Veeam and Microsoft have partnered with StoneFly to offer state-of-the-art storage solutions leveraging StoneFly’s Scale-Out NAS Cloud Storage in Microsoft Azure for the ultimate backup and disaster recovery solution.
The Challenge
Veeam Cloud Connect provides for organizations a turnkey-solution to connect their on premise Veeam backup and replication archives to Microsoft azure cloud. Since the Veeam VM in Microsoft Azure is limited in its storage capacity, it became a necessity for many customers to implement an additional storage solution. One that can Scale-Out.
A single 16 TB volume can be created by configuring the Linux and Windows operating systems. However, even these 16 TB volumes cannot store Backup files larger than 1TB in size because of the Azure file size limitation at the backend.
For anyone trying to use the Veeam cloud connect in Azure to upload a Veeam backup file to Microsoft azure repository, the 1TB file size limitation is a critical problem.
The Solution
Based on the many requests for methods and solutions to add flexibility to the storage options available, Veeam has partnered with stonefly to provide state of the art storage solutions leveraging the StoneFly Scale-Out NAS Cloud-Storage in Azure.
By combining StoneFly and Veeam solutions, customers can now by-pass the file size constraints within Microsoft Azure. Customers can now add capacity easily and quickly without sacrificing throughput or performance, and best-of-all, manage multiple Cloud Storage nodes with just a single-interface.
The StoneFly Scale-Out NAS Cloud-Storage for Microsoft Azure not only solves the 1TB file size limit, but also allows the user to “Scale-Out” one or more volumes across multiple Microsoft Azure VMs to create a nearly unlimited amount of Storage for their Veeam-backups.
Another benefit of the StoneFly Scale-Out NAS Cloud Storage is allowing the customers to only purchase the storage they need now and add more storage capacity as their needs grow – making it a flexible and an affordable solution.
StoneFly is the only cloud service provider in the market that provides backup, replication and disaster recovery solutions for Veeam in the Microsoft Azure cloud for businesses and governments in the Microsoft Azure government. The Deployment Guide for Veeam Cloud Connect using StoneFly Scale-Out NAS Cloud Storage in Microsoft Azure can be found here.
This solution is available in Microsoft Azure datacenters across the globe. With 4 datacenters in the US, 2 in Asia, 2 in Europe, 2 in Australia and 2 recently deployed datacenters in china.
Your Virtual Dedicated Storage is hosted on Microsoft Azure’s world-class cloud storage, where you are in control of your own data. This solution adheres to stringent security and privacy standards including FIPS, FedRAMP, ISO and others.
The ultimate backup and disaster recovery solution
StoneFly’s Scale-Out Cloud Storage in Microsoft Azure can be used to:
- Scale-Out volumes across multiple nodes for nearly an unlimited amount of storage in each volume.
- Scale up your performance – data throughput aggregates as you add more storage nodes.
- Easily integrate with existing Active Directory servers to simplify setup and secure data access.
- Management is easy: Only one GUI login is needed to manage all of the Cloud Storage nodes in the StoneFly Scale Out configuration in Microsoft Azure.
Installation, management and scaling is simple to achieve at any size.
How encryption works in this solution
There are two Veeam cloud connect backup and replication in StoneFly Cloud installations involved in the Veeam Cloud Connect: 1) at the StoneFly datacenter, and 2) at a customer site (consuming the service).
Every activity is initiated by the customer side. When a new operation towards Veeam Cloud Connect needs to be started, the customer side sends a control command over the SSL tunnel. The Veeam cloud connect installation at the service provider responds to this start command and it creates the encryption key “A”.
This key uses AES 256 bit data encryption. Using the SSL protected tunnel, key “A” is passed to the job manager of the customer in a secure way into the target “Datamover” at the service provider directly via a local network communication.
The customer job manager then creates its own encryption key (key “B”) to be used for encrypting traffic between the customer and the service provider “datamovers”. A new tunnel is initiated by the customer job manager using key “A”. This way, only the service provider side is able to decrypt data coming from the customer side.
Using this tunnel, key “B” is delivered in a secure way to the “datamover” at the service provider side. At the same time key “B” is also delivered locally to the customer “datamover” using the local network.
From here on, data transfer or the backup job payload is encrypted using key “B”. In this way, data is encrypted in flight by an encryption key that is created by the customer and not by the service provider. Using key “B”, customer data is safely sent to the service provider.
Any attempt to intercept and modify the encrypted traffic raises a security warning as the key is only owned by the user and the service provider. This guarantees to customer the avoidance of possible man-in-the-middle attacks.
When additional data transfers need to be done during a new session between the customer and the service provider, the entire process is repeated from the beginning and new keys “A & B” are generated again.
Finally, when WAN acceleration is used, the process is exactly the same and key “B” is also passed to both WAN accelerators at source and target locations. In this way, WAN acceleration is able to decrypt on the fly data blocks encrypted by the user. This solution allows the protection of Veeam cloud connect user’s communication.
For backup file encryption, an additional set of AES Keys is created to encrypt the backup file themselves. Those keys are not related to the communication keys.