StarWind Virtual Tape Library Best Practices

As you know, virtual tape libraries (VTL) are a very good way to create air gaps and protect your valuable data or backups from being infected by ransomware. One of the VTLs around there is from StarWind and we have already blogged about this solution in conjunction with Veeam Backup and Replication software and 3-2-1 backup rule in our article here. Basically, the 3-2-1 backup rule suggest storing three copies of data on two different medias where one copy is in an offsite location. One of those media kind is VTL. Today's post will talk about StarWind Virtual Tape Library best practices.

StarWind VTL is a software solution that replaces physical tape libraries with virtual ones. It allows businesses to move beyond their costly and cumbersome tape backup processes, while still meeting the regulatory requirements for data archival and retention. StarWind VTL integrates seamlessly with existing backup software, and creates an immutable and air-gapped backup target that is resistant to ransomware attacks. StarWind VTL also enables tiering and replication of backup data to any public cloud or object storage, such as AWS S3, Glacier, Backblaze B2 for flexible scalability, security, and cost-efficiency.

Quote:

VTL is designed for organizations that want to either get rid of physical tapes completely or to accelerate the backup process, add an extra level of protection and automate the DR process by offloading tapes to the cloud.

StarWind Virtual Tape Library (VTL) can be used to store backups (Storage Repository) and it is also possible to offload Virtual Tapes to the cloud or object storage arrays. Such method guarantees redundancy of backups and fits the 3-2-1 backup rule. It can be useful in DR scenarios or for restoring after a ransomware attack. If there is a requirement to store the backups for a long period of time, offloading to the cloud maximizes the security and minimizes the cost of maintaining a physical tape-based infrastructure.

There can be several installation scenarios for StarWind's VTL

• Scenario 1 – All in one box – The Backup software and VTL with storage repository on the same box. Easier to manage, typically used in Greenfield environments.
• Scenario 2 –  Separate solutions – Backup software is installed inside the VM in (or outside) the Cluster, VTL is installed inside the physical server with Storage Repository connected. Usually used in Brownfield scenarios, more flexible on the permissions configuration which allows enhancing the security of the entire setup.

The Virtual Tape Library server is connected to the IT infrastructure, but not joined into the domain, to enhance security.

Screenshot from StarWind

Storage best practices

If your (still) planning to use cheap spinning media, it is recommended to have good redundancy that can be obtained by doing Raid 5, 50, 6 or 60 for VTL storage. If you want faster restores, use flash or hybrid storage.

Networking best practices

Network throughput between the IT infrastructure and the VTL server has to be sufficient to ensure that it will not bottleneck the backup performance. 1GbE network is required, while for bigger loads, 10 GbE or higher throughput networks should be in use. It is strongly recommended to have dedicated network interfaces and a separate VLAN to achieve the expected performance.

Security recommendations

Here are some of the recommendations I have found on StarWind's site:

• Don’t join the VTL server to the domain;
• Assign a separate user to access the backup server;
• Create a dedicated service user for backup software;
• In order to fit the ransomware resiliency into the local environment, the Virtual Tape Library should be located on the dedicated storage that is isolated from the production environment;
• Disable file shares for the StarWind Virtual Tape Library (VTL) host or Storage Repository;
• Additionally, CHAP authentication and access rights have to be configured for ISCSI connections in StarWind Virtual Tape Library (VTL);
• Enable firewall and keep antivirus and OS updated;
• Configure VTL cloud replication to have at least one copy of your backups off-site. This guarantees protection and restores in case of a ransomware attack.

Source: StarWind VTL best practices

More posts about StarWind on ESX Virtualization:

• What is StarWind Tape Redirector (FREE) and what’s the benefits?
• 5 Easy Steps to be more resilient with Two Hosts only – StarWind VSAN
• How StarWind VSAN solution can save you money and energy in ROBO environments
• 2-Nodes clusters without Witness – StarWind VSAN Heartbeat Failover Strategy
• You can’t extend backup window – Check NVMe Backup Appliance from StarWind
• Replacing Aging Hardware SAN Device by a Software – StarWind VSAN
• StarWind V2V Converter (PV2 Migrator) FREE utility
• Cluster with 2-Nodes only – How about quorum?
• StarWind VSAN Latest update allows faster synchronization with storing synchronization journals on separate storage
• How to Update StarWind VSAN for VMware on Linux- Follow UP
• StarWind SAN & NAS software details for VMware and Hyper-V
• Free StarWind iSCSI accelerator download
• VMware vSphere and HyperConverged 2-Node Scenario from StarWind – Step By Step(Opens in a new browser tab)
• StarWind Storage Gateway for Wasabi Released
• How To Create NVMe-Of Target With StarWind VSAN
• Veeam 3-2-1 Backup Rule Now With Starwind VTL
• StarWind and Highly Available NFS
• StarWind VSAN on 3 ESXi Nodes detailed setup
• VMware VSAN Ready Nodes in StarWind HyperConverged Appliance

More posts from ESX Virtualization:

• VMware vSphere 8.0 U2 Released – ESXi 8.0 U2 and VCSA 8.0 U2 How to update (NEW)
• What’s the purpose of those 17 virtual hard disks within VMware vCenter Server Appliance (VCSA) 8.0?
• VMware vSphere 8 Update 2 New Upgrade Process for vCenter Server details
• VMware vSAN 8 Update 2 with many enhancements announced during VMware Explore
• What’s New in VMware Virtual Hardware v21 and vSphere 8 Update 2?
• Homelab v 8.0 
  • NXJ6412 Maxtang EHL30 TPM Alert in vCenter Server 8.0 BIOS Config
  • vSphere 8 Lab with Cohesity and VMware vExpert gift – Maxtang’s NX 6412 NUC
  • VMware Cohesity vExpert Gift VMware EXPLORE 2022 Barcelona
• vSphere 8.0 Page
• Veeam Bare Metal Recovery Without using USB Stick (TIP)
• ESXi 7.x to 8.x upgrade scenarios
• A really FREE VPN that doesn’t suck
• Patch your ESXi 7.x again
• VMware vCenter Server 7.03 U3g – Download and patch
• Upgrade VMware ESXi to 7.0 U3 via command line
• VMware vCenter Server 7.0 U3e released – another maintenance release fixing vSphere with Tanzu
• What is The Difference between VMware vSphere, ESXi and vCenter
• How to Configure VMware High Availability (HA) Cluster

Stay tuned through RSS, and social media channels (Twitter, FB, YouTube)