VMCA2022 Veeam Certified Architect 2022 Question and Answers

The component that will help the customer meet their stated objectives is to leverage Backup Enterprise Manager to allow end-users to restore files within their scope. Backup Enterprise Manager is a web-based interface that provides access to Veeam Backup & Replication functionality, such as backup, replication, and restore1. One of the customer’s business requirements is to develop a self-service portal and integrate it with the new backup solution. Backup Enterprise Manager can fulfill this requirement by enabling self-service file-level restores for end-users, as well as integration with help desk systems2. The other options are not related to the customer’s recovery requirements, as they are either not necessary (option A, as indexing and RBAC policies are optional features), not sufficient (option B, as deploying the console and setting RBAC policies do not enable self-service restores), or not native to Veeam software (option C, as the technical requirements state that Oracle backups must be managed by Veeam, not RMAN). References: Backup Enterprise Manager, Self-Service File Restore.

The best way to accomplish the goal of ensuring backups are free of malware before data is restored is to ensure a compatible antivirus solution is available on mount servers for secure restores. Secure restore is a feature of Veeam Backup & Replication that allows you to scan backup files for malware before performing a restore operation, using a built-in or third-party antivirus solution1. Mount servers are components of Veeam Backup & Replication that mount backup files to the backup server or backup proxy2. By having a compatible antivirus solution on mount servers, you can leverage the secure restore feature to check the backup data for malware and prevent any infection from spreading to the production environment. The other options are either not feasible (option A and B, as staged restore and Veeam Data Integration API are not designed for malware detection34) or not sufficient (option C, as Veeam Data Integration API alone cannot scan backup files for malware). References: Secure Restore, Mount Servers, Staged Restore, Veeam Data Integration API.

Data scrubbing is the process of removing sensitive or confidential data from backups before restoring them, to comply with regulatory or legal requirements1. Veeam Backup & Replication supports data scrubbing for VMware VMs by using a custom script that runs inside the virtual lab2.

To perform data scrubbing, you need to create a virtual lab, an application group, and a SureBackup job. The virtual lab is a fenced-off environment where you can test and verify your backups without affecting the production network3. The application group is a collection of VMs that you want to restore and scrub. The SureBackup job is a task that automates the verification and restoration of VMs in the virtual lab.

The custom script is a PowerShell script that you need to write and configure to run on the VMs in the application group. The script should perform the necessary actions to delete or modify the data that you want to scrub, such as files, folders, registry keys, database records, etc2. You can use the Veeam PowerShell snap-in to access the Veeam functionality and objects from the script.

You can find more information about data scrubbing and how to configure it in the Veeam Backup & Replication User Guide for VMware vSphere2.

The additional information that is necessary for sizing the backup solution and must be gathered during further discovery are the amount of virtual machines to be protected and the total amount of production storage provisioned space. These metrics are used to calculate the backup storage requirements, the backup proxy and transporter resources, and the backup job configuration. The other options are either not relevant for sizing the backup solution (repository storage file system, replication schedule) or already provided in the scenario (the available bandwidth per site). References: Veeam Certified Architect 2022 Exam Guide, page 10; Veeam Backup & Replication v11: Architecture and Designcourse, module 3.

The component sizing that should be adjusted is the physical storage in the repositories. The repositories are the backup storage locations where Veeam Backup & Replication stores backup files, VM copies and metadata for replicated VMs1. Increasing the retention period from four to five years means that more backup files will be kept on the repositories, and thus more storage space will be required. The other options are not affected by the retention period change, as they are either related to off-site backups (option A), Veeam Backup & Replication server performance (option C), or backup proxy performance (option D). References: Backup Repositories.

Reducing the recovery point objective (RPO) for silver tier workloads means that the backup frequency will increase, resulting in more backup data being generated and transferred. This will affect the sizing requirements of the Veeam components that are responsible for storing and processing the backup data, namely the Veeam repository and proxy roles1.

The Veeam repository is a storage location where the backup files are stored. The repository size depends on the amount of data to be backed up, the backup method, the retention policy, and the compression and deduplication settings2. Reducing the RPO will increase the amount of data to be backed up, and may require more frequent synthetic full backups or active full backups to maintain the retention policy. This will increase the repository size and the disk space consumption.

The Veeam proxy is a data mover that performs backup, replication, and restore tasks. The proxy size depends on the number of concurrent tasks, the transport mode, the backup method, and the compression and deduplication settings3. Reducing the RPO will increase the number of concurrent tasks and the amount of data to be processed by the proxy. This will increase the proxy size and the CPU and memory consumption.

You can find more information about the sizing requirements and best practices for the Veeam repository and proxy roles in the following resources:

• Veeam Backup & Replication Best Practices
• Veeam Backup Repository Sizing Calculator
• Veeam Proxy Sizing Calculator

The best option to still satisfy the requirement for offsite, immutable or air gapped backups if the cloud provider selected for archive storage does not support immutability is to set up Scale-out Backup Repository capacity tier to a different cloud provider than the archive tier. Scale-out Backup Repository is a logical entity that groups several backup repositories into a single pool of storage, and allows to move backup files between performance and capacity tiers1. The capacity tier can be configured to use Amazon S3 or Microsoft Azure Blob Storage, which support Object Lock feature for immutability2. By using a different cloud provider for the capacity tier than the archive tier, the backup data can be stored in two separate locations, with one copy being immutable or air gapped. The other options are either not feasible (option A, as the scenario does not mention another site), not secure (option C, as the backup data can still be accessed or modified when the repository is online), or not offsite (option D, as the scenario requires a copy of backup data in a public cloud). References: Scale-out Backup Repository, Object Storage Immutability.

The best way to deploy the proxies for the remote office is to deploy eight virtual proxies with eight CPUs and 16 GB of RAM each. This option allows to leverage the Virtual appliance (Hot-Add) mode, which is the recommended transport mode for VSAN storage1. Virtual appliance mode enables LAN-free data transfer between the source datastore and the proxy, as well as load balancing and fault tolerance across multiple proxies2. The other options are either not optimal (option A and B, as physical proxies require LAN or SAN connection to access the source data, which may impact the networkperformance and backup SLAs3) or not supported (option C, as virtual proxies with more than eight CPUs are not compatible with Virtual appliance mode). References: Transport Modes, Virtual Appliance Mode, Direct Storage Access Mode, [Requirements and Limitations for VMware Backup Proxies].

The recommended step that Veeam Life and Indemnity can take to improve the latency encountered during backup of the virtualized MSSQL Server database running on vSAN is to implement Veeam Agent for Microsoft Windows on the virtualized MSSQL Server database servers. Veeam Agent for Microsoft Windows is a data protection solution that allows you to back up physical or virtual Windows machines at the guest OS level. Veeam Agent for Microsoft Windows can provide application-aware processing and transaction log backup for MSSQL servers, as well as support for vSAN storage snapshots. Veeam Agent for Microsoft Windows can also reduce the latency by performing backups without using VMware snapshots, which can cause stun issues on vSAN.

The methods that should be used to scope virtual machine backups based on customer requirements are to create backups based on tags and to create backup jobs with same retention requirements. Creating backups based on tags allows dynamic scoping of backups based on VMware tags assignedto virtual machines. This can simplify backup management, as new or modified virtual machines will be automatically included or excluded from backup jobs based on their tags. Creating backup jobs with same retention requirements allows consistent application of backup policies based on the backup tiers defined by the customer. This can ensure compliance with regulatory and business needs, as different tiers of virtual machines will have different retention periods and restore points.

The types of jobs that do not support using immutability from S3 Object Lock or hardened repositories are NAS backups and Agent for Mac backups. These types of jobs do not have the option to enable immutability in their settings, unlike VMware, Hyper-V, Linux Agent, or Windows Agent backup jobs. Therefore, they cannot leverage the immutability feature of S3 Object Lock or hardened repositories to protect their backups from ransomware or malicious deletion.

References: [S3 Object Lock Immutability], [Hardened Linux Repository], [NAS Backup], [Agent for Mac]

The additional Veeam capabilities that must be included in the conceptual design for gold level systems are SureBackup and Secure Restore. SureBackup is a feature that allows you to automatically verify the recoverability of your backups by running them in an isolated virtual lab. This can help you meet the requirement of testing the gold tier backups to verify recoverability. Secure Restore is a feature that allows you to scan your backups for malware before restoring them to the production environment. This can help you meet the requirement of scanning all backups for malware before restoring.

References: [SureBackup], [Secure Restore]

The component that will help the customer meet their stated objectives of role-based access control (RBAC) and alternative decryption capabilities is Veeam Backup Enterprise Manager. Veeam Backup Enterprise Manager is a web-based interface that allows centralized management of multiple Veeam backup servers. It also provides RBAC policies that enable granular control over user permissions and access to backup data. For example, you can assign different roles to different users or groups based on their responsibilities and needs, such as backup administrator, restore operator, securityofficer, etc. Veeam Backup Enterprise Manager also provides password loss protection feature that enables authorized users to restore encrypted backups without entering passwords if they forget or lose them.

The areas that would benefit from additional analysis on areas mentioned in the case study are MSSQL, NAS, and PostgreSQL. These areas have specific backup and restore requirements that need to be considered and addressed in the design and sizing of the Veeam backup infrastructure. For example, MSSQL requires transaction log backup and application-aware processing to ensure consistent backups and point-in-time recovery. NAS requires file-level backup and storage integration to optimize backup performance and storage efficiency. PostgreSQL requires pre-freeze and post-thaw scripts to quiesce the database before backup and resume it after backup.

References: [MSSQL Server Backup], [NAS Backup], [PostgreSQL Backup]

The steps that should be taken to correct the storage configuration based on the customer’s hardening requirements are to add hardened repositories to each Scale-out Backup Repository and evacuate the data from the CIFS extents. A hardened repository is a type of backup repository that provides immutability and ransomware protection for backup files by using Linux XFS file system features and Linux access control mechanisms. A Scale-out Backup Repository is a logical entity that groups several backup repositories into one pool of storage. A CIFS extent is a type of backup repository that uses a shared folder on a Windows or Linux server as a backup target. By adding hardened repositories to each Scale-out Backup Repository, you can ensure that your backups are secure, compliant, and efficient. By evacuating the data from the CIFS extents, you can remove the risk of ransomware infection or deletion of your backups.

The repository type that will be most impacted by using Veeam’s native encryption is dedupe repositories. Dedupe repositories are backup repositories that use deduplication appliances or software to reduce backup size and optimize storage utilization. However, if you use Veeam’s native encryption for backup jobs that target dedupe repositories, you will lose most of the deduplication benefits, as encrypted data blocks cannot be deduplicated effectively. Therefore, it is recommended to use either the encryption feature of the deduplication device or software, or avoid encryption altogether for dedupe repositories.

The retention requirement for gold tier virtual machines is that they must have 14 daily, eight weekly, three monthly and seven yearly backups. This requirement can be derived from the technical requirement of having eight weekly backups, three monthly backups, and seven yearly backups for regulatory purposes, as well as the business requirement of having daily backups for gold tier virtual machines.

If the repositories are able to accomplish much higher throughput, a new issue that might come up is that the bandwidth between sites might not be sufficient to support the backup copy jobs that need to run daily between Fresno and Carson City. This could cause the backup copy jobs to fail, take longer than expected, or consume too much network resources. Therefore, it is important to measure the available bandwidth between the sites and compare it with the backup copy data size and window. If the bandwidth is not sufficient, some possible solutions are to use compression, deduplication, or WAN acceleration to reduce the backup copy traffic.

•Backup copy jobs with GFS enabled. This type of job does not support using immutability from S3 Object Lock because it uses synthetic full backups, which require modifying existing backup files. Synthetic full backups are not compatible with immutability settings, as they violate the principle of not changing the backup files.

To design a solution that meets the requirements for off-site immutable backups for Veeam University Hospital, you need to consider some of the options and features that Veeam products and features offer. This will help you to ensure the security and integrity of your backup data, as well as the compatibility and supportability of the cloud provider that does not currently support immutability.

According to the Veeam Backup & Replication Best Practice Guide, immutability is a feature that prevents backup files from being deleted or modified by anyone until the specified retention period expires. Immutability can be achieved by using S3 Object Lock or Hardened Repository, which are two different solutions that Veeam Backup & Replication supports.

Based on this definition, the best option to still satisfy the requirements for off-site immutable backups is A. Backup copy to a hardened repository.

This option means that:

•The backup copy is a type of job that allows you to create and maintain copies of your backup data on a secondary backup repository. You can use backup copy jobs to send your backup data off-site, as well as to apply different retention settings and policies.

•The hardened repository is a solution that allows you to add a hardened repository based on a Linux server to your backup infrastructure. You can use hardened repository with Veeam Backup & Replication to make your backups immutable on-premises or off-site.

•The backup copy to a hardened repository can be configured and managed by Veeam Backup & Replication, regardless of the cloud provider that does not currently support immutability. You only need to deploy and connect a Linux server with a hardened repository in the cloud environment, and then use it as a target for your backup copy jobs.

To design a solution that meets the replication requirement for Veeam University Hospital, you need to consider some of the mitigating techniques that might be required for the virtual machines that have several separate large VMDKs with a high change rate per virtual machine on the same datastore. This will help you to overcome some of the challenges and limitations that may affect the replication performance and efficiency, as well as the recovery point objective (RPO) of the organization.

According to the Veeam Backup & Replication Best Practice Guide, some of the mitigating techniques that might be required are:

•Implement WAN accelerator. This technique can help you to reduce the amount of data that needs to be transferred and processed between the source and target sites, by using caching, deduplication, compression, and encryption. You need to deploy a pair of WAN accelerators, one at the source site and one at the target site, and configure them in the replication job settings. This technique can improve the replication speed and efficiency, as well as save network bandwidth and storage space.

•Recommend migrating some of the VMDKs to alternative datastores. This technique can help you to avoid performance degradation and resource contention on the source datastore, by distributing the load and I/O across multiple datastores. You need to use VMware tools or commands, such as Storage vMotion or svmotion, to migrate some of the VMDKs to other datastores that have enough capacity and performance. This technique can improve the replication stability and reliability, as well as reduce the impact on the production environment.

Therefore, based on these techniques, the answer that describes which mitigating techniques might be required is A and C.

To design a solution that meets the virtual infrastructure requirements for Veeam University Hospital, you need to collect some information during the discovery phase. This information will help you to understand the configuration and performance of the VMware clusters, the size and type of the data, and the backup and recovery objectives.

According to the Veeam Backup & Replication Best Practice Guide, some of the information related to the virtual infrastructure that is missing and must be collected during the discovery phase are:

•Local area network speed. This information will help you to determine the network bandwidth and throughput that are available for backup and replication traffic, as well as the impact of backup and replication activities on the network performance and latency.

•Size of the source data set. This information will help you to estimate the backup storage requirements, as well as the backup compression and deduplication ratios, based on the size and type of the data.

Therefore, the correct answer is A and D.

To design a solution that meets the offsite copies and archives requirements for Veeam University Hospital, you need to clarify some of the assumptions and expectations of the customer. This will help you to avoid any misunderstandings or conflicts that may arise during the implementation or operation of the solution.

According to the Veeam Backup & Replication Best Practice Guide, offsite copies and archives are two different concepts that serve different purposes. Offsite copies are backups that are stored in a different location than the primary backup storage, and are used for disaster recovery purposes. Archives are backups that are stored for a longer retention period than the regular backups, and are used for compliance or historical purposes.

Based on these definitions, the requirement that needs additional information to help clarify the customer expectation is C. Backups must take advantage of public cloud storage for long term archival purposes.

•Veeam CDP is a technology that helps you protect mission-critical VMware virtual machines when data loss for seconds or minutes is unacceptable12.

•Veeam CDP leverages vSphere APIs for I/O filtering (VAIO) to constantly replicate I/O operations performed on VMs without creating snapshots12.

•Veeam CDP allows you to configure the RPO per second and achieve near-zero RPO, which means almost no data loss12.

•Veeam CDP also provides minimum recovery time objective (RTO) in case of a disaster, as CDP replicas are in a ready-to-start state1.

Veeam image-based replication is not the best option, as it relies on snapshots and has a higher RPO than CDP3. Custom PowerShell scripting is not a reliable or scalable solution, as it requires manual coding and maintenance. Veeam Backup Copy with immediate mode is not suitable for replication, as it is designed for copying backup files, not VM replicas4.

References: 1: Continuous Data Protection (CDP) - User Guide for VMware vSphere 2: Veeam v11: Continuous Data Protection (CDP) configuration 3: Replication - User Guide for VMware vSphere 4: Backup Copy Modes - User Guide for VMware vSphere

To design a solution that meets the immutability requirement for Veeam University Hospital, you need to consider how this constraint affects the other requirements and expectations of the customer. This will help you to avoid any conflicts or inconsistencies that may arise from applying immutability settings to the backup data.

According to the Veeam Backup & Replication Best Practice Guide, immutability is a feature that prevents backup files from being deleted or modified by anyone until the specified retention periodexpires. Immutability can be achieved by using S3 Object Lock or Hardened Repository, which are two different solutions that Veeam Backup & Replication supports.

Based on this definition, the requirement that is impacted by the immutability constraint is D. Backup must take advantage of public cloud storage for long-term retention.

This requirement is impacted by the immutability constraint because:

•Public cloud storage is a type of storage that is provided by a third-party service provider over the internet, such as Amazon S3, Microsoft Azure, Google Cloud, etc.

•Public cloud storage can be used for long-term retention, which is a policy that defines how long backup data should be kept for compliance or historical purposes, such as months, years, or decades.

•Public cloud storage can also support immutability, which is a feature that prevents backup data from being deleted or modified by anyone until the specified retention period expires, such as days, weeks, or months.

•However, not all public cloud storage providers or services support immutability, or support it in the same way. For example, Amazon S3 supports S3 Object Lock, which allows you to apply a legal hold or a retention period to individual objects or object versions. Microsoft Azure supports Immutable Blob Storage, which allows you to create time-based policies or legal holds for blob containers. Google Cloud supports Bucket Lock, which allows you to lock a bucket and prevent objects from being overwritten or deleted.

•Therefore, the choice of the public cloud storage provider or service may affect the immutability setting and requirement for the backup data. You need to verify and compare the compatibility and supportability of the public cloud storage providers or services with Veeam Backup & Replication and with the customer expectation.

•Use Hardened Repositories as the primary target, which are Linux-based repositories that support immutability and prevent ransomware from accessing or deleting backup files12.

•Use backup copy jobs to create a second copy of the backups to a different site, which will provide additional protection and redundancy in case of a disaster or data loss34.

•Use Veeam Backup & Replication servers at one location, which will simplify the management and monitoring of the backup infrastructure and reduce the operational costs.

The other configurations are not as effective or secure, as they either do not use immutability, do not create a second copy of the backups, or do not leverage the benefits of Veeam Backup & Replication servers.

References: 1: Protect against Ransomware with Immutable Backups - Veeam 2: Hardened Repository - User Guide for VMware vSphere 3: Backup Copy Modes - User Guide for VMware vSphere 4: Backup copy jobs - Veeam Backup & Replication Best Practice Guide : Veeam Backup & Replication Architecture Overview

Thank you for your question. I’m glad to help you with your VMCA 2022 project.😊

To design a solution that meets the needs and requirements of Veeam University Hospital, you need to consider the impact and benefit of adding extra proxy servers to your backup infrastructure. This will help you to optimize the performance and efficiency of your backup and restore operations, as well as to prepare for future growth and expansion.

According to the web search results, a proxy server is a component that retrieves data from the source host, processes it and transfers to the backup repository. It also performs data compression, deduplication, encryption, etc. You can deploy backup proxies both in the primary site and in remote sites1.

The immediate result of adding the extra proxy server is A. The time for backup to complete could be reduced.

This result means that:

•The time for backup to complete is a metric that measures how long it takes to perform a backup job from start to finish. It depends on various factors, such as the size and type of data, the backup method and frequency, the network bandwidth and latency, etc.

•Adding an extra proxy server can reduce the time for backup to complete, by distributing the backup workload between available proxy servers. This can improve the backup performance and efficiency, as well as reduce the impact on the production environment.

•Reducing the time for backup to complete can also help you to meet your backup window and recovery point objective (RPO) requirements, as well as to free up more resources for other tasks or jobs.

To design a solution that meets the needs and requirements of Veeam University Hospital, you need to conduct a thorough analysis on the areas mentioned in the case study. This will help you to understand the current state of the environment, the goals and expectations of the stakeholders, and the constraints and challenges of the project.

According to the case study, some of the areas that would benefit from additional analysis are:

•NAS. This area would benefit from additional analysis because NAS systems are used to store confidential patient data as unstructured data, which need to be backed up consistently and securely. You need to collect more information about the characteristics and performance of the NAS systems, such as the size and type of data, the number and distribution of files, the largest file size, the version of SMB protocol, the deduplication and compression ratios, etc. This will help you to design a solution that can meet the backup and recovery objectives, as well as the regulatory and security requirements, for the NAS data.

•PostgreSQL. This area would benefit from additional analysis because PostgreSQL databases are used by some of the departments, with a mix of virtual and physical deployments. You need to collect more information about the configuration and performance of the PostgreSQL databases, such as the version and edition, the operating system and platform, the backup and restore methods and tools, the consistency and integrity requirements, etc. This will help you to design a solution that can support and integrate with PostgreSQL databases, as well as provide consistent and reliable backups and restores.

•OneDrive. This area would benefit from additional analysis because OneDrive is used by all doctor and lab staff to store their user data on their laptops, which also need to be backed up. You need to collect more information about the usage and performance of OneDrive, such as the number and size of files, the synchronization frequency and settings, the authentication and authorization methods, etc. This will help you to design a solution that can protect and recover OneDrive data, as well as exclude any operating system or personal files from backup.