Introduction
phoenixNAP Managed Backup for Microsoft Office 365 solution powered by Veeam has gained popularity amongst Managed Service Providers and Office 365 administrators in recent years.
Following the publication of our KB article, How To Install & Configure Veeam Backup For Office 365, we wanted to shed light on how one can leverage Object Storage as a target to offload bulk Office 365 backup data. Object Storage support has been introduced in the recent release of Veeam Backup for Office 365 v4 as of November 2019. It has significantly increased the product’s ability to offload backup data to cloud providers.
Unlike other Office 365 backup products, VBO has further solidified the product’s flexibility benefits to be deployed in different scenarios, on-premises, as a hybrid cloud solution, or as a cloud service. phoenixNAP has now made it easier for Office 365 Tenants to leverage Object Storage, and for MSPs to increase margins as part of their Managed Backup service offerings. It’s simple deployment, lower storage cost and ability to scale infinitely has made Veeam Backup for Office 365 a top performer amongst its peers.
In this article, we will be discussing the importance of taking Office 365 backup, explain Object Storage architecture in brief and present the necessary steps required to configure Object Storage as a backup repository for Veeam Backup for Office 365.
You may have different considerations in the way the product should be configured. Nonetheless, this blog will focus on leveraging Object Storage as a backup target for Office 365 data. Since Veeam Backup for Office 365 can be hosted in many ways, this blog will remain deployment-neutral as the process required to add Object Storage target repository is common to all deployment models.
Why Should We Backup Office 365?
Some misconceptions which frequently surface when mentioning Office 365 backup is the idea that since Office 365 data resides on Microsoft cloud, such data is already being taken care of. To some extent they do, Microsoft goes a long way to have this service highly available and provide some data retention capabilities, but they still make it clear that as per the Shared Responsibility Model and GDPR regulation, the data owner/controller is still the one responsible for Office 365 data. Even if they did, should you really want to place all the eggs in one basket?
Office 365 is not just limited to email communication – Exchange Online, but it is also the service used for SharePoint Online, OneDrive, and Teams which are most commonly used amongst organizations to store important corporate data, collaborate, and support their distributed remote workforce. At phoenixNAP we’re here to help you elevate Veeam Backup for Office 365 and assist you in recovering against:
- Accidental deletion
- Overcome retention policy gaps
- Fight internal and external security threats
- Meet legal and compliance requirements
This further solidifies our reason why you should also opt for Veeam Backup for Office 365 and leverage phoenixNAP Object Storage to secure and maintain a solid DRaaS as part of your Data Protection Plan.
Object Storage
What is object storage?
Object Storage is another type of data storage architecture that is best used to store a significant amount of unstructured data. Whereas File Storage data is stored in a hierarchical way to retain the original structure but is complex to scale and expensive to maintain, Object Storage stores data as objects typically made up of the data itself, a variable amount of metadata and unique identifiers which makes it a smart and cost-effective way to store data.
Cache helps in cost reduction and is aimed at reducing cost expensive operations, this is especially the case when reading and writing data to/from object storage repositories. With the help of cache, Veeam Explorer is powerful enough to open backups in Object Storage and use metadata to obtain the structure of the backup data objects. Such a benefit allows the end-user to navigate through backup data without the need to download any of it from Object Storage. Large chunks of data are first compressed and then saved to Object Storage. This process is handled by the Backup Proxy server and allows for a smarter way to store data. When using object storage, metadata and cache both reside locally, backup data is transferred and located in Object Storage
In this article, we’ll be speaking on how Object Storage is used as a target for VBO Backups, but one must point out that as explained in the picture below, other Veeam products are also able to interface with Object Storage as a backup repository.
Why should we consider using it?
With the right infrastructure and continuous upkeep, Office 365 administrators and MSPs are able to design an on-premise Object Storage repository to directly store or offload O365 backup data as needed but to fully achieve and consume all its benefits, Object Storage on cloud is the ideal destination for Office 365 backups due to its simpler deployment, unlimited scalability, and lower costs;
- Simple Deployment
As noted further down in this article one will have a clear picture of the steps required to set up an Object Storage repository on the cloud. With a few necessary pre-requires and proper planning, one can have this repository up and running in no time by following a simple wizard to create an Object Storage repository and present it as a backup repository. - Easily Scalable
While the ability to scale and design VBO server roles as needed is already a great benefit, the ability to leverage Object Storage to a cloud provider makes harnessing backup data growth easier to achieve and highly redundant. - Lower Cost Capabilities
An object-based architecture is the most effective way for organizations to store large amounts of data and since it utilizes a flat architecture it consumes disk space more efficiently thus benefiting from a relatively low cost without the overhead of traditional file architectures. Additionally, with the help of retention policies and storage limits, VBO provides great ways on how one can keep costs under control.
Veeam Backup for Microsoft Office 365 is licensed per user account and supports a variety of licensing options such as Subscription or Rental based licenses. In order to use Object Storage as a backup target, a storage account from a cloud service provider is required but other than that, feel free to start using it!
Note: Check out our in-depth comparison article Object Storage vs. Block Storage.
VBO Deployment Models
For the benefit of this article, we won’t be digging in too much detail on the various deployment models that exist for VBO, but we believe that you ought to know about the various models that exist when opting for VBO.
VBO can run on-premises, private cloud, and public cloud environments. O365 tenants have the flexibility to choose from different designs based on their current requirements and host VBO wherever they deem right. In any scenario, a local primary backup repository is required as this will be the direct storage repository for backups. Object Storage can then be leveraged to offload bulk backup data to a cheaper and safer storage solution provided by a cloud service provider like phoenixNAP to further achieve disaster recovery objectives and data protection.
In some instances, it might be required to run and store VBO in different infrastructures for full disaster recovery (DR) purposes. Both O365 tenants and MSPs are able to leverage the power of the cloud by collaborating with a VCSP like phoenixNAP to provide them the ability to host and store VBO into a completely different infrastructure while providing self-service restore capabilities to end-users. For MSPs, this is a great way to increase revenue by offering managed backup service plans for clients.
The prerequisites and how these components work for each environment are very similar, hence for the benefit of this article the following Object Storage configuration is generally the same for each type of deployment.
Click here to see the image in full size.
Configuring Object Storage in Veeam Backup for Office 365
As explained in the previous section, although there are different ways on how one can deploy VBO, the procedure to configure and set up Object Storage repository is quite similar in any case, hence no specific attention will be given to a particular deployment model during the following configuration walk-through.
This section of the document will assume that the initial configuration as highlighted with checkmarks below, has so far been accomplished and in a position to; set up Object Storage as a Repository, Configure the local Repository, Secure Object Storage and Restore Backup Data.
- Defined Policy-based settings and retention requirements according to Data Protection Plan and Service Costs
- Object Storage cloud account details and credentials in hand
- Office 365 prerequisite configurations to connect with VBO
- Hosted and Deployed VBO
- Installed and Licensed VBO
- Created an Organization in VBO
Adding S3 Compatible Object Storage Repository*
Adding Local Backup Repository
Secure Object Storage
Restore Backup Data
* When opting for Object Storage, it is a suggested best practice that S3 Object Storage configuration is set up in advance, this will come in handy when asked for Object Storage repository option when adding the Local Backup Repository.
Adding S3 Compatible Object Storage Repository
Step 1. Launch New Object Storage Repository Wizard
Right-click Object Storage Repositories, select Add object storage.
Step 2. Specify Object Storage Repository Name
Enter a Name for the Object Storage Repository and optionally a Description. Click Next.
Step 3. Select Object Storage Type
On the new Object storage type page, select S3 Compatible (phoenixNAP compatible). Click Next.
Step 4. Specify Object Storage Service Point and Account
Specify the Service Point and the Datacenter region. Click Add to specify the credentials to connect with your cloud account.
If you already have a credentials record that was configured beforehand, select the record from the drop-down list. Otherwise, click Add and provide your access and secret keys, as described in Adding S3-Compatible Access Key. You can also click Manage cloud accounts to manage existing credentials records.
Enter the Access key, the Secret key, and a Description. Click OK to confirm.
Step 5. Specify Object Storage Bucket
Finalize by selecting the Bucket to use and click Browse to specify the folder to store the backups. Click New folder to create a new folder and click OK to confirm
Clicking Advanced lets you specify the storage consumption soft limit to keep costs under control, this will be the global retention storage policy for Object Storage. As a best practice, this consumption value should be lower than the Object Storage repository amount you’re entitled to from the cloud provider in order to leave room for additional service data.
Click OK followed by Finish.
Adding Local Backup Repository
Step 1. Launch New Backup Repository Wizard
Open the Backup Infrastructure view.
In the inventory pane, select the Backup Repositories node.
On the Backup Repository tab, click Add Repository on the ribbon.
Alternatively, in the inventory pane, right-click the Backup Repositories node and select Add backup repository.
Step 2. Specify Backup Repository Name
Specify Backup Repository Name and Description then click Next.
Step 3. Specify Backup Proxy Server
When planning to extend a backup repository with object storage, this directory will only include a cache consisting of metadata. The actual data will be compressed and backed up directly to object storage that you specify in the next step.
Specify the Backup Proxy to use and the Path to the location to store the backups. Click Next.
Step 4. Specify Object Storage Repository
At this step of the wizard, you can optionally extend a backup repository with object storage to back up data directly to the cloud.
To extend a backup repository with object storage, do the following:
- Select the Offload backup data to the object storage checkbox.
- In the drop-down list, select an object storage repository to which you want to offload your data.
Make sure that an object storage repository has been added to your environment in advance. Otherwise, click Add and follow the steps of the wizard, as described in Adding Object Storage Repositories. - To offload data encrypted, select Encrypt data uploaded to object storage and provide a password.
Step 5. Specify Retention Policy Settings
At this step of the wizard, specify retention policy settings.
Depending on how retention policies are configured, any obsolete restore points are automatically removed from Object Storage by VBO. A service task is used to calculate the age of offloaded restore points, when this exceeds the age of the specified retention period, it automatically purges obsolete restore points from Object Storage.
- In the Retention policy drop-down list, specify how long your data should be stored in a backup repository.
- Choose a retention type:
- Item-level retention.
Select this type if you want to keep an item until its creation time or last modification time is within the retention coverage.
- Item-level retention.
- Snapshot-based retention.
Select this type if you want to keep an item until its latest restore point is within the retention coverage. - Click Advanced to specify when to apply a retention policy. You can select to apply it on a daily basis, or monthly. For more information, see Configuring Advanced Settings.
Configuring Advanced Settings
After you click Advanced, the Advanced Settings dialog appears in which you can select either of the following options:
- Daily at:
Select this option if you want a retention policy to be applied on a daily basis and choose the time and day. - Monthly at:
Select this option if you want a retention policy to be applied on a monthly basis and choose the time and day, which can be the first, second, third, fourth or even the last one in the month.
Securing Object Storage
To ensure Backup Data is kept safe and secure from any possible vulnerabilities, one must make sure to secure the backup application itself, and its communication channels. Veeam has made this possible by continuously implementing key security measures to address and mitigate any possible threats while providing us with some great security functionalities to interface with Object Storage.
VBO v4 can provide the same level of protection for your data irrelevant to any deployment model used. Communications between VBO components are always encrypted and all communication between Microsoft Office 365 and VBO is encrypted by default. When using object storage, data can be protected with optional encryption at-rest.
VBO v4 also introduces a Cloud Credential Manager which lets us create and maintain a solid list of credentials provided by any of the Cloud Service Providers. These records allow us to connect with the Object Storage provider to store and offload backup data. Credentials will consist of access and secret keys and work with any S3-Compatible Object Storage.
Password Manager lets us manage encryption passwords with ease. One can create passwords to protect encryption keys that are used to encrypt data being transferred to object storage repositories. To encrypt data, VBO uses the AES-256 specification.
Watch one of our experts speak about the importance of Keeping a Tight Grip on Office 365 Security While Working Remotely.
Restoring from Object Storage
Restoring backup data from Object Storage is just as easy as if you’re restoring from any traditional storage repositories. As explained earlier in this article, Veeam Explorer is the tool used to open and navigate through backups without the need to download any of it.
Veeam Explorer uses metadata to obtain the structure of the backup data objects and once backup data has been identified for restore, you may choose to select any of the available restore options as required. When leverage Object Storage on the cloud, one is also able to host Veeam explorer locally and use it to restore Office 365 backup data from the cloud.
Where Does phoenixNAP Come into Play?
- Pricing per mailbox as low as $2 per mailbox
- Hosting S3-Compatible Object Storage
- Hosting Veeam Backup for Office 365 – Backup Proxy Server on our secure cloud platform
- VCSP information
For more information, please look at our product pages and use the form to request additional details or send an e-mail to [email protected]
Abbreviations Table
DRaaS | Disaster Recovery as a Service |
GDPR | General Data Protection Regulation |
MSP | Managed Service Provider |
O365 | Microsoft Office 365 |
VBO | Veeam Backup for Office 365 |
VCC | Veeam Cloud Connect |
VCSP | Veeam Cloud & Service Provider |