Veeam VMCA2022 - Veeam Certified Architect 2022

The repositories should be configured as Scale-out Backup Repositories consisting of hardened repositories to easily allow for additional capacity to be added and to meet the immutability requirement. Scale-out Backup Repository is a logical entity that groups several backup repositories into a single pool of storage, and allows to add or remove backup repositories as needed1. Hardened repository is a Linux-based backup repository with immutability enabled, which prevents backup files from being modified or deleted until the specified retention period expires2. The other options are either not immutable (option A and C, as NTFS and XFS do not support immutability) or not scalable (option B, as ReFS does not support adding or removing extents in a Scale-out Backup Repository3). References: Scale-out Backup Repository, Hardened Repository, ReFS Limitations.

If you separated the large VMDKs into their own backup jobs, you would be creating more manual work for the backup administrator, who would have to configure and maintain multiple jobs for the same group of VMs. This would go against the requirement of reducing administrative overhead by using dynamic scoping.

Dynamic scoping is a feature of Veeam Backup & Replication that allows you to automatically include or exclude VMs from backup jobs based on tags, attributes, or policies1. For example, you can use VMware tags to assign a backup policy to a VM, and then use the tag as a filter in the backup job. This way, any VM with that tag will be automatically added to the backup job, and any VM without that tag will be automatically excluded. This simplifies the backup management and ensures that all VMs are protected according to their assigned policy.

For large VMDKs with high I/O, you can use alternative backup methods to avoid performance impact and stuns, such as storage snapshots, direct SAN access, or hot-add2. You can also use different storage optimization options to balance the deduplication ratio and the backup file size3. These options can be configured within the same backup job, without the need to separate the large VMDKs.

You can find more information about dynamic scoping and backup methods for large VMDKs in the following resources:

How to Use Dynamic Scoping in Veeam Backup & Replication

Backing up large vmdks (~12 TB)

Backup strategies for a large VM

The information related to the virtual infrastructure that is missing and must be collected during the discovery are the total number of virtual machines and the size of the source data set. These are essential metrics for sizing the backup components, such as proxies, repositories, and transporters, as well as estimating the backup storage requirements and bandwidth consumption. The other options are either already provided in the scenario (recovery time objective, backup window) or not relevant for the Veeam solution (speed of Fibre Channel fabric). References: Veeam Certified Architect 2022 Exam Guide, page 10; Veeam Backup & Replication v11: Architecture and Design course, module 3.

The best way to accomplish the goal of ensuring backups are free of malware before data is restored is to ensure a compatible antivirus solution is available on mount servers for secure restores. Secure restore is a feature of Veeam Backup & Replication that allows you to scan backup files for malware before performing a restore operation, using a built-in or third-party antivirus solution1. Mount servers are components of Veeam Backup & Replication that mount backup files to the backup server or backup proxy2. By having a compatible antivirus solution on mount servers, you can leverage the secure restore feature to check the backup data for malware and prevent any infection from spreading to the production environment. The other options are either not feasible (option A and B, as staged restore and Veeam Data Integration API are not designed for malware detection34) or not sufficient (option C, as Veeam Data Integration API alone cannot scan backup files for malware). References: Secure Restore, Mount Servers, Staged Restore, Veeam Data Integration API.

Data scrubbing is the process of removing sensitive or confidential data from backups before restoring them, to comply with regulatory or legal requirements1. Veeam Backup & Replication supports data scrubbing for VMware VMs by using a custom script that runs inside the virtual lab2.

To perform data scrubbing, you need to create a virtual lab, an application group, and a SureBackup job. The virtual lab is a fenced-off environment where you can test and verify your backups without affecting the production network3. The application group is a collection of VMs that you want to restore and scrub. The SureBackup job is a task that automates the verification and restoration of VMs in the virtual lab.

The custom script is a PowerShell script that you need to write and configure to run on the VMs in the application group. The script should perform the necessary actions to delete or modify the data that you want to scrub, such as files, folders, registry keys, database records, etc2. You can use the Veeam PowerShell snap-in to access the Veeam functionality and objects from the script.

You can find more information about data scrubbing and how to configure it in the Veeam Backup & Replication User Guide for VMware vSphere2.

The tiers of Veeam Financial Services’ backups that will require SureBackup jobs are the silver and gold tiers. SureBackup jobs are used to verify the recoverability of backup files by running virtual machines from backups in an isolated environment and performing tests against live applications1. This feature is suitable for the silver and gold tiers, which have recovery time objectives of six hours and 30 minutes, respectively, and require backups to be verified. The bronze tier, which consists of development machines and field portables, has a recovery point target of seven days, with no recovery time target set, and does not require backup verification. Therefore, SureBackup jobs are not necessary for the bronze tier. Laptop backups are performed by Veeam Agent for Microsoft Windows, which does not support SureBackup jobs2. References: SureBackup, Veeam Agent for Microsoft Windows.

Database administrators and operations team are the most relevant stakeholders to talk to in order to collect business and technical requirements related to virtual infrastructure. Database administrators can provide information about the performance, availability, and recovery needs of the SQL and Oracle servers, as well as the custom financial application on AIX servers. Operations team can provide information about the network bandwidth, firewall rules, storage capacity, and backup windows for the virtual machines and NAS devices. The other stakeholders are less relevant, as they are either not directly involved with the virtual infrastructure (web design team, sales staff) or have minimal requirements (laptop users). References: Veeam Certified Architect 2022 Exam Guide, page 8; Veeam Backup & Replication v11: Architecture and Design course, module 2.

Backup from storage snapshot is a feature of Veeam Backup & Replication that leverages the native snapshot capabilities of the storage system to create a consistent point-in-time copy of the VM data. Veeam Backup & Replication then reads data directly from the storage snapshot, bypassing the ESXi host and reducing the impact on the production environment1. Backup from storage snapshot is supported for VSAN datastores on NetApp, Nimble, Dell EMC, HPE, and Pure Storage systems2.

Using backup from storage snapshot for the virtualized stock trading application servers can improve the backup performance and reduce the latency, as it minimizes the time that the VM is running on a snapshot and avoids the network overhead of other transport modes3.

The other options are not recommended because:

B) Implementing Veeam Agent on the virtualized stock trading application servers is not necessary, as Veeam Backup & Replication can protect VMware VMs without agents. Veeam Agent is mainly used for physical servers, workstations, or cloud instances4.

C) Using Veeam Replication to create replicas of the virtualized stock trading application servers at the remote site, then back up the replicas is not optimal, as it adds more complexity and cost to the backup process. Veeam Replication is mainly used for disaster recovery purposes, not for backup5.

D) Turning off application-aware processing for the virtualized stock trading application servers is not advisable, as it may compromise the consistency and recoverability of the application data. Application-aware processing is a feature of Veeam Backup & Replication that ensures that the application data is in a consistent state before the backup or replication job starts.

You can find more information about backup from storage snapshot and other backup options for VSAN in the following resources:

Backup from Storage Snapshots

Storage Systems Supported for Backup from Storage Snapshots

Optimizing Veeam Backup & Replication Configuration for VMware VSAN

Veeam Agent Management

Veeam Replication

[Application-Aware Processing]

The requirement C is vague and needs more clarification from the customer. It does not specify which public cloud provider, service, or storage tier should be used for the backup data. It also does not indicate how the backup data should be transferred, secured, or managed in the public cloud. The other requirements are more clear and specific, and can be met with the Veeam solution features and best practices. References: Veeam Certified Architect 2022 Exam Guide, page 9; Veeam Backup & Replication v11: Architecture and Design course, module 6.