Transcript
Thank you for tuning in today for another great Veeam 100 show brought to you by our Veeam community. I am Adelina Cristil and I am in charge of Veeam community strategy and operations. I am joined today by my colleague in product strategy and co-host, Andre, the one and only, I was told to say so, and two awesome guests. We have Christoph and Martin today with us. And for Christoph, this is not his first time in the show. So for many people that are watching us already know him, but Christoph, for the ones that don't know you and they've never seen you around, why don't you just give us some introduction? Oh, okay. Thank you, Adelina. Also, thank you for the opportunity to be here again. Yeah, Christoph, I am currently the CTO of NTX, which is a managed service provider located in Belgium, but I have been in a long journey already with Veeam. I'm using the product since they got their first product. It was called FastSCP back in the day. So yeah, multiple years of experience with Veeam and yeah, almost four years as a Vanguard. So yeah, keeping building on that Vanguard status. Yeah. Thank you for being again with us. Thank you for accepting the invite. And now I'm going to actually move to Martin. For Martin, this is the first time being in the show and thank you very much for being with us today. It is important to hear your story. I'm really looking forward to that. But before that, I would like you to introduce yourself since this is your first time in the show. Yeah. Thank you very much. My name is Martin and since almost 20 years, I'm responsible for all IT related situations in the Insilcon group. And over the years, I see the company growing fast within the last years. And in there, Christophe came in also. Absolutely. Thank you very much. And as I said, Martin and Christophe's story is about how Insilcon, the company that Martin works for, approaches modern data protection and the steps they take to ensure resilience and security across their IT environment. So we have a lot of good stuff for the agenda today. So I'm really looking forward to hear all about it. Andrei is going to help us through the process, through this conversation. I know he has some good questions for both of you. So get ready for that. But before we start, I would like to ask the people that are watching today to let us know in the chat, where are they joining us from? And also, please put your questions in the chat and we will make sure to answer those. We'd really love to see you engaging with us. So Andrei. Yeah, I'm going to take it away. Yeah. Absolutely. Let's do the technical part. Yeah, let's do the technical part. Well, before we start doing the technical part, we have to understand what the company looks like and how they work and who those guys are exactly. So we're going to step by step to unveil what you guys are doing and what business you are in. Because this will be very important for our viewers today. So let's just start from the first slide. And Martin, it kind of goes to you, right? So Intel come. I know you, well, you kind of said it briefly. You were involved with like everything IT for the last 20 years. But maybe you could give us a little bit more information about the company itself and, you know, the specifics that you were working with. And you know, since we have it on the slide, how, like, and when you kind of discovered it already. Yes. Yes, the company, Insocon, we are manufacturing, but also selling high temperature insulation materials for all kinds of appliances, can be space, can be automotive, can be domestic petrochemical stuff. When I started at the company, we are just two locations, just Netherlands and Belgium. And over the years, a lot of companies were acquired. So we get quite a lot of locations in Europe at the moment. And I think eight years ago, we were acquired by IPCOM. And from that point on, the company grows much faster. OK, so before we probably go to the comment, we have it on the next slide and we'll bring Crystal for that one. But just since we have this very early picture of Beam Backup and Replication version six, I would like you to mention that. Was it the first time that you met Veeam back then? Like, do you remember that time? Do you remember that particular version? Tell us a little bit more about it, Jordi. That particular version, I don't remember in detail. But what I do know is that we came from another backup solution and the step to Veeam was, I think, very good, much more simple, much more stable than the software we used until then. Yeah, the sentence then back in the days was, it just works. So that was a thing. I think version six, Andrej, was the version when Hyper-V CBT was introduced for the first time. That was the version when Hyper-V was introduced like overall as a platform. We didn't have it before. I was thinking on CBT on that. And these were still the times that we will never support tape. This was still active back in the days. This was still active until version seven, which was the next major one that we had. Well, technically, we had 6.5, but let's not bring that memory back. So, okay, we're moving right now to the next slide. Since Martin already mentioned, was it the acquisition that Ipcom acquired Intelcom? Was it like that or was it a merge? But anyways, can you, and I'm asking Christoph now, can you tell us a little bit more about that time, about Ipcom? Because I know this is when you joined the project and this is when you started to help them. Okay. So Ipcom is then a Belgium-based because I'm located in Belgium. Martin and the headquarters of Intelcom is in the Netherlands. But Ipcom is a Belgium-based company. And it's quite some kind of holding where it's doing actively buy and build among whole Europe. So they are really buying companies all in installation-related activities. And then I came into the picture to look into, yeah, my assignment there was, okay, look into the security and the IT security in particular of all those companies. And please write some guidelines which we can apply in all those companies. And as you can imagine, there are a lot of different setups, softwares, architectures involved. And then we created one baseline. And I must say, yeah, we took a lot of things that were already in place at Intelcom there, Martin. Yeah, you already had some best practices. If I tell you, VLANs for some companies, this was something very exotic. There were no VLANs in some companies. You already had some evolution on that. So it was our initial, the Intelcom setup was our starting point to further elaborate and make a whole setup for the whole group in terms of standardization. And then we took every company, we performed a small gap analysis. And based on that gap analysis, we said, okay, this is the roadmap you have to go to protect your data and to make your company more resilient. We're going to talk more about technical details in a second, Maddy. I'm just going to pass it over to you because I know people are active. Like, thank you for joining. Thank you for listening to us. Maddy, do we have anyone to say hello to? Yes, we have a lot of people that are actually saying hello in the chat. And we want to say back, Piotr, Tide, Martin, Ricardo, thank you all for joining. Thank you all for watching. Please, if you are watching us, let us know where you are joining us from. Okay, so let's continue. And then I know you guys, you wanted to have this slide, right? Because we've got interesting points to cover. And by the way, yeah, where's the offsite meetability? That's here. So, Crystal, since you were the one like helping them, can you maybe get us through? What was the most important for you to do? What was the least important for you to do? Anyways, talk to us about your experience and how it was with all additional things. Because you're right. You remember in 2011, 2012, we didn't have those sometimes features or functionality or even technology back then. But over the years, obviously, we gathered much more. So what was the challenge for you? Anything that you would like to share? The world evolved a lot in all those years. And also IT evolved a lot. And security and data resiliency, data protection evolved a lot. And then you see companies who had some kind of or had a basic backup configuration. But it was not up to date. It was outdated. It was not resilient or built for the next upcoming era. So, yeah, these were the points. We took into account when we did the gap analysis to refer on the Insulcon case. They had a multi-layered storage structure where they wrote their backups in the Anton tape. And then they used theme for that. It was written on the LTO tape. But there we said, OK, we will see. And then we will expand it. There is a buy and build story. So, yeah, data will increase and increase. Is this still a suitable solution for you in the future? And these were the points we were discussing among the improvement program we did at Insulcon. Maybe to go through the points. And I think, yeah, the latest one is for me the most interesting part, I guess. I really like that one. But also segmentation. I cannot emphasize this enough. That segmentation also for your backup environment is very important. This was one of the focus points we carried out. And with the introduction of the latest versions, we had service accounts. The introduction of service accounts. Yeah, Andrey, go ahead. Yeah, maybe we could clarify for our viewers. Because segmentation, no one really, or some of them, they understand what it is. But maybe you can clarify it more. What do you mean by segmentation? Yeah, sometimes, back in the old days, we had a flat network. And we had all the components sitting at the same IP range, at the same layer in the network. So we had some endpoints. We had the PCs and the workstations. We also had the servers. But we also had the backup server itself sitting in the same network. So for you as an attacker, it was very easy to, they call it lateral movement, to compromise one device and move across the network to all the other devices. Even printers are in that same network. And yeah, if one of these devices is not patched, it's very easy to compromise this. And then move lateral over the network to other components and to infect them over there. So sending some or installing some walls between all those logical compartments, a wall where we contain all the printers, where we contain all the endpoints, the servers, but also the backup infrastructure, make it harder and harder. It's setting up the walls. When you have an infection on one of those components, it cannot spread very easily across the whole network, across the whole infrastructure. Okay. And you're probably, well, since you're talking about the setting up the walls, it's like you're talking about firewalls, right? Partially. Firewalls. And then we go for a least access privilege. We only open up the necessary ports to go to the backup servers, to go to the proxies in the Veeam configuration and nothing else. Even the management is in a different network. And only the most necessary ports are open there to do the job. But everything else is locked down. Maybe it's worth to mention that also the backup storage is in a separate network. So there is no direct connection between the storage and the backup server itself. Okay. This is a good piece of information. So I hear the management network, the production network, the backup or storage network. Any other network here? Because we're talking about multi-network situation. Yeah, we have the classic ones there. We have also a visitor network for visitors. The printers are separated. Mobile devices are separated. So yeah, Martin has done a very good job on that on segmentation there. I'm going to ask a nasty question right now. But since you were doing that project, right? Talking about segmentation and service accounts. What's your stance on documentation? Do you have it documented somewhere? How do you keep track on those things? For IT people, it's always a pain in the ass to document their stuff. It's always not that useful in their eyes. Until you're sick or somebody else has to take over your job. And then he has to reinvent the wheel again and do some reverse engineering. So we really documented everything. I really saw last week, there is an MCP server launched from VeeamSite with some ports. This is very important. Depending on the version, we have different ports open. And we are trying to limit it from a Veeam standpoint. But yeah, having a very good documentation is a lifeline. Also in the firewall is a lifeline. Document every rule, document everything in your firewall. That you really know what goes in, what goes out on your network. That's perfect. Okay, I'm happy. And that's why I said nasty. But I know some IT folks, they don't really like documentation. But at the end of the day, this is something that could actually save this particular day. So Martin, coming to you. Because obviously five different interesting areas. Pick something that you like the most. If I could, I would ask you about your backup. Because this is my favorite thing. But I'm not sure whether it's yours. So what's your favorite thing here? And how did you feel implementing it? I think at this moment, the Shure backup and testing functionality of Veeam. Because it saves me a lot of time with testing the integrity of our backups and the reliability. And the first couple of times, I really closely monitored the Shure backup jobs. But at this time, they are so consistent in the results that I basically rely on the mail saying it's successful. Do you have it set up for all the VMs? No, that's for at this moment, just for the domain controller. But if I see how it tests, it's really a nice product inside the Veeam, in the Veeam software. We took and did the first step. We entered the domain controller, which is a classic one, which we can really test. But a lot of people are still afraid to install or to use the Shure backup feature. And because you have to configure some nasty Linux app lines, some IP addressing is involved, and setting up the data labs, it's really a sandbox environment. And we showed them, we showed IPCOM, look, we test on a fully automated base, your domain controller. If it's green, it's mean, and it's working. And you can assure that your backup is consistent. In the next steps, we will further also do some testing where we can spin up a domain controller. We can fire up a database and an application and test on that as well. These are really the next points we have on the roadmap to automate and make sure. And it's also an S2 obligation, not only to take your backups, but also to test your backups. And with this, we can, and an easy way we can perform this for our customers. That's amazing. So I changed the slides already, and I'm, because you started to talk about future, and I would like you to go deeper into it. I would like to talk about VHR if you want to, no problem. Why not? But yeah, since you mentioned the expanded Shure backup, obviously you have some workloads in mind that you want to, well, to kind of, to additionally check whether they're recoverable or not. But like, besides that, do you think that's the newest things that we're going to bring into the market with 13.1, like especially related to forest recovery? Is it something that could be like the part of the process or like extended part of the process? Or is it too early to tell? It's very, very new. When I look into the architecture of IPCOM, I think it can be added value. Yeah, as you see, they are on a very high pace in acquiring new companies, and Martin has to make sure, and you see, it's possible that everything is safe over there. And we don't know what is out there when a new company is acquired. It can be a total other architecture over there. And then I think having this functionality available, it will only enrich the capabilities of when a disaster strikes, of recovering very fast RPO, RTO. It's only an added asset. It's an added tool in our tool belt to recover from damage. Perfect. I just wanted to highlight that because like typically, whenever we have the conversation with customers, they are talking about, you know, how the company is growing and they're buying new software, new hardware, expanding towards the cloud. But sometimes they overlook things like merging acquisitions, something that happens a lot, especially in this scenario. And with that, obviously, you are gaining a lot of legacy or just different environments that you have to integrate. And it brings a lot of additional requirements and challenges for you as well. So I think this is a good shout out to make those processes happening and Veeam is able to help or to mitigate those processes a little bit better. Okay. So besides Shure Backup and besides all the testing, so why don't we talk a little bit about the security side of things? Because, you know, the malware detection, I'm actually surprised to see it on the future improvements. Does it mean that you are not doing it right now? And why not? At this point, we are not using the YARDA rules. I suppose we use the malware scanning, but it still gives a lot of bugs, like bugs icons. Yeah, false positive sometimes. Now they are using the anthropic scanning and those built-in things. I showed them in a separate session, Martin, what fancy stuff we can do with YARDA rules and also do some very creative things with YARDA rules as well. But yeah, it's always a trade-off. Depending on the mix of software you have, the malware or inline detection can already give some false positives. And this is a work in progress to improve this. But also the capabilities we have right now, when we do a safe restore, when we restore the data and first restore or bring back a machine from the backup and say, ah, not directly in production, but first we have to check it, bring it up, check it. And then we are 100% confident that the machine and the data is clean. It's really added value to get back in business in an adequate time. Okay. Have you by any chance looked into the clean room recovery, for example, or one of those potential things? Because I think you are kind of improving the game, but I'm wondering what the end solution would look like. I don't know. Clean room recovery. Martin, do you have any view on this? No? Well, not at the moment. Not at the moment. I don't think, well, I think it's an ongoing process. And from where we stand now, we will move further and go with the developments and together with Christophe. Yeah. As further as IPCOM and Insulcom are growing and growing, we are indeed looking into functionalities like clean room, that we can do it automated using the Veeam Orchestrator. And it also helps us there. We talked about already about documentation also there. Veeam Recovery Orchestrator can help us there to create up-to-date and recent documentation on this. But it's really depending on the size today. We are at the tipping point. Well, we need maybe one or two acquisitions from this. It really makes sense. Because setting it up and maintaining it is also a cost. And we didn't talk about it in the introduction of IPCOM. But Martin and his team, it's a very limited team to do such an amazing job on all those sites. So, yeah, it's also a trade-off. If we can automate it, yeah, please go for it and automate it. And then you see Martin is just counting on a green email when the share backup is done. He's not diving into the GUI to see, okay, was my lab spend up correctly? And then did it do the test? No, I'm just waiting for the green email and then advertising is fine. Exactly. This is a good, perfect segue towards Recovery Orchestrator since you mentioned, Christoph. And it's like, I'm additionally happy to see that because obviously, since the company is growing that fast and then, like you said, the tipping point. Like previously, a couple of years ago, they were happy just to set up the backup, the sure backup job for one particular VM. And now they're talking about future and kind of envisioning what they're going to look like in a couple of years from now. So that's very interesting. And yeah, I really like the fact that Veeam is scaling with you guys and that it helps you to grow. And then you haven't really reached all the products, talking about Recovery Orchestrator. But yeah, very good stuff. Thank you for sharing this. I'm going back to Maddy for now. Maddy, do we have like any other things to mention? Like any other questions from community that's coming to us or like interesting remarks or something? Yeah, for sure. I mean, thank you for that, guys. I was listening with a lot of attention. I think this is a really solid example of, you know, how resilience is actually built by continuously adapting to new capabilities and, you know, the changing requirements. You were talking about documentation. And yeah, thank you for sharing this with the larger Veeam community. I'm sure everyone appreciated it. And yeah, let us all know in the comments, what did you think? What did you think about the story? I think it was great. And it seems like a great collaboration there between Martin and Christoph. But yeah, Andre, you were talking about saving the day. So I'm going to ask Martin a question right now. I'm going to put you on the spot, Martin. You know, we all know that the Veeam solutions are built, right, to be reliable. We were talking about that just a few minutes ago. And it just works. And you've been using, from what I understand, you've been using Veeam solutions for a long time. So I was curious, has there ever been like a challenging situation, must have been at some point, you know, where Veeam really helped you recover or save the day? Yeah, and that's quite recent, quite recently, actually. I was doing some development work with Microsoft Graph. And we also use M365 backup from Veeam. And I accidentally removed a couple of SharePoint sites, which were quite recently created for an acquired company. And at that moment, Veeam saved me a lot of work by restoring those sites. OK, well, that's good to know. I'm sure everyone has an interesting story with saving the day or some community members like to say save the bacon. So yeah, thank you for sharing that. I appreciate, Martin. And this is just recent. I'm sure there are probably more in the past since you've been using the solution for such a long time. And of course, I'm not going to, you know, end the show without asking Christophe a question as well. But this is going to be since he's been a Veeam 100 member and the Veeam user group leader for Bellux for quite some time now. I think it's been three years. Yeah, we are busy at our fourth year today, two years over this year. Yeah, four and counting, yeah. Congratulations. So yeah, you do a lot for the community, you know, in general, and you are involved with the Veeam 100 program. And you're involved with a larger community with a Veeam user group, as I said. And this is voluntary, you know, job. And it's alongside with your regular work. And I'm sure you are very busy and you have priorities. So what actually motivates you to stay so actively involved and, you know, keep contributing at this level? Yeah, I can tell you it's quite challenging. We all have our full day jobs. But being part of Veeam and this cutting-edge technology, the recent acquisition of security AI and the whole AI evolution, it's really cutting-edge technology we are working in. And being able to contribute on this and sharing. We talked about the long history. I have the experience with Veeam several years now. But being able to share my expertise and best practices we developed along all the way, it's really motivating. And not only to customers, as we do from a managed service partner, but also with other Veeam partners sharing this expertise. And I must say within the Veeam 100, it's a great group to be in. You see a lot of people across the whole globe which have all the same vision on this. And it's very enriching for yourself as well. And to discuss how they solve problems X, Y, Z. And have some insights, maybe some other insights. Because, yeah, when you're working day-to-day on the same problem, yeah, sometimes you get stuck in your own vision. And it's very enriching to be part of that and to exchange those thoughts. Well done, Christophe. That's a great answer. And in general, thank you, the three of you, for the great show. I think it was a really top conversation. And just being part of this. I love doing these shows. I love listening every week to the stories. And it's great to be with the Veeam 100 members as well with customers and listen from them what impact, what means success using Veeam solutions. So that's fantastic. But anything else before we go? Because I know, Christophe, this month, you are actually going to organize a Veeam user group in Bellux. Yeah, yeah. One more thing. We still have a Veeam user group organized in Belgium. It's on Thursday, the 25th of June. So within a couple of weeks. And then, yeah, as from 2 p.m. in the afternoon, and it's located in Brussels, we will have our gathering with the Veeam user group. So everybody's invited. And, yeah, last week, I was in London at VeeamON. And there, yeah, we saw a lot of insights and also the vision that this Veeam has shown us there. And we are very eager to share these insights and this information with all the involved people from the user group. Totally. I mean, we're going to share the link in the chat just to make sure everyone has access to it. So in case you are in Belgium, definitely, this is a good event to join. Thank you for sharing that, Christophe, AZ, Martin. Anything else that you would like to share before we go? I would like to share that I'm happy I am invited to the Veeam user group in Belgium. You're joining. The pleasure is mine, André. Martin, anything on your side? Well, I can really recommend to visit the event Christophe is organizing. I've been there, and it's a good job. Very interesting. Good to hear that. Actually, I was telling Christophe, I've never attended one of those. I'm going all around the world, but never attended the Belux one. So next time, I should make my way there. But yeah, thank you once again, the three of you. And I also wanted to say a big thank to our audience today. And don't forget, you can find us at community.veeam.com. All the good stuff happened there. You can get in touch with our Veeam 100 community, with our Veeam user group leaders and the larger community. So we are looking forward to have you all there. And we'll definitely see you next month with another great customer story. In the meantime, stay awesome. Bye.