Veeam VMCA2022 Dumps

The Veeam feature that can be used to help achieve compliance with privacy regulations is location tags on repositories. Location tags are labels that can be assigned to backup repositories to indicate their physical or logical location, such as country, region, or data center1. Location tags can help ensure that backup data is stored and processed in compliance with data residency and privacy laws, such as GDPR or CCPA, by allowing backup administrators to create backup policies based on the location of the source and target data2. The other options are not related to privacy compliance, as they are either used for network optimization (preferred networks), server identification (location tags on Veeam Backup & Replication servers), or backup scope (location tags on subnets). References: Location Tags, Using Location Tags.

The things that can be done to validate that the design meets target SLAs and reduces the headcount required to manage the solution are:

• Use tagging and scripts to auto-generate backup jobs, set the start time and windows, letting the backup server manage resource allocation. This option allows to automate the backup job creation and configuration, based on the tags assigned to the source objects, such as VMs, hosts, or clusters1. This reduces the manual effort and human error involved in managing the backup jobs, and ensures that the backup server allocates the optimal resources for each job, based on the load balancing and performance settings2.
• Explain how to detect configuration changes, reporting and using backup job templates to maintain consistency. Document self-service restore the streamline service desk engagement. This option allows to monitor the backup infrastructure and detect any changes that may affect the backup performance or reliability, such as adding or removing VMs, hosts, or clusters3. It also allows to use backup job templates to create consistent and standardized backup policies, and apply them to multiple backup jobs4. Additionally, it allows to document the self-service restore process, which enables end-users to perform file-level restores from their own backups, without involving the backup administrator or the service desk5.
• Review the design so that the slowest part of the infrastructure is fast enough to meet backup window requirements. This option allows to identify and optimize the bottleneck in the backup infrastructure, which is the component that limits the backup speed and throughput. By reviewing the design and ensuring that the slowest part of the infrastructure can meet the backup window requirements, the backup SLAs can be achieved and the backup performance can be improved.

The other options are either not relevant for validating the design (option A and E, as exporting the configuration, scheduling a review, and reviewing the design for bottlenecks are part of the design process, not the validation process) or not effective for meeting the SLAs and reducing the headcount (option C, as using inventory information, backup chaining, and fine tuning are manual and complex tasks that may not guarantee the backup window compliance or resource efficiency). References: Tagging, Load Balancing and Performance, Configuration Change Tracking, Backup Job Templates, Self-Service File Restore, [Bottleneck Statistics]

The additional condition of the offsite backup that is presumed by the immutability requirement is that a copy of backup data must reside in a public cloud local to each region. Immutability means that the backup data cannot be modified, deleted, or overwritten by anyone, including the backup administrator, the cloud provider, or malicious actors1. Veeam Backup & Replication v11 supports immutability for backups stored in Amazon S3 and Microsoft Azure Blob Storage, using the Object Lock feature2. Therefore, the offsite backup must use one of these cloud providers, and must be located in the same region as the source data, to comply with the data locality and privacy laws. The other options are not related to the immutability requirement, as they are either already stated in the business requirements (option A), technical requirements (option B), or not relevant for the Veeam solution (option C). References: Immutability, Object StorageImmutability.

The additional information that is necessary for sizing the backup solution and must be gathered during further discovery are the amount of virtual machines to be protected and the total amount of production storage provisioned space. These metrics are used to calculate the backup storage requirements, the backup proxy and transporter resources, and the backup job configuration. The other options are either not relevant for sizing the backup solution (repository storage file system, replication schedule) or already provided in the scenario (the available bandwidth per site). References: Veeam Certified Architect 2022 Exam Guide, page 10; Veeam Backup & Replication v11: Architecture and Designcourse, module 3.

Snapshot stun is a phenomenon that occurs when a VMware snapshot is removed and the virtual machine (VM) experiences a temporary freeze or performance degradation1. This can affect the availability and consistency of mission critical applications running on the VM.

To avoid snapshot stun, Veeam Backup & Replication offers several options for backing up Linux VMs, such as backup from storage snapshots, direct SAN access, or hot-add2. However, based on the business requirements, the best option is to run pre-freeze and post-thaw scripts before backing up the workload.

Pre-freeze and post-thaw scripts are custom scripts that you can configure to run on the Linux VM before and after the snapshot is taken. The pre-freeze script can be used to quiesce the application and flush its data to disk, ensuring a consistent backup. The post-thaw script can be used to resume the application and perform any necessary cleanup actions3.

By using pre-freeze and post-thaw scripts, you can achieve application consistency and minimize the impact of snapshot stun on the Linux VM. You can use the Veeam Backup & Replication user interface or the Veeam PowerShell snap-in to configure the scripts for the backup job3.

You can find more information about pre-freeze and post-thaw scripts and how to use them in the following resources:

• Pre-Freeze and Post-Thaw Scripts
• Best Practice for Backing Up Linux VMs
• Snapshot Stun Issue

Database administrators and operations team are the most relevant stakeholders to talk to in order to collect business and technical requirements related to virtual infrastructure. Database administrators can provide information about the performance, availability, and recovery needs of the SQL and Oracle servers, as well as the custom financial application on AIX servers. Operations team can provide information about the network bandwidth, firewall rules, storage capacity, and backup windows for the virtual machines and NAS devices. The other stakeholders are less relevant, as they are either not directly involved with the virtual infrastructure (web design team, sales staff) or have minimal requirements (laptop users). References: Veeam Certified Architect 2022 Exam Guide, page 8; Veeam Backup & Replication v11: Architecture and Design course, module 2.

Changing the backup window from 12 hours to 14 hours means that the backup jobs will have more time to complete, and therefore less concurrency will be required. This will reduce the load on the proxies, which are the data movers that perform backup, replication, and restore tasks1. The proxies will need fewer resources, such as CPU and memory, to handle the same amount of data.

The other options are incorrect because:

• A) Proxies will not require more resources, as explained above.
• B) Mount servers will not require fewer resources, as they are not affected by the backup window. Mount servers are used to mount backup files and restore data from them2. Their resource consumption depends on the restore frequency and performance, not the backup window.
• D) Repositories will not require more storage space, as the backup window does not affect the backup size. Repositories are storage locations where the backup files are stored3. Their storage space consumption depends on the amount of data to be backed up, the backup method, the retention policy, and the compression and deduplication settings, not the backup window.

You can find more information about the backup window and the Veeam components in the following resources:

• Backup Window
• Mount Server
• Backup Repository

Network traffic rules are settings that allow you to control the network traffic transferred between backup infrastructure components, such as backup proxies, repositories, and WAN accelerators. You can use network traffic rules to throttle or encrypt the network traffic, or to specify preferred networks for data transfer1.

By configuring network traffic rules, you can reduce the bandwidth consumption for the offloading of data to public cloud storage, and avoid affecting the performance of business applications on the branch sites. You can set limits for the network traffic speed, or schedule the offloading tasks to run during off-peak hours2. You can also select the optimal network routes for the offloading tasks, and avoid congested or slow networks3.

You can find more information about network traffic rules and how to configure them in the following resources:

• Configuring Network Traffic Rules
• Enabling Traffic Throttling
• Specifying Preferred Networks

The information that is still needed for a complete architectural design is how often backups are required for silver machines. This is not stated in the technical requirements, where only the recovery time objective and recovery point objective are given for the silver tier. The backup frequency affects the backup storage consumption, the backup window, and the restore point granularity. The other options are either already provided in the technical requirements (daily backup retention, amount of time required for a successful restore for gold machine) or not relevant for the architectural design (RMAN configuration guidelines). References: Veeam Certified Architect 2022 Exam Guide, page 10; Veeam Backup & Replication v11: Architecture and Design course, module 4.

The best option to still satisfy the requirement for offsite, immutable or air gapped backups if the cloud provider selected for archive storage does not support immutability is to set up Scale-out Backup Repository capacity tier to a different cloud provider than the archive tier. Scale-out Backup Repository is a logical entity that groups several backup repositories into a single pool of storage, and allows to move backup files between performance and capacity tiers1. The capacity tier can be configured to use Amazon S3 or Microsoft Azure Blob Storage, which support Object Lock feature for immutability2. By using a different cloud provider for the capacity tier than the archive tier, the backup data can be stored in two separate locations, with one copy being immutable or air gapped. The other options are either not feasible (option A, as the scenario does not mention another site), not secure (option C, as the backup data can still be accessed or modified when the repository is online), or not offsite (option D, as the scenario requires a copy of backup data in a public cloud). References: Scale-out Backup Repository, Object Storage Immutability.

The tiers of Veeam Financial Services’ backups that will require SureBackup jobs are the silver and gold tiers. SureBackup jobs are used to verify the recoverability of backup files by running virtual machines from backups in an isolated environment and performing tests against live applications1. This feature is suitable for the silver and gold tiers, which have recovery time objectives of six hours and 30 minutes, respectively, and require backups to be verified. The bronze tier, which consists of development machines and field portables, has a recovery point target of seven days, with no recovery time target set, and does not require backup verification. Therefore, SureBackup jobs are not necessary for the bronze tier. Laptop backups are performed by Veeam Agent for Microsoft Windows, which does not support SureBackup jobs2. References: SureBackup, Veeam Agent for Microsoft Windows.

WAN accelerators are dedicated components that Veeam Backup & Replication uses for WAN acceleration. WAN accelerators are responsible for global data caching and data deduplication, which reduce the amount of data that needs to be transferred over the network. By adding WAN accelerators to each site, you can improve the performance of backup copy jobs between sites, and reduce the bandwidth consumption and network traffic3

References:

1: Gateway Server - User Guide for VMware vSphere 2: Gateway Server - User Guide for VMware vSphere 3: WAN Accelerators - User Guide for VMware vSphere

•MFA is a security method that requires users to provide two or more pieces of evidence to verify their identity, such as a password, a code, a token, or a biometric factor3.

•MFA adds an extra layer of protection against ransomware attacks, as it prevents attackers from accessing the Veeam components even if they manage to steal or guess the passwords of the administrative accounts12.

•MFA also helps to prevent unauthorized changes or deletions of backup data, as well as unauthorized restores or failovers of VMs or applications12.

The other options are not as effective or feasible, as they either do not provide enough security, limit the functionality, or disrupt the integration of the Veeam infrastructure.

References: 1: 6 Best Practices For Ransomware Protection | Veeam 2: Ransomware Prevention Best Practices - Veeam 3: Multi-factor authentication - Wikipedia

To design a solution that meets the backup retention requirements for Veeam University Hospital, you need to consider the minimum requirement for on-premises backup retention for this project. This will help you to ensure the availability and reliability of your backup data, as well as the compliance and security of your backup storage.

According to the case study, the minimum requirement for on-premises backup retention for this project is B. On-premises retention must be 14 daily, and two weekly backups.

This requirement means that:

•The on-premises backup retention is the policy that defines how long the backup data should be kept on the local backup storage, such as NFS storage, deduplication appliance, etc.

•The on-premises backup retention must be 14 daily and two weekly backups, which means that you need to keep at least 14 copies of the daily backups and two copies of the weekly backups on the local backup storage.

•The on-premises backup retention must be applied to all types of workloads that are backed up by Veeam Backup & Replication, such as virtual machines, physical servers, NAS systems, etc.

This requirement is based on the business and compliance needs of Veeam University Hospital, which are:

•To have a fast and reliable restore option for the most recent backups in case of a disaster or failure.

•To comply with the HIPAA regulations that require health care organizations to retain backup data for at least six years1.

According to the Veeam Backup & Replication Best Practice Guide1, one of the possible ramifications of shortening the backup window to eight hours is that the CPU and memory requirements of the proxies will be increased. This is because:

•The proxies are responsible for retrieving data from the source and sending it to the target. They perform data compression, deduplication, encryption, and other tasks that consume CPU and memory resources.

•To shorten the backup window, the proxies need to process more data in less time, which means they need more CPU cores and memory to handle concurrent tasks and avoid bottlenecks.

•The backup window can also be affected by other factors, such as the network bandwidth, the storage throughput, the backup methods, and the backup settings. Therefore, it is important to consider all these aspects when designing a backup solution.

References: 1: Proxy - Veeam Backup & Replication Best Practice Guide

To design a solution that meets the offsite copies and archives requirements for Veeam University Hospital, you need to clarify some of the assumptions and expectations of the customer. This will help you to avoid any misunderstandings or conflicts that may arise during the implementation or operation of the solution.

According to the Veeam Backup & Replication Best Practice Guide, offsite copies and archives are two different concepts that serve different purposes. Offsite copies are backups that are stored in a different location than the primary backup storage, and are used for disaster recovery purposes. Archives are backups that are stored for a longer retention period than the regular backups, and are used for compliance or historical purposes.

Based on these definitions, the requirement that needs additional information to help clarify the customer expectation is C. Backups must take advantage of public cloud storage for long term archival purposes.

Thank you for your question. I’m glad to help you with your VMCA 2022 project.?

To design a solution that meets the needs and requirements of Veeam University Hospital, you need to consider the impact and benefit of adding extra proxy servers to your backup infrastructure. This will help you to optimize the performance and efficiency of your backup and restore operations, as well as to prepare for future growth and expansion.

According to the web search results, a proxy server is a component that retrieves data from the source host, processes it and transfers to the backup repository. It also performs data compression, deduplication, encryption, etc. You can deploy backup proxies both in the primary site and in remote sites1.

The immediate result of adding the extra proxy server is A. The time for backup to complete could be reduced.

This result means that:

•The time for backup to complete is a metric that measures how long it takes to perform a backup job from start to finish. It depends on various factors, such as the size and type of data, the backup method and frequency, the network bandwidth and latency, etc.

•Adding an extra proxy server can reduce the time for backup to complete, by distributing the backup workload between available proxy servers. This can improve the backup performance and efficiency, as well as reduce the impact on the production environment.

•Reducing the time for backup to complete can also help you to meet your backup window and recovery point objective (RPO) requirements, as well as to free up more resources for other tasks or jobs.

To design a solution that meets the virtual infrastructure requirements for Veeam University Hospital, you need to collect some information during the discovery phase. This information will help you to understand the configuration and performance of the VMware clusters, the size and type of the data, and the backup and recovery objectives.

According to the Veeam Backup & Replication Best Practice Guide, some of the information related to the virtual infrastructure that is missing and must be collected during the discovery phase are:

•Local area network speed. This information will help you to determine the network bandwidth and throughput that are available for backup and replication traffic, as well as the impact of backup and replication activities on the network performance and latency.

•Size of the source data set. This information will help you to estimate the backup storage requirements, as well as the backup compression and deduplication ratios, based on the size and type of the data.

Therefore, the correct answer is A and D.

Based on the customer Windows and Linux file server backup requirements, the best component to help them meet their stated objectives is Backup Enterprise Manager with indexing enabled on virtual machine and Agent backups with RBAC policies. This is because:

•Backup Enterprise Manager allows the customer to manage and monitor backup jobs across multiple backup servers from a single web-based interface1.

•Indexing enables the customer to perform file-level recovery from the backups of Windows and Linux servers, as well as search for files across all backups2.

•RBAC policies allow the customer to delegate permissions to different users and groups for performing file-level recovery, based on their roles and restore scopes3.

References: 1: Veeam Backup Enterprise Manager Guide 2: Veeam Backup & Replication User Guide 3: Veeam Backup Enterprise Manager Guide > Configuring Accounts and Roles

To design a solution that meets the requirements for off-site immutable backups for Veeam University Hospital, you need to consider some of the options and features that Veeam products and features offer. This will help you to ensure the security and integrity of your backup data, as well as the compatibility and supportability of the cloud provider that does not currently support immutability.

According to the Veeam Backup & Replication Best Practice Guide, immutability is a feature that prevents backup files from being deleted or modified by anyone until the specified retention period expires. Immutability can be achieved by using S3 Object Lock or Hardened Repository, which are two different solutions that Veeam Backup & Replication supports.

Based on this definition, the best option to still satisfy the requirements for off-site immutable backups is A. Backup copy to a hardened repository.

This option means that:

•The backup copy is a type of job that allows you to create and maintain copies of your backup data on a secondary backup repository. You can use backup copy jobs to send your backup data off-site, as well as to apply different retention settings and policies.

•The hardened repository is a solution that allows you to add a hardened repository based on a Linux server to your backup infrastructure. You can use hardened repository with Veeam Backup & Replication to make your backups immutable on-premises or off-site.

•The backup copy to a hardened repository can be configured and managed by Veeam Backup & Replication, regardless of the cloud provider that does not currently support immutability. You only need to deploy and connect a Linux server with a hardened repository in the cloud environment, and then use it as a target for your backup copy jobs.

•Use Linux repositories as the performance tier, which are more secure and resilient than Windows repositories, as they support immutable backups and prevent ransomware from accessing or deleting backup files1.

•Use immutable cloud storage as the capacity tier, which will offload older backup files to a public cloud object storage that supports immutability, such as Amazon S3 Object Lock or Azure Blob Storage with immutable policies2. This will ensure that the backup files cannot be modified or deleted by ransomware or malicious users for a specified period of time.

•Use Scale-out Backup Repository, which is a logical entity that groups several backup repositories into a single pool of storage, allowing for better backup performance, scalability, and management3.

References: 1: Protect against Ransomware with Immutable Backups - Veeam 2: Ransomware Protection: Learn How Veeam Can Protect Your Data 3: Scale-Out Backup Repository - Veeam Backup & Replication Best Practice Guide

The gateway is a component that acts as a data mover between the backup proxy and the backup repository. If the gateway does not have enough CPU, RAM and task slots assigned, it may not be able to handle the incoming data from the backup proxy efficiently, and cause a bottleneck at the target. By increasing the resources and task slots for the gateway, you can improve its performance and throughput, and reduce the load on the target2

The recommended storage option for the backups kept on-premises is a physical server with Veeam Hardened Repository. A Veeam Hardened Repository is a type of backup repository that provides immutability and ransomware protection for backup files by using Linux XFS file system features and Linux access control mechanisms. A physical server is preferred over a virtual server for better performance, security, and scalability. A Veeam Hardened Repository meets the customer’s requirements for compliance, security, and retention, as well as supports all backup types and features.

The additional Veeam capabilities that must be included in the conceptual design for gold level systems are SureBackup and Secure Restore. SureBackup is a feature that allows you to automatically verify the recoverability of your backups by running them in an isolated virtual lab. This can help you meet the requirement of testing the gold tier backups to verify recoverability. Secure Restore is a feature that allows you to scan your backups for malware before restoring them to the production environment. This can help you meet the requirement of scanning all backups for malware before restoring.

References: [SureBackup], [Secure Restore]

If the recovery point objective (RPO) of gold tier machines changes from one hour to three hours with daily retention set to seven days, the impact on the Veeam design is that proxies will require fewer resources. This is because the backup frequency and the number of restore points for gold tier machines will decrease, which means that less data will need to be processed and transferred by the proxies. Therefore, the proxies will have lower CPU, memory, disk, and network utilization and can handle more backup tasks with the same resources.

The information that is missing from discovery is what the available bandwidth is between Fresno and Carson City. This information is important for designing and sizing the backup copy jobs that need to run daily between the two sites. The available bandwidth can affect the backup copy performance, duration, and size. For example, you can use the available bandwidth to estimate how much data can be transferred between the sites within the backup copy window. You can also use theavailable bandwidth to determine whether you need to use compression, deduplication, or WAN acceleration to optimize the backup copy traffic.

The methods that should be used to scope virtual machine backups based on customer requirements are to create backups based on tags and to create backup jobs with same retention requirements. Creating backups based on tags allows dynamic scoping of backups based on VMware tags assignedto virtual machines. This can simplify backup management, as new or modified virtual machines will be automatically included or excluded from backup jobs based on their tags. Creating backup jobs with same retention requirements allows consistent application of backup policies based on the backup tiers defined by the customer. This can ensure compliance with regulatory and business needs, as different tiers of virtual machines will have different retention periods and restore points.

A possible cause of failures to meet the requirement to test gold tier backups is that you cannot firewall traffic between vLANs in the SureBackup job configuration. This could prevent the gold tier virtual machines from communicating with each other or with other required services in the isolated virtual lab. For example, if a gold tier virtual machine needs to access a database server or a domain controller in another vLAN, it might fail to start or function properly in the SureBackup job. Therefore, it is important to ensure that all necessary vLANs and network settings are configured correctly in the SureBackup job.

A possible issue that could arise if you put the backup repositories in the backup network only is that laptop agents cannot communicate with the repository. This is because laptop agents are not part of the backup network, which is non-routable according to the existing technical environment.Therefore, laptop agents cannot access or write data to the backup repositories in the backup network unless there is a proxy or gateway server that can bridge the communication between them.

References: [Veeam Agents Management Guide], [Veeam Backup Infrastructure Sizing Calculator]

The component that will help the customer meet their stated objectives of role-based access control (RBAC) and alternative decryption capabilities is Veeam Backup Enterprise Manager. Veeam Backup Enterprise Manager is a web-based interface that allows centralized management of multiple Veeam backup servers. It also provides RBAC policies that enable granular control over user permissions and access to backup data. For example, you can assign different roles to different users or groups based on their responsibilities and needs, such as backup administrator, restore operator, securityofficer, etc. Veeam Backup Enterprise Manager also provides password loss protection feature that enables authorized users to restore encrypted backups without entering passwords if they forget or lose them.

The transport modes that could be used during the redesign for gold tier virtual machines with a one-hour RPO are Virtual Appliance (HotAdd) and Backup from Storage Snapshots. A transport mode is a method of retrieving VM data from the source storage during backup or replication. Virtual Appliance (HotAdd) is a transport mode that allows a proxy server running on a VM to attach disks of another VM to itself via hot-add SCSI commands and read data directly from these disks. Backup from Storage Snapshots is a transport mode that allows a proxy server to retrieve data from storage snapshots created by supported storage systems without affecting the production VMs or hosts. Both transport modes can improve backup performance, reduce backup window, and minimize impact on the production environment.

The factor that should be considered in the physical design when implementing backup copy jobs between sites is to use physical servers for the Veeam backup proxies at each site. A Veeam backup proxy is a data mover component that performs data processing and transfer tasks for backup and backup copy jobs. A physical server is preferred over a virtual server for better performance, reliability, and isolation. A physical server can also leverage hardware encryption offload to reduce CPU load and network traffic encryption to secure data in transit.