Cyber resilience with Elastio

VMware Cloud Foundation on IBM Cloud

VMware Cloud Foundation (VCF) offers a fully integrated, enterprise-grade platform that delivers the complete VMware software-defined data center (SDDC) stack. This platform includes VMware vSphere®, VMware vSAN™, VMware NSX®, and VMware Aria® Suite components, providing a consistent and secure environment for running traditional and containerized workloads.

The following items are the key features of the offering:

• Provision a fully operational VCF environment in under 12 hours by using IBM® automated deployment tools.
• Provision optional add-on services such as Veeam Backup and Replication.
• Choose between Classic and Virtual Private Cloud (VPC) deployments.
• Deploy VCF environments across IBM Cloud global data centers, which can ensure proximity to users and compliance with regional regulations.
• Use IBM Cloud security features, including Hyper Protect Crypto Services and FIPS 140-2 Level 4 key management to protect sensitive data.
• Integrate with IBM Cloud Services such as Security and Compliance Center Workload Protection and IBM Cloud Logs.

Data protection with Veeam Backup and Replication

Veeam Backup and Replication provides comprehensive data protection and disaster recovery solutions for VMware environments. Fully compatible with IBM Cloud for VMware Solutions, Veeam ensures that your workloads are safeguarded against data loss and downtime.

Integration highlights include the following features:

• Veeam integrates directly with vSphere environments on IBM Cloud, offering the same functions as on-premises deployments.
• Use features like Instant VM Recovery, SureBackup, and constant data protection to meet stringent RTO and RPO requirements.
• Scale your backup infrastructure in tandem with your VCF environment to ensure consistent performance and protection.
• Extend data protection across hybrid and multicloud environments, which facilitates seamless workload mobility and disaster recovery.

Enhancing resilience with Elastio

Elastio Ransomware Recovery Assurance Platform offers advanced protection for VCF environments on IBM Cloud when integrated with Veeam Backup and Replication. This integration provides proactive ransomware detection, which ensures data integrity and facilitates rapid recovery.

The following items are the key features of the integration:

• Elastio seamlessly integrates with Veeam without requiring agents, which preserves system performance and simplifies deployment.
• The platform inspects Veeam backup data at scale to identify ransomware encryptions as soon as the data is backed up, enabling swift response to threats.
• Elastio scans for malware binary files, helping prevent ransomware attacks before they impact business operations.
• By tracking changes across backups, Elastio detects sophisticated attacks that evolve over time, providing a robust defense against evolving ransomware threats.
• Older or previously unscanned backups can be examined to ensure that they are ransomware-free before recovery, adding an extra layer of security.
• Developed from reverse-engineering over 2,300 ransomware families, Elastio achieves 99.99% accuracy in detecting unknown ransomware encryptions.
• Organizations can confidently restore critical business processes with clean, ransomware-free data, reducing downtime and operational impact.
• Continuous scanning of every backup allows for immediate threat identification, which ensures that data remains uncompromised.
• Elastio provides meaningful alerts to focus on genuine threats, reducing false positives and enhancing response efficiency.
• The platform fits effortlessly into existing backup processes without operational disruption, maintaining business continuity.

By combining Elastio's advanced ransomware detection capabilities with Veeam's robust backup solutions, organizations can enhance their data protection strategies, which ensures resilience against sophisticated cyberthreats.

Getting started

1. Provision a VCF instance on IBM Cloud - Use the IBM Cloud portal to deploy your VCF environment, selecting the appropriate configuration for your workloads.
2. Integrate Veeam Backup and Replication - Configure Veeam within your VCF instance to establish backup and recovery processes.
3. Deploy Elastio - Set up Elastio to integrate with Veeam Backup and Replication to provide continuous data protection and enhance your resilience against data threats.
4. Monitor and manage - Use IBM Cloud's monitoring tools alongside Veeam and Elastio dashboards to oversee your environment's health and compliance.

Cyber resilience with Elastio overview

The following diagram shows the high-level architecture overview:

When you purchase the the Elastio Ransomware Recovery Assurance Platform service, a resilient Elastio Cloud Connector is instantiated in the Elastio managed AWS Account. The details of this Cloud Connector are sent to you so you can configure your Elastio Stack.

• The Elastio Stack is delivered as a lightweight Open Virtual Appliance (OVA), designed for scale-out scanning within VMware infrastructures. This architecture is simple to deploy, requiring minimal management, and operates efficiently with low resource usage. Using the OVA an initial Worker VM is deployed hosting the Controller and a Scan Worker. More Worker nodes with Scan Workers can be added for scaling purposes.
• The Controller interfaces with the API of the Veeam Backup and Replication server to get the servers backup inventory and to issue mount requests. After the requested backup is mounted, it can be scanned by a Scan Worker.
• All ransomware and data integrity scans are performed entirely within the VCF instance, which ensures that sensitive data never leaves your environment, maintaining full security and compliance.
• Elastio supports automatic updates to its ransomware detection models and scanning engines, which ensures continuous protection against the latest threats without manual intervention.
• The Elastio stack operates without requiring agents on workload virtual machines (VMs), which preserves system performance, reduces complexity, and delivers comprehensive backup scanning and validation.
• Job status and scan results are sent to your Elastio Ransomware Recovery Assurance Platform console, offering detailed insights into data integrity, ransomware resilience, and recovery readiness. This centralized reporting enables organizations to proactively monitor and enhance their security posture.

Cyber resilience with Elastio architecture

The following diagram shows more details of the VCF instance architecture with Veeam and Elastio:

• The VCF instance hosts your workload VMs hosted on the NSX overlay segments. For more information about VCF, see Overview of VMware Solutions.
• The VCF instance can use VMware vSAN or NFS data stores. For more information, see Physical storage design.
• Veeam Backup and Recovery can be automatically installed on a VM, VSI, or bare metal server. For more information, see Veeam on IBM Cloud overview.
• Optionally, but recommended, The VCF instance can include a gateway cluster to host one of the following appliances to protect the VCF instance networks:
  • Juniper® vSRX appliances. For more information, see Ordering a Juniper vSRX.
  • FortiGate® Security Appliance. For more information, see Create FortiGate Security Appliance 10 Gbps.
  • FortiGate Virtual Appliance. For more information, see Ordering a FortiGate Virtual Appliance.
  • Bring your own gateway appliance.
• The VCF instance can include any of the optional add-on services, such as Caveonix RiskForesight™ or VMware Aria® Operations™. For more information, see Add-on services.
• Optionally, you can use encryption with Hyper Protect Crypto Services and KMIP™ for VMware. For more information, see KMIP for VMware overview.

To create the pattern described in the diagram, follow the procedure to order a VCF for Classic - Automated instance.

After your VCF instance is provisioned:

1. Configure your firewalls by using the vendor’s documentation as a guide and the following information:

   • IBM Cloud IP ranges
   • Ports that are used for deployment and Day 2 operations
   • Ports used by VMware components
   • Ports for services

2. Order a Cloud Object Storage instance and configure a bucket.

3. Configure Veeam to use the object storage bucket as a backup repository.

4. Configure Veeam backup jobs to back up your VMs.

5. Register for the Elastio Ransomware Recovery Assurance Platform service and install the Elastio Stack following their documentation.

6. Configure Elastio to interface with Veeam.

While this pattern describes Veeam Backup and Recovery with a VCF for Classic - Automated instance, the instance can be VCF for Classic - Flexible or VCF on VPC. The backup appliances that are supported by Elastio include:

• Cohesity
• NetBackup
• Commvault
• Rubrik

Veeam and Elastio can also be installed on an existing VCF instance.

Summary

Use IBM Cloud's global infrastructure to extend your on-premises VMware environment into the cloud, enabling workload mobility, disaster recovery, and capacity expansion without significant rearchitecture. Use IBM Cloud's security certifications and Elastio's policy-driven management to meet industry-specific compliance requirements and maintain data governance standards.

Related links

• Elastio
• Architecture pattern for using Transit Gateway with a vCenter Server with NSX-T instance
• Architecture pattern for using IPsec over Direct Link with a vCenter Server with NSX-T instance
• Architecture pattern for using Direct Link with NSX-T edge cluster in colocation
• Architecture pattern for using Direct Link with NSX-T and EVPN
• Virtual Private Network (VPN)