Veeam 12 now has Immutable Storage using Microsoft Azure Blob. This feature ensures data integrity with immutability options for on-premises backups that are tiered or written directly to Azure Blob Storage. Immutability can be used only with new storage account containers and cannot be used with existing backup data where immutability was not applied previously.
The path to properly create the Azure Storage Account and Container to utilize immutability was somewhat obscure. Here’s what we discovered and how we’re deploying it today.
How to Deploy Immutable Backups in Veeam 12
Create an Azure subscription if you don’t already have one.
Create a Storage Account. You’ll need to select a resource group, name the storage account, and select a region. Set performance to “Standard” and redundancy to “Locally redundant.” Under Advanced, set the access tier to “Hot.” For Networking, set network connectivity to “Enable public access from all networks” and for routing preference, choose “Microsoft network routing.”
Under data protection, uncheck all Soft Delete boxes (blobs, containers, and file shares). Check “Enable versioning for blobs” and ensure “Enabled version-level immutability support” is NOT checked. Keep the Encryption defaults and the Tag defaults and click Create.
Once the Storage Account is created, set “Blob public access” to Disabled and create a container. Give the container a name and set the “Public Access Level” to “Private.” Under Advanced, check “Enable version-level immutability support” and complete the creation of the container.
After the Container is created, go to Security + Netwoking, Access Keys and copy the key1 key. You’ll need this key to add the backup repository in the Veeam console.
By following the instructions above, you can create and configure an Azure Storage Account and Container to support immutable Azure backups using Veeam. For more information or assistance, please reach out to Sikich LLP’s IT Solutions team.