• JD Wallace

Recover Fast, Thwart Ransomware, and Power DataLabs with Capacity Optimized FlashArray//C and Veeam

Pure Storage FlashArray is a great storage platform for use with vSphere for VM storage. In previous posts I've highlighted some of the advanced integration you can benefit from when also using Veeam Backup and Replication as your data protection platform. Up until now however we've not really looked at where those backups are being stored. It would be risky to save them back to the same FlashArray as we're using for production since they share a a failure domain; and besides it makes way more sense to leverage FlashArray snapshots for local recovery anyway. (In a future post I'll write about using Veeam to orchestrate FlashArray snapshot only jobs and why you would want to do that.)

So when selecting storage for your Veeam backup repository, what should you look for? The traditional logic has been to focus on storage built for backup (ingest) speed and data reduction capabilities. These solutions typically use disk drives and post process deduplication to suck data in fast and cram it down to take up as little space as possible. The big compromise? restore speed. These solutions are just not capable of rehydrating the data fast enough to restore data back quickly. To be fair, this wasn't always a huge problem. Historically, recovery tasks called for things like recovering a corrupt VM or maybe bringing back some accidentally deleted emails. Performance wasn't the biggest concern. I will argue however that there are two factors that are turning this old thinking on its head.

Instant Recovery & DataLabs

Data movement takes time and after data loss, that time means longer RTOs. Veeam figures, why wait? Back in 2010 VBR v5 introduced Instant VM Recovery, the idea that you could "trick" a hyper-visor into streaming VM data directly from your backup files. Now you could immediately recover a workload streaming from backup storage as you migrated it live back to production. A super handy feature, but as you can imagine this put tremendous stress on traditional backup repositories. Perhaps that is why it wasn't until v10 (ten years later) that Veeam finally gave you the ability to restore more than one workload at a time when they introduced Multi-VM Instant VM Recovery. In the upcoming VBR v11 Veeam is continuing to push the envelope with even more enhancements to Instant Recovery by supporting SQL Server, Oracle, and even entire NAS file systems.

Instant Recovery isn't the only way Veeam has put this technology to use. It's also the foundation of another suite of capabilities delivered under the name DataLabs. DataLabs adds networking features to Instant Recovery to allow recovery of workloads into a private network or "lab" so various activities could be performed without any chance of impacting production. First was SureBackup where you could verify a backup was successful by performing an Instant Recovery into a DataLab where automated tests would make sure everything came back up. Taking this concept further, Veeam then introduced SecureRestore (the ability to use DataLabs to check a restored workload for malware before exposing it to prod) and StagedRestore (giving you the chance to modify data before reintroducing it to production, for example removing privacy related information).


The other big thing changing the face of data recovery... ransomware. More specifically, the scope of potential data loss that is implicated in a ransomware attack. When recovering data lost from these types of attacks, you could potentially be faced with the prospect of recovering entire datasets of many TB or perhaps even into PB of capacity. If your only surviving backup is stored on tape, in the cloud, or even on legacy ingest and capacity optimized storage; you may be faced with RTOs stretching into days or even weeks. Your recovery window is almost certainly going to be far longer than the ransomware countdown timer ticking away while you work.

Ransomware attacks are also evolving in their sophistication. Attackers can be patient, spending days after gaining access to quietly map the infrastructure, attempt to elevate access, and compromise data protection plans. They want to be sure there is as little chance as possible that you have any alternative but to pay up.

Summing Up the Challenges

What does all of this mean? In todays modern data protection landscape, there are three things that are clear.

  1. You must be able to not only back up, but also recover large volumes of data quickly.

  2. These fast recovery sources (not just tape stored in a mountain, or glacial cloud archives) must be impervious to premature removal, even by someone with admin rights.

  3. Modern data protection tools add tremendous value, but only if your backup storage is up to the challenge.

FlashArray//C, the Best Choice for Veeam Backups

I know what you're probably thinking... "All-flash for backups, you must be crazy!" But just hear me out. There have been some changes in the storage industry that continue to drive down the cost of flash storage. FlashArray//C takes advantage of a new and incredibly dense form of flash called QLC to deliver massive amounts of capacity. In fact, Pure Storage recently announced a new 49TB Direct Flash Module (it's like an SSD, but way better). With these capacity efficiencies, FlashArray is able to compete with Hybrid Disk/Flash based storage while still delivering the simplicity and performance of FlashArray.


Let me make this crystal clear. FlashArray//C is FlashArray. It's built on the same technology, runs the same Purity OS, and leverages the same UI, APIs, and feature sets as FlashArray//X. Just like //X, it's 100% NVMe flash, and dead simple to use. The only difference is that it uses QLC flash to deliver unprecedented levels of density.

Simplicity plays a very important role in data protection. If your backup solution is hard to implement or use, it's more likely that you'll misconfigure something. Even worse, you may become complacent with the daily list of failed backups that need to be investigated and restarted. Veeam made a name for themselves early, with customers coining the tagline "It just works!" When paired with FlashArray, the results are a backup solution that is super simple to implement and maintain.

Capacity + Performance

Until now, you were faced with making a big tradeoff when selecting storage for your backup data. Flash was seen as prohibitively expensive, so that was out of the question. Your choices came down to:

1. Design for Retention - Using one of the many deduping storage appliances or purpose built backup appliances (PBBAs) you could get a lot of capacity to support your desired retention policies (RPOs), but the challenges in rehydrating that data from disk would mean sacrificing on restore speed (RTOs). And don't even think about trying to use any advanced features like DataLabs. I've seen it bring appliances like these to their knees.

2. Design for Recovery - Eschew the traditional wisdom and just go with a standard disk based storage platform. Restore speed would be better without the overhead of bringing back highly compressed and deduped data. However, without that capacity efficiency you would need to either buy way more storage, or worse be faced with deciding what data isn't worth saving.

With FlashArray//C you no longer have to compromise. Pure Storage originally brought all-flash to the datacenter at scale with their industry leading data reduction technology paired with all-flash performance. FlashArray//C is built on that exact same technology. It has the capacity efficiency of a traditional deduping backup storage appliance, but with flash backed performance. QLC only works to amplify that capacity density. Most of all, leverage the best of what Veeam has to offer with enhanced features built on Instant Recovery and DataLabs while having plenty of performance left over to handled other workloads as well. Need a lower tier datastore than //X for a few more VMs? Go for it.

Immutability with Safe Mode

None of this matters if an attacker can managed to delete or encrypt your backups. This is where FlashArray's SafeMode comes in. Once SafeMode is enabled, your Veeam backups can't be eradicated (deleted), modified, or encrypted. Furthermore, SafeMode may only be configured or modified by Pure Technical Support working with an authorized designee from your organization.


I realize it all sounds a bit too good to be true. Speed, density, SafeMode, and all built on the reliability and simplicity of the FlashArray platform. Yet here it is. Over a decade in the making, FlashArray//C combines Pure's years of innovation with QLC's arrival on the IT scene. It has use cases we're only beginning to explore, but from the day I was first introduced to it I knew it was the perfect fit for Veeam customers looking to make the most of their backups.

Learn more about FlashArray//C at PureStorage.com.

Already have FlashArray//C? Let me show you how to set it up as your Veeam repo.

I am an employee of Pure Storage.

My statements and opinions on this site are my own and do not necessarily represent those of Pure Storage.

©2020 jdwallace.com.