- The risk of fake OAuth apps in Microsoft 365 and Azure - Fri, Nov 27 2020
- Azure Sentinel: Microsoft's SIEM for the cloud and on-premises - Fri, Oct 30 2020
- Microsoft Cloud App Security - Tue, Sep 29 2020
This review will look at how this product performed in a four-node production Hyper-V cluster, highlight some of its excellent features, and discuss why it should be on your shortlist if you're looking to protect your Hyper-V or VMware environments.
I'm using a 30-day trial of version 8.13.12 that you can download here. In case you're new to Altaro, be aware that over 50,000 businesses are using it, with 10,000 partners, including over 2,000 managed service providers (MSPs) worldwide. 4sysops last looked at VM Backup five years ago when they added VMware support.
Installation and first backup ^
After downloading the installer onto one of the hosts in our four-node Windows Server 2016 Hyper-V cluster, the setup was a simple "click Next" affair. After installation, I first had to connect to the console with my Active Directory (AD) credentials. (This is a plus—having to manage separate credentials for each management tool is a pain, not to mention a potential security risk.) Next, I had to add a host, which automatically detected the other nodes in the cluster, added the agent onto all of them, and showed them in the console (nice!).
Adding a single host to VM Backup
The next job is to define where to store the backups. This can be a local disk (fixed or removable) or a LAN network share location.
I tried both. I could connect easily to our (ancient) network-attached storage (NAS), but for this trial, I picked a local drive on one of the hosts. Note that VM Backup transparently shares this drive with the other hosts in the cluster so that any host can back up to this location. The final step is picking one or more VMs to back up. It assigns a default retention policy (two weeks) to the backup, but you can edit this to match your company policy or regulation needs. VM Backup supports collating older backups into daily, weekly, and monthly recovery points based on the grandfather-father-son (GFS) system.
Similarly, you have to decide how often to back up a set of VMs via a schedule (it does not assign a default schedule to VMs).
Daily backups are great for compliance with regulations and for noncritical workloads. For others, use the continuous data protection (CDP) settings and back up VMs as frequently as every five minutes. This gives you a low recovery point objective (RPO)—the maximum age of business data your disaster recovery plan allows.
So far, this is standard fare for backup products, although I did find the configuration workflow particularly easy to follow. Let's look at the more advanced options.
Next-level backup ^
On the Advanced Settings screen, I can configure on a per-VM basis whether to use inline, variable-block-size deduplication (across all VMs—a must-have in a modern backup product for large deployments) and 256-bit AES encryption. Note that the latter requires me to define a master encryption key, which, if lost, will render all my encrypted backups inaccessible. I can also exclude attached ISO files from backups and use changed block tracking (CBT), and I can opt to exclude certain drives from the backup.
Another important aspect of backup is the 3-2-1 rule—to keep three copies of your business-critical data on two different mediums with one copy offsite. You can manage this with an Altaro Offsite Server that transfers your backups to a secondary location over either a WAN or a VPN connection. New in version 8 is replication, which continuously copies VM changes to a different location up to every 5 minutes.
Alternatively, you can use external drives, including removable disk storage (RDX) media. Or if you have the Unlimited Plus Edition (see below), you can store your backups in cloud storage (the ultimate offsite storage location). New in this version is the ability to back up to multiple offsite locations—both Amazon Web Services (AWS) and Azure—rather than just one, support for Windows Server 2019, and WAN-optimized replication. This feature allows you to replicate VMs to other locations and immediately boot from these replicas should a disaster strike your main datacenter.
Backup by itself is useless; you need successful restores. VM Backup lets you restore VMs onto the same host but with a different name so you can easily clone machines. You can also restore individual VMs or groups of VMs to another host. For low recovery time objective (RTO), you can boot the VM directly from the backup storage. There's also a nice sandbox restore and verification feature that can automatically check the integrity of your backups. It can do this either through verifying the data stored (on a schedule) or through a full test restore. This attaches the VM to a host with its network interface controllers (NICs) disabled so as not to interfere with the production VM.
You can also restore individual files and folders from within a VM. And from Exchange 2007 or later, you can select folders or items from the Exchange database (EDB) and export these as a personal storage table (PST) file.
There are four versions of VM Backup: the Free Edition (two VMs protected only), the Standard Edition (5 VMs protected, no cluster support), and the Unlimited Edition licensed on a per-host basis (not per socket or CPU core). There's also a version for MSPs that relies on the Cloud Management Console (CMC), a web console that lets you manage all Altaro's products. The ability to see all backups across all clients in one central console, coupled with per-VM pricing, is very attractive for MSPs. The MSP version provides all the features of the Unlimited Edition.
Finally, there's the Unlimited Plus Edition that adds Azure, Amazon Simple Storage Service (S3), and Wasabi storage accounts as storage destinations (not relying on VMs running in the cloud and saving on costs) along with other features.
I found Altaro VM Backup extremely easy to get started with. I particularly like the drag-and-drop functionality in the UI to add VMs to backup schedules and the like, as well as how easily it found our cluster and detected all the workloads.
When it comes to backup products, you really need to know that it's got your back because it's one of the things you usually set and forget until the day you really need it. In my testing, VM Backup ticks all the boxes for this.