Contents x
Offload Veeam Cloud Tier Backups to Backblaze B2 with Immutability
    • Print
    • Dark
      Light
    Contents

    Offload Veeam Cloud Tier Backups to Backblaze B2 with Immutability

      • Print
      • Dark
        Light
      Article Summary

      Backblaze is certified as Veeam Ready—Object and Veeam Ready—Object with Immutability. Immutability is an important part of protecting backups from threats such as ransomware or stolen credentials by ensuring that your backup data is safe and secure for a specified timeframe.

      This guide shows you how to set up Backblaze B2 Cloud Storage as part of a Scale-Out Backup Repository with Immutability in Veeam using our S3-Compatible API. To protect against ransomware, Backblaze strongly recommends that all Veeam customers enable immutability when offloading backups to Backblaze B2 using Veeam Cloud Tier.

      This guide applies only to Enterprise and Enterprise Plus editions of Veeam Backup & Replication and Veeam Availability Suite. You can back up other editions of Veeam to Backblaze B2 using our partner, Tiger Bridge. Click here for more information.

      If you need assistance with installing Veeam in your environment, click here.

      Video Tutorials

      The following video guide walks you through how to set up Backblaze B2 as part of a Scale-Out Backup Repository with immutability in Veeam using our S3-Compatible API.

      The following video guide walks you through how to set up a local storage repository for the Scale-Out Backup Repository in Veeam. After this step is complete, you can back up your Veeam data to Backblaze B2 using our S3-Compatible API. You can also enable Object Lock for immutable ransomware protection.

      Enable Backblaze B2

      Before you begin: You must have a Backblaze B2 Cloud Storage account. You can sign up here. If you already have a Backblaze account and the left navigation menu contains a B2 Cloud Storage section, your account is already enabled for Backblaze B2.

      1. Sign in to your Backblaze account.
      2. In the left navigation menu under Account, click My Settings.
      3. Under Enabled Products, select the checkbox to enable B2 Cloud Storage.
      4. Review the Terms and Conditions, and click OK to accept them. 

      Create a Bucket

      Object Lock allows immutability in Veeam to prevent your files from being changed. To protect your offloaded backups from ransomware, Backblaze strongly recommends that you enable Object Lock and use the Veeam Immutability feature. For more information about Object Lock, click here.

      1. Sign in to your Backblaze account.
      2. In the left navigation menu under B2 Cloud Storage, click Buckets.
      3. Click Create a Bucket.
      4. Enter a name for your bucket.
        Bucket names must be at least six characters and globally unique. A message is displayed if your bucket name is already in use.
      5. Select a privacy setting: Private or Public.
        Files that are in a private bucket require authentication to perform an action, for example, downloading. Public buckets do not require authentication so you can easily share files. You can change a bucket's privacy settings at any time.
      6. If applicable, enable a Backblaze B2 server-side encryption key.
      7. Enable Object Lock to restrict a file from being modified or deleted for a specified period of time.
        Object Lock is required to use Veeam with Immutability. 
      8. Click Create a Bucket, and copy the value that is in the Endpoint field; you will need this value for other processes.
      9. Click Lifecycle Settings, and ensure that this option is set to Keep all versions of the file (default).

      Create an Application Key

      You cannot use your master app key with Veeam Cloud Tier or the Backblaze S3-Compatible API.

      Do not change any of the default settings.

      Application keys control access to your Backblaze B2 Cloud Storage account and the buckets that are contained in your account.

      1. Sign in to your Backblaze account.
      2. In the left navigation menu under Account, click Application Keys.
      3. Click Add a New Application Key, and enter an app key name.
            You cannot search an app key by this name; therefore, app key names are not required to be globally unique.
      4. Select All or a specific bucket in the Allow Access to Bucket(s) dropdown menu.
      5. Optionally, select your access type (Read and Write, Read Only, or Write Only).
      6. Optionally, select the Allow List All Bucket Names checkbox (required for the B2 Native API b2_list_buckets and the S3-Compatible API S3 List Buckets operations).
      7. Optionally, enter a file name prefix to restrict application key access only to files with that prefix. Depending on what you selected in step #4, this limits application key access to files with the specified prefix for all buckets or just the selected bucket.
      8. Optionally, enter a positive integer to limit the time, in seconds, before the application key expires. The value must be less than 1000 days (in seconds).
      9. Click Create New Key, and note the resulting keyID and applicationKey values.
      Note
      When you create a new app key, the response contains the actual key string, for example N2Zug0evLcHDlh_L0Z0AJhiGGdY. You can always find the keyID on this page, but for security, the applicationKey appears only once. Make sure you copy and securely save this value elsewhere.

      Set Up a Veeam Repository

      You must create a scale-out backup repository by adding a local storage component as a backup repository.

      1. Open Veeam Backup & Replication, and click Connect.
      2. Select Backup Infrastructure in the left navigation menu, and select Backup Repositories.
      3. In the top menu, click Add Repository.
      4. Select Direct attached storage, and select Microsoft Windows.
      5. Enter a name and a description for your repository, and click Next.
      6. Click Populate, select the drive that you want to use, and click Next.
      7. Click Browse to specify a folder on the drive or use the default folder, and click Next.
        By default, Veeam creates a folder named “Backups” at the root of the drive.
      8. Click Next, and click Apply to apply the settings.
      9. After the backup repository is created and each step is green, click Next and click Finish.

      Your repository is displayed in the Backup Repositories section of Backup Infrastructure.

      Add a Repository for Backblaze B2

      Your bucket must have Object Lock enabled, and your application key must be newly created.

      1. Open Veeam Backup & Replication, and click Connect.
      2. Select Backup Infrastructure in the left navigation menu, and select Backup Repositories.
      3. In the top menu, click Add Repository.
      4. Select Object storage, and select S3 Compatible.
      5. Enter the details for your repository.
        1. Enter a name and a description for your repository, and click Next.
        2. In the Service point field, enter the S3 endpoint that you copied in the "Create a Bucket" task (for example, S3.us-east-005.backblazeb2.com).
        3. In the Region field, enter the second part of the S3 endpoint (for example, us-east-005). 
        4. In the Credentials field, click Add.
        5. Enter your keyID in the Access Key field, enter your applicationKey in the Secret Key field, and enter a description.
        6. Click OK, and click Next.
      6. In the Bucket section, click Browse, select the bucket that you created, and click OK
      7. In the Folder field, click Browse and click New Folder.
      8. Enter a name for your folder, press Enter, and click OK.
      9. Select the Make recent backups immutable checkbox, and enter the number of days to lock your files.
        Backblaze strongly recommends that you use the immutability feature to protect your organization from ransomware.
      10. To apply your settings, click Next and click Apply.
      11. After the items on the Apply page are green, click Next and click Finish.

      The Backblaze B2 repository is displayed in the Backup Repositories section of Backup Infrastructure.

      Add a Scale-Out Repository

      1. Open Veeam Backup & Replication, and click Connect.
      2. Select Backup Infrastructure in the left navigation menu, select Scale-out Repositories, and click Add Scale-out Repository.
      3. Enter a name and a description, and click Next.
      4. On the Performance Tier tab, click Add, select the local repository that you created in the “Set Up a Veeam Repository” task, and click OK.
      5. Ensure that Data locality is selected, and click Next.
      6. In the Capacity Tier tab, select Extend scale-out backup repository capacity with object storage, and click Choose.
      7. Select the Backblaze B2 repository that you created in the “Add a Repository for Backblaze B2” task, and click OK.
      8. Define the time windows to allow uploading to the capacity tier.
      9. Backblaze recommends that you select Copy backups to object storage as soon as they are created, which creates a copy of your backups on both tiers.
      10. Click Apply, and click Finish.

      The scale-out repository appears in the Scale-out Repositories section of Backup Infrastructure.

      Create a Backup Job

      1. Open Veeam Backup & Replication, and click Connect.
      2. Select Home in the left navigation menu, and select Jobs.
      3. Click Backup Job, and select Virtual machine.
      4. Enter a name and a description, and click Next.
      5. Click Add, select the VMs to back up to Backblaze B2, click Add, and click Next.
      6. In the Backup Repository menu, select the backup repository that you created in the "Set Up a Veeam Repository" task, and click Advanced.
      7. In the Schedule tab, set the scheduling options for the backup job and click Apply.
      8. To run the first backup job immediately, select Run the job when I click Finish.
      9. Click Finish.

      You can validate that the backup is running by clicking Session Tools and clicking Last 24 Hours in the left-hand column. You can see the current backup job, and when that job completes, Veeam begins a new job to offload the data to Backblaze B2 with “Offload” in the Job Name.

      Was this article helpful?
      Related articles
      What's Next