HyTrust and their CloudAdvisor product has some great integration with Veeam, in a world where new regulations and rules are upon us but also the vast amount of data we have to manage. One thing we have not really had is visibility into data types within the backup set.
When it comes to data within your backups it is important to understand what types of data is being stored within your backup files. Now this can be achieved through indexing and search but take that requirement one step further and think how could we search against a specific type of data, credit card information for example that we don’t or shouldn’t be keeping, the integration with HyTrust allows for this type of data to be highlighted and reported on.
Also with this integration it gives the ability to monitor your environment for malicious activity and if anything is found then it will trigger a reactive backup of your environment and data.
In the previous post we touched on the deployment process and adding some VMs to the HyTrust CloudAdvisor console along with the adding of Veeam backup jobs. We deployed an agent to the running production system and we also selected a backup of a VM. Just by adding that backup VM into my console it triggers a set of commands to start a process to understand what is happening within that machine in terms of data.
Below we will touch on the technology being used by Veeam and how Hytrust can find this important information.
Instant VM recovery
For those not aware, Veeam’s Instant VM Recovery is a great and really fast way of recovering data in a really fast fashion. It’s going to take that backup file, mount that backup file to the virtual environment and it’s going to then power on the machine, this way you can check that this is the restore point you require and once you are happy you can use the hypervisor migration tools to migrate back to the production storage. If that doesn’t work, then Quick Migration from Veeam can also be used to get that machine back in the production storage. (consider this as it’s not as seamless.)
More details on Instant VM recovery can be found in the Veeam User Guide here.
More to the point is that once you have added a VM from a backup to your CloudAdvisor it’s going to perform the above steps to get that first parse on the data. Here is an automated by HyTrust Instant VM Recovery process.
Based on those insight profiles that we configured or didn’t because I used the default we start to see some information from the backup file. Now this is a lab and there is not much happening here but this really can give some insight into the backup data out of the box based on the insight profiles created.
Insight Profiles Explained
The best way to explain is by creating a new profile.
The first steps is what do we want to find within the VM or the backup? CloudAdvisor have a few pre- canned options here, but we can create our own.
Creating our own is a way of defining how particular data looks.
Once you have the name you then need to define the expression to which data you would like to find.
The naming is the easy bit but there is a huge user guide built in here that you can refer to, to make sure things are searching for what you require,
I went out and I found a credit card regex to use in this scenario. And for those interested in doing the same here it is.
^(?:4[0-9]{12}(?:[0-9]{3})? # Visa
| (?:5[1-5][0-9]{2} # MasterCard
| 222[1-9]|22[3-9][0-9]|2[3-6][0-9]{2}|27[01][0-9]|2720)[0-9]{12}
| 3[47][0-9]{13} # American Express
| 3(?:0[0-5]|[68][0-9])[0-9]{11} # Diners Club
| 6(?:011|5[0-9]{2})[0-9]{12} # Discover
| (?:2131|1800|35\d{3})\d{11} # JCB
)$
This was sourced from – https://www.regular-expressions.info/creditcard.html I expect this site to come in very handy as we need to find further expressions.
I went over to the machine that is part of the added VM groups and I added a simple text file to the desktop and added a credit card number to the machine on the desktop. I then went and took a new Veeam backup. I then created a new snapshot schedule within CloudAdvisor which forced the Instant VM Recovery to take place so that we would then discover the Credit Card information.
I finally wanted to show you the dashboard for this specific machine within the multiple restore points known here as Discovery Points.