Some VMware-focused backup and recovery (“data protection”) tools have grown significantly in recent years around the world, more in part due to an aggressive marketing strategy. However, they have a series of serious deficiencies that can cause significant problems to the security of backups, environment recovery speed in case of disasters, and lack of basic functionalities compared to other competitors – especially Bacula Enterprise. Only Bacula gives the truly acceptable range of security and functionality. Consider the following:
A Comparative Look at VMware-focused Backup Tools
Beware of Having No Global Deduplication
It appears that the most well-know VMware data protection solution does not have deduplication at source, acknowledged in the Gartner Backup Systems 2021 report. In this regard, an employee himself – in a forum for this report – mentions the lack of Global Deduplication:
Because there is no global deduplication, files of a backup chains can be used for restore without any deduplication-DB, VBR installation or other complex tasks. Ref.: https://community.veeam.com/discussion-boards-66/gartner-magic-quadrant-for-enterprise-backup-and-recovery-software-solutions-2021-1233
Instead, the only supposed deduplication technique is actually block-level differential backup of virtual machines, using techniques common to all backup system manufacturers (CBT). Identical data on different VMs or disks, for example, are not deduplicated against each other, as follows.
VM disks. Veeam Backup & Replication analyses data blocks within the same VM disk. If identical blocks are found, duplicates are eliminated. Ref.: https://helpcenter.veeam.com/docs/backup/vsphere/wan_acceleration_sources.html?ver=110
In this way, high workloads such as file backup, Oracle Databases, MySQL, PostgreSQL, and M365 will not be duplicated in the source or the storage by these limited systems, resulting in higher network traffic and greater demand for storage, greatly increasing backup hardware costs.
Beware: some vendors argue that block-level deduplication can be performed by a PBBA (Purpose-Built-Backup-Appliance). These include Dell’s DataDomain, NetApp’s OneTap, HP StoreOnce, Quantum DXi, iXsystems’ TrueNas, Huawei OceanStore, Exagrid, PureStorage, etc. However, this equipment has a very high cost compared to traditional servers, which can be as efficient as in data ingestion when used with Global Deduplication performed by the backup system. Global Source Deduplication is much more efficient as it allows the replication load to be shared among all backup client machines, exponentially increasing the backup ingestion capacity. Finally, it is important to state that all these Appliances can be used by all leading backup systems as a backup target.
A well-known Origin Global Dedup technique is Dell’s DDBoost, specific to its DataDomain Appliance. Thus, the leading tools such as IBM Spectrum, Commvault, NetBackup, Avamar, and Bacula Enterprise are those that have a Global Deduplication engine. As it is the clients who calculate the blocks of data to be transmitted, or not, the occupation of the Ethernet bus is reduced many times, and the network is no longer a possible bottleneck for backup and restore activities. In addition, the backups’ durations are greatly reduced.
Bacula Enterprise also has full synthetic backups (Virtual Full) for all workloads, reducing the duration of backups in this mode by hundreds of times.
Beware of the Backup Manager Only Working on Windows
As indicated in <https://helpcenter.veeam.com/docs/backup/em/system_requirements.html?ver=110, where the central management module (master) as well as consoles only support Windows OS. In addition to the technological lock-in to the operating system, it is statistically more affected by ransomware https://www.statista.com/statistics/701020/major-operating-systems-targeted-by-ransomware/, whose corporate infection cases have been increasingly frequent.
On the other hand, leading systems such as IBM Spectrum, Commvault, NetBackup, and Bacula Enterprise, all have the possibility of a manager module and Web/Desktop consoles on Linux, considerably reducing the chances of the action of viruses and ransomware at the operating system level. Backup Administrators are also exempt from having a Windows machine to manage backups.
Malicious developer groups have already created Vendor-specific ransomware https://threatpost.com/conti-ransomware-backups/175114/ to encrypt backups and prevent restore of production data. Likewise, critical vulnerabilities have already been found in versions of these solutions on the Microsoft platform, including a malware infection vector https://www.techradar.com/news/critical-veeam-backup-vulnerabilities-exposed-windows- users-to-ransomware-assault which is even worse.
According to the Gartner Report “Magic Quadrant for Enterprise Backup and Recovery Software Solutions – 2022”, it requires significant knowledge, cost, resources and attention to achieve even minimal security in this case.
Implementing a secure platform together with advanced ransomware immutability, detection and recovery requires clients to carefully design, deploy and manage the deployment to mitigate ransomware threats.
Beware: Solutions that Do Not Write Backups Directly to Tape or Cloud
Backup solutions that do not support writing or restoring directly to magnetic tape (the same goes for cloud backups), present several hurdles in disaster restore scenarios, as follows.
To back up data to tape, you need to create and run tape jobs. The backup to tape job is a dedicated job that archives to tape Veeam backups that were produced by Veeam backup jobs. Mind that you cannot directly backup virtual machines to tapes. Ref: https://helpcenter.veeam.com/docs/backup/vsphere/backup_to_tape_jobs.html?ver=110
In addition to the need for a large primary disk backup area for all backups, only to be able to perform a copy to tape or the cloud later, the backup windows are larger as it is not possible to perform simultaneous backups to multiple media. Restoration is also hampered, since intermediate disk space is always needed, especially in disaster situations (such as ransomware infection of the backup server).
Magnetic tape and cloud backups are crucial because they provide a physical and logical separation for backups, being essential to be able to meet the state of the art in secure backup architectures, which is 3-2-1: three different types of corporate data storage; at least two different media types; and an off-site backup type.
Beware of Inferior Scalability.
According to Gartner Report “Magic Quadrant for Enterprise Backup and Recovery Software Solutions – 2022”, many solutions have extremely limited scalability:
Gartner customer inquiries indicate that Veeam can become more complex to manage as the size of the backup environment increases. This includes deployment of separate Veeam agents per protected environment, management of multiple backup proxies, and proper selection of compute and storage infrastructure to align to performance and storage requirements.
This means that multiple “proxies” and “data movers” are needed to back up little more than hundreds or even thousands of machines, increasing equipment costs, security vulnerability surface, and administration costs of so many components.
Superior scalability tools such as Bacula Enterprise, Commvault, and IBM Spectrum are capable of scaling over 10,000 protected machines managed by a single backup management server as well as their media servers.
Solutions That Do Not Backup MySQL and PostgreSQL Properly
It appears that from this manufacturer documentation:
…. it does not have a specific mechanism for PostgreSQL databases, in the same way as other competitors (IBM Spectrum, Commvault, Bacula Enterprise, etc.). These systems use PostgreSQL dumps or PITR techniques, which allow for granular restore of bases, tables, and transactions.
It can be seen that its only functionality is a regular file system backup (copy of datafiles), from file system snapshots that may not even be supported by the file system (like EXT3 /4).
Therefore, it cannot be said that there is any real backup functionality for PostgreSQL; it is not even possible to guarantee the consistency of the base during the restoration – as it does not use any of the safe backup methods supported by the DBMS. Also, differential, incremental, synthetic fulls and transaction-level backups are not supported by this solution for PostgreSQL. How can it meet RFP requirements?
Likewise, the MySQL database backup https://helpcenter.veeam.com/docs/agentforlinux/userguide/mysql_backup.html?ver=50 is also severely impaired for the same reason: “Creates a snapshot of the volume.” This solution does not use any of the backup methods supported by MySQL and other backup solutions, such as text dump, binary dump, differential, incremental, synthetic fulls, or even transaction log level backups. Restoring a single base, table, or transaction is also not supported.
Beware of a Solution that Supports Few Applications
In order to achieve IT department consolidation and to avoid vendor lock-in, flexibility is needed in a backup solution. Most of the solutions in question here do not currently support backup of other Virtualizations, Databases, and critical market applications such as: RHEV/OVirt, RHV, Proxmox, KVM, Xen/Xcp, PostgreSQL, MySQL, IBM DB2, MongoDB, Open LDAP, Hadoop HDFS, Google Workspace (Gmail and Google Drive), Zimbra, among others. On the other hand, all these technologies have native integration in Bacula Enterprise, as well as: VMware VSphere, Hyper-v, Nutanix, Oracle DB, SAP, SAP Hana, Sybase ASE, Microsoft SQL, Active Directory, Continuous Data Protection, Docker, Kubernetes, OpenShift, Bare Metal, Microsoft 365, Microsoft Exchange, SharePoint, NDMP, etc.
Unreasonably High Licensing Costs
Despite shortcomings, these solutions can be as or more expensive than other leading tools pointed out by Gartner, especially for medium and large companies. Bacula Enterprise has no cost per “media server” or per number of accounts in Microsoft 365 and Google Workspace services, and can be up to 50% cheaper than these solutions depending on the Backup Project Scope. Bacula Enterprise also does not have any fee for the size of backups or number of sockets in the universal licensing modality per host, in addition to the guarantee of maintaining the Perpetual License and Subscription modalities.
Siemens uses Bacula for backup jobs across its platforms, and is being solely used by its technical team to manage, administer and check backups. “Veeam was mostly supporting the Windows platform, but we wanted a more Unix-end solution, that would be fast-driven, and not too resource-intensive. Bacula has got excellent customer support and they have always answered and resolved issues promptly” said a Siemens’ System Engineer. He added: “Bacula has also had a very positive impact on our ROI. It is very well priced for the functionalities that Bacula provides as a backup and restore utility” Additional feedback was:
- Bacula is very quick and efficient.
- It has a very easy to use CLI (command line interface).
- It is especially powerful in areas of recovery and customization
Fortunately, today there are several options for distributed backup systems. But it is clear that some managers are unaware of all the technical details of the main solutions on the market. Bacula urges you to compare, research and decide. Backup is a reflection of data center quality and the last resort against cybersecurity threats. Contact us today to implement the highest security, most scalable and most economical corporate backup system today: Bacula Enterprise.