One of the most interesting features provided by Nakivo Backup & Replication 10.2 is the S3 Object Lock capability to secure backups against deletion or overwriting.
This technology leverages the Object Lock option available during the creation of a new AWS S3 Bucket which provides a protection against not only ransomware and hackers, but also from accidental deletions and malicious insiders.
Create a new AWS S3 Bucket
To take benefit of the S3 Object Lock feature, you need to create in AWS a new Bucket with this option enabled.
Before creating a new Bucket you need to prepare the AWS environment to fit your production environment defining the accounts to use. Once the AWS environment has been prepared, you can proceed with the creation of the Bucket to store your backups.
Login to your AWS Management Console and select S3 under Storage.
Click Create bucket to create the new Bucket to store your backups.
Enter the Bucket name and the Region.
Scroll down and expand the Advanced settings section. Select Enable to enable the Object Lock feature and thick the I acknowledge that enabling Object Lock will permanently allow objects in this bucket to be locked. Click Create bucket.
The new created Bucket.
Create a new Repository
Access the Nakivo's Dashboard and click on Settings to configure the AWS Bucket.
Access the Inventory area and select Add New > AWS/Wasabi account.
Fill the required fields and click Add.
The AWS account has been created successfully.
Now go to the Repositories area and select Add Backup Repository > Create new backup repository.
Select Amazon S3 and click Next.
Specify the repository Name, Transporter to use, AWS Account previously configured, the AWS Region and the Bucket to use. Click Next.
Click Finish to create the new Repository.
The Repository with S3 Object Lock feature enabled.
Configure a Backup Job with S3 Object Lock
From the Dashboard, click Create and select VMware vSphere backup job.
Select the VMs to backup and click Next.
Select the Destination repository with the Object Lock feature enabled and click Next.
Specify a Schedule and click Next.
In the Retention tab specify the Immutability requested in days for the specific backup job. Click Next.
Enter the Job name then click Finish.
Run the Backup Job
From the Dashboard, select the just created Backup Job and click Run Job.
Select Run for all VMs and click Run.
The backup is being executed.
Depending on the amount data to backup, after some minutes the backup completes successfully.
The backup stored in AWS S3 Bucket.
Test backup immutability
To verify the immutability of the processed backup, right click the corresponding Backup Job and click Delete.
Select Delete job and backups then click Delete.
The Backup Job has been deleted as well as the related backups.
In the Repositories area, the AWS Repository with the Object Lock feature enabled reports No backup. This is the normal result, and it is what we expect when all backups are deleted from the Backup Job. Now click Refresh.
The AWS Repository is being refreshed.
Once refreshed, the AWS Repository shows one backup is stored. This because the Immutability has protected the backup from deletion.
The backup is still available, and the deletion operation failed.
The S3 Object Lock feature is the solution to protect data backup against deletion, overwriting or ransomware attacks.
To better protect your business, Nakivo organized an interesting webinar to explain how to quickly resume your operations after a ransomware attack.
Nakivo Backup & Replication 10.2 can be downloaded as 30-day trial.