise you want to install a separate 13 version and export this configuration. So, software version v13 is yet to release. As of now, software appliance v13 is released, which is a purely new setup. Okay. So your v13, v13 should come in a couple of months. I believe it is a December, which is a targeted one where the VBR v13 will release. As of now, v12 is only the option we have available right now. Okay. So once that is released, we can upgrade on the fly, like from current to existing. Correct. Then you upgrade your v11 to v12 like v13. You can do that. Okay. Thanks. Thank you. Even that failover, that Linux, we have a failover option now. Like in case one VBR goes down another replica, like we can failover. So that also will be available in windows, right? That is available in this, that will be available on the same windows also. But as of now in v13, there are some additions are there. There's a difference in addition. Okay. So to leverage that HA, you should use the premium version and all that stuff's are required. Yeah. I believe HA is currently available in the only appliance model as of now, the v13. v13, right. So for that premium license is required. Yes. Yeah. Is it using NFR we can do, we can test that? NFR, I don't think so, but trial can be arranged by the account managers. But NFR, I don't think so. Okay. So, you can check with the respective account manager. So they can answer you appropriately on that. Yeah. All the licensing stuffs. Sure. Thank you. Thank you. I think someone raised hand in between. Yeah. Okay. Any more questions here? Yeah. Hi, Satish here. Hi. I have a question related to the scanning of those vulnerabilities of those contents, right. For a virus and definitions. So any scanner that we take, right. It needs to get the latest definitions updated. If I'm going to use Yara provided by default, right. So are we assured that it would be updated with the necessary latest definitions is we going to ensure that it will be available or are we reliant on any other third party integrations such as windows defender or McAfee? Okay. So both of your questions are a little different. Uh, the windows defender, what are talking about? It is an antivirus scanning. So it just try to scan your blocks, that particular stuff and try to make sure that guest always is, uh, like virus free. So for that, we always, uh, like a recommended is like a daily, how many times you're going to scan the same thing again and again, so it's better to scan your backups at least 15, once in a 15 days with the latest definitions by a third party tool. So you can be rest assured that my backups are virus free when it's come to Yara rule. This is nothing but a content based scanning and that Yara rules is always different for different companies. We have some standard Yara files, which we comes up with the VBR with a standard version, but you can define your own rule, how you want to define it. Okay. You can just upload it to the VBR. We'll make sure whatever parameters are defining all that parameters are getting scanned through with particular Yara. Yeah. It would be helpful if you could share some documents related to it. We'll do that. Thank you. And you can integrate with any other party, like a CrowdStrike, you know, there are plugins available. You can also integrate those, uh, AV as well. You can utilize them for a scanning purpose. Sanjeev have some query, I believe. Yes, Sanjeev, we can hear you. Okay. Okay. You all like, it's okay. You can always drop your queries on this community page and we can share your ideas also. You can share your experience. I believe that's what we were doing today. We should always share our experiences, like what problem you came into and how you like came out of that. That's really helpful to, to share with us. That's cool. Uh, all right. I think, uh, if there is no more other question, we can wind up. Thank you everybody. Thank you so much for joining this session.
