Ransomware is everywhere today and no matter how big/small your company is, no matter how large (or small) your virtual and physical infrastructure is, the hackers do not care. If you're not already protecting your backups with immutability, read on how to do it wisely with Wasabi Immutable Storage Buckets.
Data immutability is something cool that I'd call set it and forget it. Basically, once set up, NOBODY can delete your backups during a certain period of time, which is cool. Not cool for you as an admin, but this for you, should be an exception. That there is something you can't, as an admin, delete…. Think of it as a protection against yourself.
Data immutability can help you comply with certain government and industry regulations like the Health Insurance Portability and Accountability Act (HIPAA), Financial Industry Regulatory Authority (FINRA), Markets in Financial Instruments Directive (MiFID), and Criminal Justice Information Services (CJIS) for securing and preserving electronic records, transaction data, and activity logs.
You're saving your company's data from potential breach, and ransomware risk, and by protecting and retaining data you can avoid expensive regulatory fines and penalties, and costly legal actions and settlements.
When you first open an account with Wasabi, you have the wizard asking you to create a bucket. This is when you'll want to activate immutability. (Note: you must activate bucket versioning prior to enabling object locking on this wizard.
Immutable backups are backup files that cannot be changed or deleted. In other words, this type of backup is safe from new ransomware infections that hit your systems after the backup has been created. They are also safe from non-malicious data loss threats like accidental file deletions and backup file overwriting.
Note: Object Lock must be enabled on a bucket before you can use the Object Lock functionality. Enabling Object Lock can only be done during bucket creation. Therefore, you are unable to enable Object Lock on existing buckets of data.
Once you have the bucket, just create the access keys…
You'll have the access key and secret. Save them on a temp location because t hey show only once.
There are two modes of Object Lock however Nakivo supports only the Compliance Mode so no override for anyone!
- Governance Mode will lock the object for the configured retention policy, however, the root user or any user with the IAM permission “s3:BypassGovernanceRetention” can bypass the retention policy and modify or delete files.
- Compliance Mode will lock the object for the configured retention policy, and no user can modify or delete the object, until that retention policy has passed.
Once done, then you can follow those steps in your backup software, in our case we do the demo with Nakivo Backup and Replication. You can get a trial from this link. Nakivo can be installed on Windows, Linux, test it as a virtual appliance or so…
Add Wasabi account in Nakivo Inventory
To use Wasabi cloud storage with Nakivo we start by adding the Wasabi account in Nakivo inventory. Follow the below steps to add your Wasabi account:
Navigate to “Settings”. Click on “Inventory” & click “Add New…” select “Cloud” and click “Next”.
On the Options page of the wizard, fill in the following fields:
- Enter the name in the Display name box.
- Select the Wasabi region from the Region(s) drop-down list.
- Enter the Access Key ID and Secret Access Key of a root user or a sub-user in the corresponding fields.
Click on Settings > Repositories and Click on Backup Repository. Then:
- Put some meaningful Name
- Select Assigned Transporter
- Account – Wasabi Storage repository which we created above
- Select the Wasabi region where you created the Wasabi bucket
- Select the Wasabi Bucket
Hit Next and you should end with a screen like this. We're done.
Then you can start creating new backup jobs and have Wasabi as a target. You can also create a backup copy job taking data from existing locally stored backups, to send them to Wasabi and have a second copy. With your existing on-prem backup infrastructure in place, this is a wise decision to have a second copy of your backups stored in a remote location, with immutability enabled.
Interesting Wasabi FAQ
How much does it cost to use S3 Object Lock with Wasabi?
There is no additional charge for using S3 Object Lock with Wasabi.
2. Can existing buckets be enabled for S3 Object Lock?
No. To use Object Lock it must be enabled at the time a bucket is created. Buckets using Object Lock must also have Versioning enabled. This is the same process required when using AWS S3.
3. Can the lock (aka retention) of an object be extended or shortened when using Object Lock in Compliance mode?
An object lock can be extended but not shortened. This requires the proper access permissions to the bucket/object and can be executed through your compatible, authorized application or directly through the API.
Locks can NOT be shortened in Compliance mode. Using Object Lock with Compliance mode prohibits everyone from deleting objects until the retention period has expired. Be careful how you use this great power – it comes with great responsibility.
Object lock and Wasabi is one of the easy to way to setup agains hackers and ransomware. Having this protection in place, you creating a big wall against hackers. Nakivo supports Immutability by allowing customers to store the recovery points using the Write-Once-Read-Many (WORM) model. Immutability is supported in compliance mode.
Wasabi web site is here.
More about Nakivo on ESX Virtualization
- Backup a file share with Nakivo Backup and Replication
- NAS Backup with Nakivo Backup and Replication 10.6
- Nakivo Backup and Replication FREE Edition Features and Limitations
- How to configure immutable backups with Nakivo
- Nakivo Backup 10.3 adds features for MSPs
- SharePoint Online Backup with Nakivo Backup and Replication
- Nakivo Backup and Ransomware Recovery
- Nakivo Backup and Replication 10.2 Released with SharePoint Online backup and S3 Object Lock
- Nakivo Backup and Replication 10 Released adding compatibility to vSphere 7
More from ESX Virtualization
- VMware vCenter Server 7.03 U3g – Download and patch (NEW)
- Upgrade VMware ESXi to 7.0 U3 via command line
- vSphere 7 U2 Released
- vSphere 7.0 Download Now Available
- vSphere 7.0 Page[All details about vSphere and related products here]
- VMware vSphere 7.0 Announced – vCenter Server Details
- VMware vSphere 7.0 DRS Improvements – What's New
- Upgrade from ESXi 6.7 to 7.0 ESXi Free
- USB Network Native Driver for ESXi Released as Fling
- TOP differences between ESXi 6.7 and ESXi 7.0