Hello everyone, welcome to the another part of this video where we are going to talk about how you can effectively manage your backup. Today 89% of the IT and the cyber security professional rank ransomware as one of the top five threat when it comes to overall viability of the organization.So that is what we are going to talk about in today's session that how you can effectively safeguard your backups. My name is Manohar. I am a technical marketing engineer. With me is >> Hi, I'm Abin. I'm the product manager for the NetApp backup suite as well as I'm a backup expert. >> Welcome back to this series Abin. It is nice having you back here. So tell me you know last time when we met when we discussed about NetApp backup and recovery we showcased and presented how you can protect your database VMs and achieve a 3:1 backup compliance. Now over the past few months we have undergone a lot of change. So what have new features have been included in terms of security and increasing the protection for backup. >> Yeah. So actually I would say it is not just about the ransomware attack. Backups are so crucial for multiple other scenarios. For example like disaster recovery scenarios where you got things lost in your entire data center. How can you recover the business in a new data center or in the cloud? The other case could be like scenarios like crowd strike where due to a malfunctionuh your Windows VM cannot be uh booted up. So you're losing all your applications on Windows and you don't know how to recover from it. So you need a strong backups to quickly revert back to the old state. Sothese are like other two scenarios which I could quickly remember. So backups are important are very crucial for the continuity of the business. Now back to the point. So what are the ways we are protecting that backup? How can you safeguard your backups? So I would say three things basically three things. One is to be very proactive. How you can lock your backups your snapshots your backups in your local storage array or in your secondary array or it can be even your tertiary like where you are protecting your backups for long-term retention like object store. So,that is one part of the thing. The second thing is how you can be confident that your backups are clean in the sense you want to make sure that you are able to recover when a scenario that is not supposed to happen and you lost your things you want to recover your business. So you want to make sure whether your backup is verified. The third thing is things happens right you can lose your backup or you can see someone encrypting your backup or you're losing or your backup getting corrupted. Now how you can revert back to the old state the last known or the good version of that backup or how you can recover to the older backup and bring up your business. So basically these are the three crucial or the basic points I would say you need to ensure to secure backups.>> Awesome. You know as a DBA and as a system admin I'm more interested how you can ensure the clean backups and also before performing a restore how can you ensure that the backups are safe. So why don't we show a demo know for the last two use cases that you just specified and present it to everyone. >> Yeah sure definitely. So I'm logged into NetApp console where NetApp backup and recovery service is hosted. This is one of the database Mac DB which I have already protected. And if I go to the protection detail you know it will show me list of all the snapshots available for that database. Now if you look at the details you see in the second column uh that my database are verified which means after the backup uh neta backup and recovery perform verification operation and it verified the backups are clean. Now let me go to a SQL server host and select that database and perform certain select query where everything looks fine. right now. Maybe some rogue administrator or some attacker comes and crashes a table by using some of the internals of SQL server commands and once that is done probably you won't notice immediately that your database uh there's some corruptions in some of the pages. If you do certain select query everything will work fine. So the only way you would notice is you know someone is continuously monitoring SQL server logs then at that time a page corruption would be visible or else you know if after the backup is taken if someone runs a verification you'll notice that you know there is some corruption in the page and uh you need to take an immediate action. Now in this case, let me fire a backup uh on this database. And when I go to the protection detail, you will see the status of that database backup verification has changed to verification failed. which means there is a possibility that uh you know uh that the pages are corrupted and you need to take an immediate action on getting those any records that have been part of that corruption page need to be retrieved. So those action needs to be performed outside of NetApp backup and recovery.>> Hey that's really nice. I didn't expect that we can do this. >> Y >> Y >> Y >> so can you explain me what is happening behind the scene? Yeah, I understand that uh running uh such process can be CPU intensive especially when you're running your production workload is running 24x7. Now this is where we have added a logic wherein instead of running uh an integrated check on the production database. We create a clone copy of that database where the user can route it to an alternate host which could be a dev environment or a staging environment and the uh data backup and recovery will immediately create a copy from the backup that it created and on top of it you can run a utility check. So this will be completely orchestrated by netab backup and recovery right. So that's how it takes care not only for SQL but a similar process it works in case of Oracle.>> Okay so can you help me is it a schedulable one can you schedule this or it has to be immediately after the backup. Yeah, definitely because you know if you don't have enough resource or a host to perform this verification on a day-to-day basis and you want to perform only over the weekend then yeah you can schedule it and perform this operation over a specific date that you feel that your resources are available. What it means is that you don't have to run it during peak hours. You can do it off peak covers. you can schedule it and as you said you don't have to do it on the production machine you can do it on your staging or your lawyer environment so that you save the resources um I mean your production is not touched >> oh that's great so you know uh why don't you show thethird use case that you earlier mentioned that as we take the snapshot not only on the onap storage but is also copied onto an object store so once it goes over there how do to ensure that uh protecting the backup from anyone trying to tamper with that objects.>> Okay, that's great. Yeah, I think that's a nice one. Let me take you through that. Let me show you how you can enable u ransomware scan or the integrity scan for your backups. So here I'm showing you a database which is assigned with a policy that is enabled for data locking and scanning. So I'm in the policy screen. I'm showing you that this policy is already enabled for data locking. So let's go to the policy and show you how to do that. Uh well, you can see that I have a policy that is backing up to AWS. I've selected a target and then I'm choosing the scan facility. So I'm mentioning what's the interval that I need to scan my backups in the object store. Now once I define this I'll go back to the uh the database inventory and show you what are the list of snapshots that are available in the uh for the given database. As you see here there are snapshots present in both local storage array as well as in the object store. Well, so this is a an FI kind of S3 browser where you're able to uh see all the backups that are taken to the object store. Now I'm going through ascenario where I am making an attack and some of my objects that is part of the backup is being encrypted and it's no more in a usable state. Now when this event happens you can see that we are already marking this event in the view protection details and it shows what time the backup got encrypted. Now immediately you can also see a notification also comes to your email saying that hey we identified some attack and you don't have to worry because the attack is automatically being reverted back last known good version of that object. So that's all about the feature how you are enabling integrity scan for your backups. >> Fantastic. >> Fantastic. >> Fantastic. Uh Ain this was a great demo. Uh I'm hoping even the users who are watching this demo are impressed with it. So tell me one thing uh for the user who wants to evaluate NetApp backup and recovery. How can they sign up for the service?>> Yeah, it's pretty simple. You just have to go to NetApp console which nothing but console.netapp.com netapp.com and you can access the backup and recovery service over there. So we have a free trial period you can try and play around with it and it's uh all the features are available for free as well for that given trial period. Awesome. So for those who missed watching the first part of the video, I'llput the link to that video in this video description so you can go ahead and check it out. How to protect your database with 32:1 compliance or long-term retention. Thank you for watching this video. >> Thank you.