One of the great things about the way the cybersecurity community has matured in recent years is the openness and willingness to provide mentorship and assistance to newcomers to the field. The number of offers for advice, resume reviews, study guides and other assistance that I see in various social media and other forums is incredible! But why the change? Because we, as security professionals, know firsthand that if we want to get ahead of the curve, we need all the help we can get. The timing could not be better to dive headfirst into the rewarding career of cybersecurity.  What I hope to do in this quick blog post is to give a bit of knowledge on the career of cybersecurity for both the career seeker and the hiring manager!

Degree versus Certs versus Real-World Experience.

The most common question that I get when I am asked about a career in cybersecurity is the best path to choose… degree, certifications, or real-world experience. I think this is one of the hardest things about choosing to transition into this field. The answer is not a simple one and it is not “one size fits all”. What I typically say is that there is absolutely no replacement for real-world experience. Dealing with normal, everyday user issues or complex and imperfect scenarios that exist outside of a lab environment – and in some cases failing miserably and then finding the right solution to bring it all back together after grueling time spent troubleshooting – prepares you for the worst that the world of cybersecurity can throw at you. Also, having the empathy that a security control that should be put in place could cause undue stress in an already stressful environment and may be the perfect scenario for some other, less restrictive controls but still meet the goal. These types of scenarios can only be found by having real-world experience. Experiencing this gives us thoughtful, knowledgeable, and engaged cybersecurity professionals. Depending on the organization that an entry level person can discover a role within, you can find yourself getting tunnel vision. This limits your growth by solely focusing on the daily tasks at hand rather than getting a wide breadth of knowledge of all topics within a subject.

With that in mind a great place to get the additional information that real-world experience may prevent is by studying on a degree path or within certification programs such as ISC2, CompTIA, EC Council, SANS, and others. These methods, while typically only providing cursory amounts knowledge about a given subject, allow you to explore different ideas, best practices, and new technologies that may sit outside of the typical workday. So, my answer to this question becomes a very drawn-out discussion about how a person learns, how they like to spend their time, and what the timeline for transition may look like for each individual person exploring this career.

Now I feel that I must mention another excellent resource at your disposal. The internet has a vast plethora of free and or very cheap resources that allow you to gain the knowledge that a traditional certification path or degree program may provide but allow you to apply the techniques learned in an active learning environment. Websites such as hackthebox.com or tryhackme.com are some examples of some relatively cheap resources that give training and hands-on experience.

Another great resource for those with some technical experience in IT and looking to transition into cybersecurity is testout.com.  For job seekers and hiring managers alike, this can be a great tool.  For the job seeker, you can show that your knowledge in a particular capability is up to par with industry certifications without requiring expensive exams and boot camps. For hiring teams, you can know that the candidate has a validated baseline of knowledge that can be used to fit them into a new role that may not be something they have done in the past.

Choose your own Adventure.

So, you’ve chosen a path and have decided how you’re going to explore the world of cybersecurity but you don’t know where you want to go.  The best part about cybersecurity is the extreme number of things that you can learn and do within this field. If you love the idea of an endless supply of exactly the same task, working with structured data, and piecing 100 data points together to come to a conclusion, there is a place for you.  If you need a very dynamic workday where you’re moving from topic to topic and providing feedback on how to accomplish very different goals, there is a spot for you.  If you’re the kind of person that just loves to write documentation and match a specific requirement to its technical control… yep… there is a spot for you.  And last, if you just want to see how quickly and effectively you can break (or break into) systems then provide options to solve the problems you exploited, there is a special place for you.

My point is that everyone is different and there is no single way to get into cybersecurity.  Blue team, red team, purple team, white team are all options to take, and we need members of every sort of team to make security work effectively. So, find that niche that you like. Find that role that makes you want to get up early in the morning and late into the evening to satiate that passion and make a career out of it!  There is space for everyone to choose their own adventure and make the journey their own!

Variety is the spice of security life!

Finally, after saying all of that, it is important to understand how we can improve this career field and reset our own expectations of what makes a great security professional. Because there are multitudes of different paths to follow to achieve an “education” in cybersecurity and there are unlimited types of roles to fill within this field, we can safely assume that it takes all kinds of people to make it happen. The only way to solve the reported cyber skills shortage is to take a step back and understand that there is no one way to do so. We need a large array of experiences and skillsets outside of the traditional IT and cybersecurity skillsets to bring cybersecurity programs to the masses and to make our information security programs something that can be adopted by everyone from the bookkeeper to the salesperson to the most technical network engineers. So, take a second when navigating careers in cybersecurity, whether seeking or hiring and find those skills that can bring a benefit to the team in a new, fresh way.

 

Steve Sim
VP, Security & CISO
Green Cloud Defense

It was the best of times, it was the worst of times, it was the age of phishing, it was the age of ransomware, and the story goes on. The security industry continues to see how ransomware devastates organizations. According to a Fortinet 2021 report, the average weekly growth of ransomware is seeing an increase of around 10 times more than one year ago. (1) Extortion has become the norm in cybercrime and there is a massive financial benefit. Insurance companies continue to write policies that simply pay out millions of dollars in ransom demands despite the warnings of tired, frustrated technology professionals. Criminals are ramping up operations, emboldened by the guaranteed payoff. On top of this, security vendors stand waiting and alert, like a green recruit ready for their day on the front line. We have successfully created a world where the criminal knows big money is right around the corner. However, we can’t fool ourselves into thinking big businesses with large IT budgets and huge security groups were the only targets. We would also be severely inaccurate if we thought it all happens like some bad movie plot – “I’m in the firewall!” These scenarios are not realistic. Other forces are in play. They are organic in nature. We must not forget the human element to all of this: our end users.

One goal we may all have is to not have a resume generating event. Sure, common frameworks such as NIST and MITRE ATT&CK can most certainly create a base for proper protections, but the human element is often overlooked. This is a tale of two phish. We would miss the mark if we did not talk about the phishing, the whales, and the spears. Some may ask, “What is phishing?” Phishing is simply defined as an attempt to somehow get Alice or Bob to divulge sensitive information. Alice gets 100 emails a day; she is experiencing infobesity.  It’s easy to see how a phishing attempt could be seen as a legitimate email. In an office down the hallway, Bob, the CEO, needs her to see an invoice and get it processed ASAP. Spearphishing goes after Alice, the little fish.  Bob, on the other hand, is a very big whale. With whalephishing, the CEO is considered the main course. Alice receives the email and after a click, a reverse shell is in place; none is the wiser. Big surprise, that was not Bob. That was Nicole and she is four states away. The pesky macro that Nicole injected inside the email sets off a chain of events that would later cost money, time, and reputation. There were methods to gain that traction and persistence. Nicole targeted this MSP because she knew the initial attack surface was small but grows exponentially as enumeration exposes the MSP’s client base.

Again, let’s be honest; with power and position comes risk. Executives and the C-Suite are busy. Phishing scams are just not a priority to upper management. A 2020 Forbes article tackles this quite eloquently, “The longer management ignores the threat posed to customers by phishing attacks, the more likely an enterprise will repeatedly experience this type of attack.” (2) It’s a simple mistake to click on that urgent email from the CEO. Malicious actors know this; they bet on success. Phishing can be done via an email, a phone, or an SMS message. The objective is to become Alice’s friend, find her trust, and eventually gain access. Alice and Bob are not the only targets. Vendors and supply chains are bigger fish and are priority number one.

Supply chain attacks have been in the news recently. Remote management organizations have shown us how brittle our security posture is. These 3rd party vendor applications sit on a customer’s network without restriction and with elevated privileges. Remote management organizations have persistence into a network via a remote monitoring and management (RMM) application; it is there by design and provides access to client devices and networks. Who are these clients?  Large companies use RMM solutions, but a large swath of attacks target Managed Service Providers and Cloud Service Providers (CSP) via an RMM solution. Supply chain attacks are one of the most serious vectors for compromise. By phishing and intruding inside the network of [insert remote management company], a malicious actor can obtain access to update repositories, vendor VPN connections, and other organizational controls. This is where MSP’s and CSP’s are advised to exercise caution.  Supply chains and vendors are the crown jewel for criminals. Securing infrastructure by deploying network access controls, enabling endpoint protection solutions, and standing up firewalls is not sufficient. Employee education, phishing simulations, and security minded incentives will help to drastically reduce the number of security incidents in any organization. MSP’s and CSP’s must be prepared to handle a security event for their customers but also deploy good digital hygiene in their own environments.

We see Alice and Bob every day. We know them, we work with them. In short, we are Alice and Bob. Our goal is to avoid Nicole at all costs. To avoid phishing attempts, we must first recognize the threat so we can eliminate it. Verify everyone and when in doubt, contact the person that sends an attachment. Hover over links and verify the domain but avoid clicking on links in emails, if possible. Get into the habit of reading the voice on the other end of the call. Are they being extremely nice and asking how your family is, how the baseball game is? Is this person trying to slide into your life for any curious reason? Be wary and have common sense but if anything, perform the following:

Trust no one, verify the rest.

 

David Moore
Solutions Engineer, Cloud and Security

 

(1) Fortinet, Inc. 2021. Global Threat Landscape Report
(2) Stolfo, 2020, Why The C-Suite Should Care About Phishing Attacks Against Customers, accessed 20 September 2021, <https://www.forbes.com/sites/forbestechcouncil/2020/04/01/why-the-c-suite-should-care-about-phishing-attacks-against-customers>

 

 

You’re logging in for the first time in a while. But you can’t remember what your password is. Is that even the right username? Which email did I sign up with? You try a couple combinations with no luck. Looks like you’re going to waste some more time going through the password reset process.

Sound familiar? It should, because we’ve all been there. If only there was a way to create and securely store passwords and passphrases without having to memorize them all.

Password Managers. Enter the password manager. There are a lot of them out there, some paid and some free. But seriously – you really do need this in your life. A password manager will revolutionize the way you secure your accounts and help you create long and difficult passwords without having to even memorize them.

So how do password managers work? The concept is relatively simple. A password manager is an application on your local device that maintains a database of all your usernames and passwords. To unlock that database and keep it secure you configure one “master password” to access the information. This master password should be long and complex, of course, but it is the only password you need to memorize. For bonus points, create a passphrase like “yellowflowerprariegreenland” – it’s easy to memorize and insanely difficult for cybercriminals to crack.

So say you need to log in to Facebook. No problem. Navigate to Facebook, spin up your password manager, give it the master password, locate your Facebook credentials and then copy and paste. Voila. In fact, you may not even know what your Facebook password is (because it’s too long and complex to remember), but you’re able to log in regardless. It really is that simple.

One of the other great things about using password managers is that they encourage you to create long and complicated passwords or passphrases for your accounts. Many of them even offer an integrated password or passphrase generator that can be configured for desired complexity.

Seriously, do yourself a favor and get a password manager. Then take the time to go through all of your accounts and ensure that they are all in your password manager and – most importantly – that they have long and complicated passwords or passphrases that would take modern computers billions of years to break! It might take a bit of time to get all of your accounts integrated, but the juice is well worth the squeeze.

If you’re not sure where to start with password managers, have a look at some of the most popular services:

  1. LastPass
  2. 1Password
  3. KeePassXC
  4. Dashlane

Multi-Factor Authentication. So you’ve set up your password manager and integrated your accounts. How about taking it a step further and to really lock down your information and ensure you don’t become another cyber crime statistic? Again, the answer is surprisingly simple – multi-factor authentication!

Multi-factor authentication (MFA) is just what it sounds like – authentication with multiple factors. These factors are most commonly what you are (biometrics), who you are (personal information), what you know (secret), and/or what you have (e.g. a key or a card). When you combine authentication into a requirement for two or more of these factors, then you have MFA. Believe it or not most people have been using MFA for a long time now. Think about when you withdraw some money from an ATM. You are required to provide something you have (a card) and something you know (a pin code). And there you have it.

So even if you forego the password manager, MFA can literally stop cybercriminals in their tracks. Because with MFA even if someone manages to break get ahold of your username and password, they won’t be able to get far without also having your MFA solution.

Need some suggestions on MFA solutions? Again, in no particular order, we’ve got you covered:

  1. Google Auth
  2. Authy
  3. Duo
  4. SecureAuth

Though we generally recommend that you avoid using MFA through SMS texted codes due to the vulnerabilities it has, even this can be an adequate deterrent for cybercriminals looking for an easy score. So if you can’t be bothered with MFA, first of all we encourage you to rethink that decision. But most importantly, do try and sign up for the SMS- or email-based option on your accounts if possible.

As always, remember that with any security tools and practices, nothing is ever completely safe. In fact, there are ways to circumvent any security tool. But at the end of the day, just use common sense and think before you click!

 

Jonathan Melvin
SOC Analyst
Green Cloud Defense

This isn’t news… cyber attacks are becoming more than just an occasional threat. The frequency of attacks is increasing, with many of them leading to major data breaches. You no longer need to go back months to find large-scale attacks being reported. This year saw waves of attacks that affected hospital care, stalled America’s biggest gasoline pipeline, brought a huge meat supplier to its knees and devastated hundreds of managed service providers. These breaches cost companies millions of dollars in revenue, lost reputation and legal damages. Because of this, insurers are rethinking their coverage and addressing the shared responsibility model so they are enabled to properly assume these risks and hold policyholders appropriately accountable.
Cybersecurity Insurance is a type of insurance that protects employees when their data is compromised by a cyber attack. It also provides protection in the event of a physical attack on the workplace’s infrastructure or theft of trade secrets.

Insurers taking a closer look at how they will cover for cyber threats

In light of the increase in ransomware and other successful data breaches and attacks, it is not surprising that insurers are taking a hard look at whether or not they should be liable for damages. This is particulary true in cases where there is no physical damage to be covered by traditional insurance policies and less than adequate cyber defenses are put in place by policy holders. There is still a lot of uncertainty with what the future holds for those who were victims to hackers but experts say it’s only a matter of time before we see changes in how cyber insurance works.

Insurers are considering all possible ways that hackers may use cyber attacks to develop better underwriting standards for policies that can protect enterprises and their intellectual property from these attacks. A new change in underwriting will also come to the policy holder as there will be requirements to “beef up their own cyber defenses” and protection solutions according to Tom Reagan, Marsh McLennan’s head of U.S. cyber practice.

Cybersecurity insurance is at an inflection point but it is on pace to be a $3 billion industry. With this much money at stake, insurers will surely put in place tighter coverage standards and increase prices. Therefore, it is paramount that policyholders increase not only their cybersecurity solutions along the industry standards but, also, increase their awareness to this new and persisting threat.

You need to understand in detail what is not covered by your cybersecurity policy.

Policyholders must have discussions with their insurance providers

Gartner has reported that “Cybersecurity insurance is entirely a reactive product. It will not prevent a cybersecurity breach or immediately reduce the impact on the delivery of services to your end users. Therefore, you must continue to invest in your security program alongside your cybersecurity insurance considerations.”

Given the reactive nature for these new insurance offerings the policyholder needs to make sure they are compliant. This means companies and individuals need to follow compliance frameworks like CIS, NIST CSF or ISO 27001. Adhering to these standards can ensure that your company has proper processes and standards in place to address the overall risk.

These industry standard frameworks are designed to be easy for any organization of any size or level of security risk to adopt. The framework is not a rigid “checklist” – it is a tool that will help organizations identify and prioritize actions within their cybersecurity strategy based on the organization’s risk profile and industry. Together, with a properly executed insurance policy, you are protected as best as you can be in the event of an attack.

Tips for self-auditing and engaging your cyber insurance organization

You can use the below questions to self-audit and assess your cyber risk.  This will help you to understand what your risk tolerance is and to make decisions for the amount of coverage required or risk to be transferred.

  1. Can you quantify the maturity of the security at your organization?
  2. Is your company prepared for an attack?
  3. How much will it cost to improve the security?
  4. What are the consequences if you don’t act?
  5. What is the likelihood of an attack happening in the next year or two?

Companies are increasingly relying on cybersecurity insurance to help transfer their risk , once determined, that comes with such attacks. But the policy holder must be proactive in planning their defense when preparing to take on a cybersecurity insurance policy.

Once you have answered the questions above and have properly assessed your cyber risk tolerance, insurers will look to have an answer for these five crucial questions:

  1. What are you doing to protect your data?
  2. What is the probability that your company will be hacked?
  3. What are the consequences if you are hacked?
  4. Do you have a business continuity plan in place?
  5. How far back does your company’s data go and how much of it is important?

Preparing your organization to answer these questions and having a candid conversation with your insurer can help you ensure that you’re meeting your policy’s requirements. By having these candid conversations, you can show your willingness to participate in the shared responsibility model and own those controls that must be put in place according to your chosen framework.  Any discrepancies can be communicated, and a plan developed, to ensure that progress is made to become compliant with your policy and framework.

Bottom line is that changes are coming to cyber insurance coverage.  Taking the time today to be proactive in how you assess and manage your risk, develop your internal security program maturity, and prepare for the worst will put you in a position to get the most out of your cyber insurance investment.

 

Steve Sims
VP, Security & CISO
Green Cloud Defense

DRaaS Powered by VMware

 

We started Green Cloud Defense almost exactly 10 years ago and, from day one, we have been running our shared (public) cloud infrastructure on VMware’s hypervisor.  Our 800 partners across North America utilize VMware’s vCloud Director to deploy, automation and manage virtual infrastructure resources in these multi-tenant cloud environments. A couple of years ago, Green Cloud was designated as a VMware Cloud Verified provider meaning the services we offer are based on the most complete VMware cloud infrastructure technologies available.

Today, 10 years later, with six data centers located across the county and with thousands of virtual machines (VMs) in production, we are launching a fully functional disaster recovery product built within the VMware vCloud Director footprint.

What does this mean for our partner community?  They now have the ability to recover protected workloads – both on-premise and in the cloud – into a second Green Cloud data center through a self service portal within the vCloud Director interface. For those not comfortable managing this on your own, feel free to call us. Our dedication to service and support to our network of partners remains the same.

Like all disaster recovery solutions sold by Green Cloud, we will still assist the partner in setting up the secondary site, pre-building IP schemes and setting up firewalls on the recovery site to ensure there are no “gotchas” when the partner/end user needs to failover in an unpredictable disaster scenario.

Why is this disaster recovery solution different? Disaster Recovery powered by VMware allows you to manage your workloads on per VM basis. You can choose different Service Level Agreement (SLA) profiles on a per VM basis. With Recover Point Objectives (RPOs) as fast as one hour, this solution allows our partners to talk about specific recovery times and retention policies on a per VM basis – all while effectively managing the solution and the budget.

We have priced this solution very, very aggressively.  You pay a small fee on a per VM basis and reserve the necessary compute and storage on the target side. This is lockstep with our goal: to deliver the cloud solutions you want, with the support you deserve and at a price point that you can afford.

While some disaster recovery solutions are unreliable, complex and expensive, and many not scale at the required levels of protection or expectation, Disaster Recovery powered by VMware is reliable and effective while remaining extremely affordable. We truly believe this solution is a win/win for our partners and their end users.

AUTHOR: Charles Houser

In today’s mobile and multi-cloud world, the need to be able to protect any workload running anywhere with a single solution has never been more important. In this post, I’ll cover how you can protect your workloads with Green Cloud’s Secure BaaS service using the Veeam Agent and the Veeam Service Provider Console (VSPC). I’ll focus on protecting workloads running in Green Cloud’s IaaS infrastructure, but the process can apply to any workload running anywhere.

The focus will be on deploying, configuring and managing the Veeam agent using the Veeam Service Provider Console. If you have questions on access to the VSPC console, please reach out to Green Cloud’s support team. If you want to signup for Green Cloud’s Secure BaaS solution, please reach out to our sales team.

Before we get started on protecting workloads, first lets review Green Cloud’s Secure BaaS offering. This solution is powered by Veeam and Cloudian delivering ransomware protection for Veeam backups. Veeam and Cloudian created the industries first solution leveraging the S3 object lock feature to make backups immutable. This makes the backup unchangeable by anything. As a result, they cannot be encrypted by ransomware. With this solution, you can now offer ransomware protection to any workload running anywhere.

Assumptions / Requirements

  • Secure BaaS Service
  • Access to the Green Cloud Veeam Service Provider Console
    • Reseller credentials will be needed
    • Company (end user) credentials will be needed
  • Access to your vCloud Director Organization
  • Sufficient bandwidth on source to transfer backups across the WAN
  • Free space on the local disk for a local cache of backup data.
  • Administrative access to the source workloads

In this demo scenario, all workloads reside in Green Cloud’s IaaS infrastructure powered by VMware Cloud Director. I’m going to follow the Veeam recommended method for agent deployment using discovery rules. This will be done by logging into the VSPC as the partner or ‘Reseller’. For information on managing the Veeam agents as a partner or ‘Reseller’, please refer to the VSPC reseller Veeam documentation.

Source Workload Overview

Before beginning the process of protecting my workloads, I’d like to provide a brief overview of the source environment. I previously built a small Remote Desktop Services environment. There are 5 total servers spread across a LAN and DMZ. The NSX Edge is providing network firewalling while the Windows firewall is also enabled. Below is a screen shot of the virtual machines that will be protected by the end of this post.

Deploy VSPC Management Agent

The first step in the process is to deploy a master management agent. This agent will be used to ‘discover’ other workloads running in your environment.

Requirements:

  • VSPC Reseller account information
  • Secure BaaS gateway URL and port
  • End customer Secure BaaS username and password

Log into VSPC

From the workload designated to be the master, log into the VSPC with your reseller credentials. These credentials can be retrieved / set in the Green Cloud partner portal or by contacting support. The format of the login is <Reseller><Reseller Admin> / <password>.

 

 

 

 

 

Download the Management Agent

Once signed in, navigate to Discovery in the left navigation pane. Then locate Discovered Computers on the tab across the top. Finally, click the Download Agent link. Save the file to the local system.

Install the Management Agent

Once the download completes, run the installer as administrator. Accept the EULA and click Next through the menus to complete the installation.

Configure the Management Agent

With the installation completed, the next step is to configure the management agent to communicate with the VSPC. Locate the management agent icon in the system tray, right-click and click Agent Settings.

 

 

 

This will open a window where you will enter the company (end user) account information. This information was provided during provisioning. Should you need this information please contact support.

 

 

 

 

 

 

 

 

 

  • In the Cloud Gateway field, type FQDN or IP address of a cloud gateway.
  • In the Port field, specify the port on the cloud gateway that is used to transfer data to Veeam Service Provider Console.
    • In the Username and Password fields, type user credentials of a Company Owner.

The user name must be provided in the <Company NameUser> format.

  • Click Apply
  • Should you be presented with any certificate warnings, click Save to save the certificate.
    • Finally, Restart the management agent

 

 

 

 

    • The Agent should now show Connected


 

 

Configure Discovery Rule(s)

With the management agent successfully communicating, we can now shift our focus to discovering the workloads so we can automatically deploy the Veeam Backup Agent. Discovery can be done via one of the following methods: Active Directory or network (IP). Optionally, you can also import a list from a CSV. For the this post, I will focus on Active Directory discovery.

Requirements

  • For AD discovery, the master agent should be installed on a domain joined system.
  • The master agent system must have internet access and network access to the workloads you wish to discover and protect
  • Local admin rights to the workloads you wish to discover and protect.
  • Proper Local firewall configuration to allow discovery and agent installation

Configure (Windows) Firewall

In the demo environment, the Window firewall is enabled. As such, I need configure it to allow the management agent to discover systems and push the Veeam Backup Agent installation. For the sake of this post, I have pre-configured the firewall. Below is a list of the port requirements for successful discovery and Veeam Backup Agent installation.

  • Remote Scheduled Tasks Management (RPC and RPC-EPMAP) (for discovery)
  • Windows Management Instrumentation (WMI-In) (for desktop operating systems)
  • File and Printer Sharing (SMB-In) (for Veeam Backup Agent installation)

Create a Discovery Rule

In the VSPC, navigate to Discovery in the left navigation pane. Locate Rules using the tabs across the top and click New to create a new discovery rule.

 

 

 

 

 

 

 

 

 

In the pop-up, go through the items. In this example, I will be going through Active Directory based discovery since the demo environment is an Active Directory domain. For the sake of time, I have pre-configured an Active Directory account that has been applied as a local administrator to each workload via Group Policy.

  • Enter a rule name
  • Select a company to apply the discovery rule
    • NOTE: As a Reseller, it’s likely you will have multiple companies from which to chose. A discovery can apply to one or more companies.
  • Select a Discovery method (this post is Active Directory)
  • Select the Active Discovery Method
    • In this post, I will target specific OUs

 

 

 

 

 

 

 

 

 

 

 

  • Enter the account to be used for discovery and Veeam Backup Agent installation
    • This can be a pre-defined local account or a domain account.
    • In this post, I am using a domain account. I have added this domain account as a local admin to each workload using group policy.

Be sure to clear the check box for using the account defined in the master agent. This is because we did not specify an account in the master agent setup.

  • Organizational Unit selection
    • click Select Location…
      • NOTE: Locations can be leveraged when you have a client with multiple locations. In this post, I will be using the default location.
    • In the next window, click on Select Unit…

 

 

 

 

      • Pick the OUs where the protected workload Active Directory computer accounts are located

 

 

 

 

 

 

 

      • Click OK twice to return to the configuration menu and click Next
  • Optionally, set any discovery filters
    • Discovery filters can be set by OS, Application or platform. These can be used individually or combined for greater granularity.
  • Optionally, enable email notification.
    • This requires that you have configured your VSPC SMTP settings.
    • The email notification will send you notifications of discovery rule results.
  • Veeam Backup Agent deployment
    • Select the option to discovery the system and install the Veeam Backup Agent.
    • For the sake of this post, I will use the default Servers policy. For more information on backup policies see the Veeam documentation. If you want to see the settings for the default servers policy click Show
    • Enable Read-only mode
      • This will restrict local users from changing backup job settings while still allowing them to perform tasks such as restoring individual files. For more on read-only mode see the Veeam documentation.
    • Click Configure to adjust the default settings for the Veeam Backup Agent
      • Select the setting shown in the screen shot below. For more on these settings please refer to the Veeam documentation.

 

 

 

 

 

 

 

 

 

 

      • Be sure to set the appropriate bandwidth based on the source. In the demo environment, there is 50Mbps available. To backup as fast as possible yet still leave room for other communication, I set the limit to 40Mbps.
      • Click Apply then Next
    • Summary
      • Review the summary of the settings
      • Check the box to Launch the discovery rule when I click finish.
      • Click Finish

In the VSPC, navigate to Discovery in the left navigation pane. Locate Rules using the tabs across the top and verify your rule is running.

 

 

 

 

 

 

 

 

 

The deployment process will take a few minutes or more depending on the size and scope of the discovery rule. You can check the status by navigating to Discovery in the left navigation pane and locate Discovered Computers across the top. Here you will see the discovered computes and the status of the Veeam Backup Agent installation.

 

The two most common reasons for failed agent installations are:

  1.  A firewall is preventing the installation. Confirm you have all the necessary ports open on your firewall.
  2.  The account specified in the discovery rule does not have local administrative rights to the discovered system.

To check the status of the Veeam Backup Agent and view what policy is applied, navigating to Discovery in the left navigation pane and locate Discovered Backup Agents across the top.

 

Alternatively you can log into the protected workload and launch the Veeam Backup Agent. Using the Start Menu, locate the Veeam folder and the Veeam Agent for Microsoft Windows. At the top of the Agent application, you will see the VSPC reseller name and the backup policy applied.

 

 

 

 

 

 

 

 

 

 

At this point you have successfully setup the Veeam Backup Agent to protect your workloads by backing up to a Green Cloud Secure BaaS repository. This was done using the Veeam Service Provider Console. Through this console you can centrally manage and monitor the backups of your workloads. If you are an existing partner interested in protecting your customers workloads with Green Cloud’s Secure BaaS service please reach out to your channel manager. If you are interested in becoming a Green Cloud partner, please complete the form on our contact us webpage.

Final Thoughts

Today’s biggest challenge is data security. Ransomware (as well as other security threats) is on the rise as the workforce has been dispersed due to the global pandemic. Empowering IT with the a solution protect data on any workload running anywhere is priceless. And it can all be managed through the Veeam Service Provider console.