VMCA2022 Exam Dumps - Veeam Certified Architect 2022

The additional information that is needed to define the implementation process later is how much backup data is stored on the old hardware. This information is important for designing and sizing the migration strategy and timeline for moving the backups from the old hardware to the new hardware. For example, you can use the amount of backup data to estimate how long it will take to copy or move the backups to the new storage devices. You can also use the amount of backup data to determine whether you need to use compression, deduplication, or WAN acceleration to optimize the migration traffic.

References: [Migrating Backup Files], [WAN Acceleration]

The information that is missing from discovery is what the available bandwidth is between Fresno and Carson City. This information is important for designing and sizing the backup copy jobs that need to run daily between the two sites. The available bandwidth can affect the backup copy performance, duration, and size. For example, you can use the available bandwidth to estimate how much data can be transferred between the sites within the backup copy window. You can also use theavailable bandwidth to determine whether you need to use compression, deduplication, or WAN acceleration to optimize the backup copy traffic.

The component that can help meet the requirement of alternative decryption capabilities on encrypted backups in the event of lost passwords is Veeam Backup Enterprise Manager. Veeam Backup Enterprise Manager is a web-based interface that allows centralized management of multiple Veeam backup servers. It also provides a password loss protection feature that enables authorized users to restore encrypted backups without entering passwords if they forget or lose them. This feature requires enabling password loss protection in Veeam Backup Enterprise Manager settings and assigning a security officer role to a user who can approve password recovery requests.

References: [Veeam Backup Enterprise Manager], [Password Loss Protection]

The best way to accomplish the recoverability testing of backup files for gold tier virtual machines to meet the customer’s requirements is to create a virtual lab in the customer’s environment, and then use SureBackup jobs to verify backups. A virtual lab is an isolated environment where you can run your backups or replicas without affecting the production environment. A SureBackup job is a process that allows you to automatically verify the recoverability of your backups by running them in a virtual lab. By using these features, you can ensure that your backups are consistent, functional, and compliant with SLAs and regulations.

The recommended method to replicate VMware virtual machines with a less than five-minute RPO is Veeam Continuous Data Protection (CDP). CDP is a feature that allows near-continuous replication of VMware virtual machines to a secondary site or cluster with minimal data loss and downtime. CDP uses VMware vSphere APIs for I/O Filtering (VAIO) to capture every write operation from the source VMs and send them to the target VMs in near real-time. CDP can achieve RPOs as low as seconds and enable fast failover and failback in case of a disaster.

The configuration that would verify the SLA compliance during audits and protection against exposure to personally identifiable information in the event of exposure is to create a virtual lab environment and periodically perform staged restores with custom scripts. A virtual lab is an isolated environment where you can run your backups or replicas without affecting the production environment. A staged restore is a process that allows you to run custom scripts on the restored data before publishing it to the production environment. By using these features, you can demonstrate that your backups are recoverable and compliant with legal regulations, as well as remove or mask any sensitive data before restoring it.

The additional Veeam capabilities that must be included in the conceptual design for gold level systems are SureBackup and Secure Restore. SureBackup is a feature that allows you to automatically verify the recoverability of your backups by running them in an isolated virtual lab. This can help you meet the requirement of testing the gold tier backups to verify recoverability. Secure Restore is a feature that allows you to scan your backups for malware before restoring them to the production environment. This can help you meet the requirement of scanning all backups for malware before restoring.

References: [SureBackup], [Secure Restore]

The areas that would benefit from additional analysis on areas mentioned in the case study are MSSQL, NAS, and PostgreSQL. These areas have specific backup and restore requirements that need to be considered and addressed in the design and sizing of the Veeam backup infrastructure. For example, MSSQL requires transaction log backup and application-aware processing to ensure consistent backups and point-in-time recovery. NAS requires file-level backup and storage integration to optimize backup performance and storage efficiency. PostgreSQL requires pre-freeze and post-thaw scripts to quiesce the database before backup and resume it after backup.

References: [MSSQL Server Backup], [NAS Backup], [PostgreSQL Backup]

Based on the customer Windows and Linux file server backup requirements, the best component to help them meet their stated objectives is Backup Enterprise Manager with indexing enabled on virtual machine and Agent backups with RBAC policies. This is because:

•Backup Enterprise Manager allows the customer to manage and monitor backup jobs across multiple backup servers from a single web-based interface1.

•Indexing enables the customer to perform file-level recovery from the backups of Windows and Linux servers, as well as search for files across all backups2.

•RBAC policies allow the customer to delegate permissions to different users and groups for performing file-level recovery, based on their roles and restore scopes3.

References: 1: Veeam Backup Enterprise Manager Guide 2: Veeam Backup & Replication User Guide 3: Veeam Backup Enterprise Manager Guide > Configuring Accounts and Roles

To design a solution that meets the replication requirement for Veeam University Hospital, you need to consider some of the mitigating techniques that might be required for the virtual machines that have several separate large VMDKs with a high change rate per virtual machine on the same datastore. This will help you to overcome some of the challenges and limitations that may affect the replication performance and efficiency, as well as the recovery point objective (RPO) of the organization.

According to the Veeam Backup & Replication Best Practice Guide, some of the mitigating techniques that might be required are:

•Implement WAN accelerator. This technique can help you to reduce the amount of data that needs to be transferred and processed between the source and target sites, by using caching, deduplication, compression, and encryption. You need to deploy a pair of WAN accelerators, one at the source site and one at the target site, and configure them in the replication job settings. This technique can improve the replication speed and efficiency, as well as save network bandwidth and storage space.

•Recommend migrating some of the VMDKs to alternative datastores. This technique can help you to avoid performance degradation and resource contention on the source datastore, by distributing the load and I/O across multiple datastores. You need to use VMware tools or commands, such as Storage vMotion or svmotion, to migrate some of the VMDKs to other datastores that have enough capacity and performance. This technique can improve the replication stability and reliability, as well as reduce the impact on the production environment.

Therefore, based on these techniques, the answer that describes which mitigating techniques might be required is A and C.

To make backup files immutable in a Scale-out Backup Repository, you need to use XFS extents with the reflink attribute enabled. This attribute allows Veeam Backup & Replication to create immutable backup files using the fast clone technology. If some of the XFS extents do not have this attribute enabled, they will not support immutability and the backup files stored on them will not be protected from deletion or modification1

Option A follows the 3-2-1 rule by having three copies of data (the original production data, the backup at the primary site, and the backup copy at the secondary site), two different media types (local disk and object storage), and one copy off-site (the backup copy at the secondary site). This option also reduces the amount of traffic sent over the network by using existing backups as seeds for backup copies, and reduces the storage costs by using cloud tier to move older backups to cheaper and unlimited cloud storage1

To design a solution that meets the backup and replication requirements for Veeam University Hospital, you need to consider some of the components that are needed for the on-premises design. This will help you to ensure the performance and reliability of the backup and replication operations, as well as the scalability and manageability of the backup infrastructure.

According to the Veeam Backup & Replication Best Practice Guide1, some of the components that are needed for the on-premises design are:

•Backup server. This is the core component of Veeam Backup & Replication that controls and coordinates backups, replication, recovery verification, and restore tasks. It also manages backup infrastructure components, such as proxy servers, repository servers, WAN accelerators, etc. You need to have a backup server at each site, as recommended by the best practice guide2.

•Backup proxy. This is a component that retrieves data from the source host, processes it and transfers to the backup repository. It also performs data compression, deduplication, encryption, etc. You need to have at least one backup proxy at each site, as recommended by the best practice guide3.

•Backup repository. This is a server where Veeam Backup & Replication keeps backup files, backup copies and metadata of replicated VMs. It can be a Windows or Linux server, a NAS device, a deduplication appliance, etc. You need to have at least one backup repository at each site, as recommended by the best practice guide4.

•Mount server. This is a component that mounts backup files from the backup repository to the backup proxy during restore operations. It also performs data decompression, deduplication, decryption, etc. You need to have a mount server at each site where you plan to perform restores, as recommended by the best practice guide5.

•Gateway server. This is a component that acts as a data mover between the backup proxy and the backup repository when they are located in different sites or networks. It also performs data encryption and decryption for secure data transfer. You need to have a gateway server at each site where you have a backup repository that is accessed by a remote backup proxy, as recommended by the best practice guide.

Therefore, based on these components, the answer that describes which components are needed for the on-premises design is D. Backup server, backup proxy, backup repository, mount server, gateway server.

To design a solution that meets the virtual infrastructure requirements for Veeam University Hospital, you need to collect some information during the discovery phase. This information will help you to understand the configuration and performance of the VMware clusters, the size and type of the data, and the backup and recovery objectives.

According to the Veeam Backup & Replication Best Practice Guide, some of the information related to the virtual infrastructure that is missing and must be collected during the discovery phase are:

•Local area network speed. This information will help you to determine the network bandwidth and throughput that are available for backup and replication traffic, as well as the impact of backup and replication activities on the network performance and latency.

•Size of the source data set. This information will help you to estimate the backup storage requirements, as well as the backup compression and deduplication ratios, based on the size and type of the data.

Therefore, the correct answer is A and D.

To design a solution that meets the needs and requirements of Veeam University Hospital, you need to consider some of the risks and challenges that may affect the success and quality of the project. This will help you to identify and mitigate any potential issues or errors that may arise during the implementation or operation of the solution.

According to the Veeam Backup & Replication Best Practice Guide, a risk is a factor that may negatively impact the performance, reliability, security, or functionality of the backup and replication solution. A risk may be caused by internal or external factors, such as technical limitations, environmental constraints, human errors, etc.

Based on this definition, one of the possible risks for this project is C. Data must be replicated with one-hour recovery point objective.

This risk means that:

•The recovery point objective (RPO) is a business requirement that defines the maximum acceptable amount of data loss in case of a disaster or failure. It is measured in time units, such as minutes, hours, or days.

•The data replication is a technical solution that allows you to create replicas of your running workloads on another host or site. It is used for disaster recovery purposes, as it enables you to quickly fail over and fail back in case of a disaster.

•The one-hour RPO is a challenging and demanding requirement that may be difficult toachieve or maintain, depending on various factors, such as the data change rate, the available bandwidth, the replication frequency, etc.

•The one-hour RPO may also conflict or contradict with other requirements or expectations, such as the backup window, the backup retention, the backup storage capacity, etc.

This risk has some implications for designing a solution with Veeam products and features, such as:

•The customer or a third-party vendor must monitor and measure the data change rate of the workloads that need to be replicated, as well as the available bandwidth between sites. This will help to plan and optimize the replication infrastructure, such as the proxy servers, repository servers, WAN accelerators, and failover plans, based on the data change rate.

•The customer or a third-party vendor must configure and adjust the replication settings and policies, such as the replication method, schedule, frequency, retention, compression, deduplication, etc., based on the one-hour RPO. This will help to improve the replication performance and efficiency, as well as to meet the RPO requirement.

•The customer or a third-party vendor must test and verify the replication results and processes, as well as perform regular failover and failback drills. This will help to ensure the reliability and consistency of the replicas, as well as to validate and improve the RPO achievement.

To design a disaster recovery solution that meets the needs and requirements of Veeam University Hospital, you need to identify some information during the discovery phase. This information will help you to understand the scope and scale of the replication and failover processes, the network andstorage resources and limitations, and the recovery time objectives and recovery point objectives.

According to the Veeam Backup & Replication Best Practice Guide, some of the information that is necessary to design the disaster recovery solution and must be identified during discovery are:

•The number of virtual machines to be replicated. This information will help you to determine the number and size of the replication jobs, as well as the replication performance and scalability, based on the number and type of virtual machines.

•The available bandwidth between locations. This information will help you to estimate the network bandwidth and throughput that are available for replication traffic, as well as the impact of replication activities on the network performance and latency.

•Which sites will be the source of replication and which sites will be the targets for recovery. This information will help you to plan and configure the replication infrastructure, such as the proxy servers, repository servers, WAN accelerators, and failover plans, based on the source and target locations.

To design a solution that meets the NAS environment requirements for Veeam University Hospital, you need to collect some information during the discovery phase. This information will help you to understand the characteristics and performance of the NAS systems, the size and type of the data, and the backup and recovery objectives.

According to the Veeam Backup & Replication Best Practice Guide, some of the information that you should collect from the customer about the data stored on the NAS per site are:

•Total number of files (in millions) to be backed up. This information will help you to estimate the backup storage requirements, as well as the backup performance and scalability, based on the number and distribution of files.

•Largest file size. This information will help you to determine the optimal backup block size and alignment, as well as the backup compression and deduplication ratios, based on the size and type of files.

Option C uses replica seeding to reduce the network traffic during the initial replication. By creating a backup job of the source VM at the primary site and pointing the replica job to that backup repository at the secondary site, Veeam Backup & Replication can restore the VM from the backup and synchronize it with the latest state of the source VM. Then it can use the restored VM as a replica2

To design a solution that meets the immutability requirement for Veeam University Hospital, you need to consider how this constraint affects the other requirements and expectations of the customer. This will help you to avoid any conflicts or inconsistencies that may arise from applying immutability settings to the backup data.

According to the Veeam Backup & Replication Best Practice Guide, immutability is a feature that prevents backup files from being deleted or modified by anyone until the specified retention periodexpires. Immutability can be achieved by using S3 Object Lock or Hardened Repository, which are two different solutions that Veeam Backup & Replication supports.

Based on this definition, the requirement that is impacted by the immutability constraint is D. Backup must take advantage of public cloud storage for long-term retention.

This requirement is impacted by the immutability constraint because:

•Public cloud storage is a type of storage that is provided by a third-party service provider over the internet, such as Amazon S3, Microsoft Azure, Google Cloud, etc.

•Public cloud storage can be used for long-term retention, which is a policy that defines how long backup data should be kept for compliance or historical purposes, such as months, years, or decades.

•Public cloud storage can also support immutability, which is a feature that prevents backup data from being deleted or modified by anyone until the specified retention period expires, such as days, weeks, or months.

•However, not all public cloud storage providers or services support immutability, or support it in the same way. For example, Amazon S3 supports S3 Object Lock, which allows you to apply a legal hold or a retention period to individual objects or object versions. Microsoft Azure supports Immutable Blob Storage, which allows you to create time-based policies or legal holds for blob containers. Google Cloud supports Bucket Lock, which allows you to lock a bucket and prevent objects from being overwritten or deleted.

•Therefore, the choice of the public cloud storage provider or service may affect the immutability setting and requirement for the backup data. You need to verify and compare the compatibility and supportability of the public cloud storage providers or services with Veeam Backup & Replication and with the customer expectation.

The configuration that is unsupported by Veeam Plug-in for Oracle RMAN based on the technical requirements is physical windows server with Oracle. Veeam Plug-in for Oracle RMAN only supports Oracle databases running on Linux, Solaris, or AIX operating systems1. The other configurations are supported by either Veeam Plug-in for Oracle RMAN or Veeam Backup & Replication. References: Veeam Plug-in for Oracle RMAN, Oracle | Veeam Backup & Replication Best Practice Guide.

The best way to deploy the proxies for the remote office is to deploy eight virtual proxies with eight CPUs and 16 GB of RAM each. This option allows to leverage the Virtual appliance (Hot-Add) mode, which is the recommended transport mode for VSAN storage1. Virtual appliance mode enables LAN-free data transfer between the source datastore and the proxy, as well as load balancing and fault tolerance across multiple proxies2. The other options are either not optimal (option A and B, as physical proxies require LAN or SAN connection to access the source data, which may impact the networkperformance and backup SLAs3) or not supported (option C, as virtual proxies with more than eight CPUs are not compatible with Virtual appliance mode). References: Transport Modes, Virtual Appliance Mode, Direct Storage Access Mode, [Requirements and Limitations for VMware Backup Proxies].

Network traffic rules are settings that allow you to control the network traffic transferred between backup infrastructure components, such as backup proxies, repositories, and WAN accelerators. You can use network traffic rules to throttle or encrypt the network traffic, or to specify preferred networks for data transfer1.

By configuring network traffic rules, you can reduce the bandwidth consumption for the offloading of data to public cloud storage, and avoid affecting the performance of business applications on the branch sites. You can set limits for the network traffic speed, or schedule the offloading tasks to run during off-peak hours2. You can also select the optimal network routes for the offloading tasks, and avoid congested or slow networks3.

You can find more information about network traffic rules and how to configure them in the following resources:

• Configuring Network Traffic Rules
• Enabling Traffic Throttling
• Specifying Preferred Networks

The information that is still needed for a complete architectural design is how often backups are required for silver machines. This is not stated in the technical requirements, where only the recovery time objective and recovery point objective are given for the silver tier. The backup frequency affects the backup storage consumption, the backup window, and the restore point granularity. The other options are either already provided in the technical requirements (daily backup retention, amount of time required for a successful restore for gold machine) or not relevant for the architectural design (RMAN configuration guidelines). References: Veeam Certified Architect 2022 Exam Guide, page 10; Veeam Backup & Replication v11: Architecture and Design course, module 4.

The things that can be done to validate that the design meets target SLAs and reduces the headcount required to manage the solution are:

• Use tagging and scripts to auto-generate backup jobs, set the start time and windows, letting the backup server manage resource allocation. This option allows to automate the backup job creation and configuration, based on the tags assigned to the source objects, such as VMs, hosts, or clusters1. This reduces the manual effort and human error involved in managing the backup jobs, and ensures that the backup server allocates the optimal resources for each job, based on the load balancing and performance settings2.
• Explain how to detect configuration changes, reporting and using backup job templates to maintain consistency. Document self-service restore the streamline service desk engagement. This option allows to monitor the backup infrastructure and detect any changes that may affect the backup performance or reliability, such as adding or removing VMs, hosts, or clusters3. It also allows to use backup job templates to create consistent and standardized backup policies, and apply them to multiple backup jobs4. Additionally, it allows to document the self-service restore process, which enables end-users to perform file-level restores from their own backups, without involving the backup administrator or the service desk5.
• Review the design so that the slowest part of the infrastructure is fast enough to meet backup window requirements. This option allows to identify and optimize the bottleneck in the backup infrastructure, which is the component that limits the backup speed and throughput. By reviewing the design and ensuring that the slowest part of the infrastructure can meet the backup window requirements, the backup SLAs can be achieved and the backup performance can be improved.

The other options are either not relevant for validating the design (option A and E, as exporting the configuration, scheduling a review, and reviewing the design for bottlenecks are part of the design process, not the validation process) or not effective for meeting the SLAs and reducing the headcount (option C, as using inventory information, backup chaining, and fine tuning are manual and complex tasks that may not guarantee the backup window compliance or resource efficiency). References: Tagging, Load Balancing and Performance, Configuration Change Tracking, Backup Job Templates, Self-Service File Restore, [Bottleneck Statistics]

The requirement C is vague and needs more clarification from the customer. It does not specify which public cloud provider, service, or storage tier should be used for the backup data. It also does not indicate how the backup data should be transferred, secured, or managed in the public cloud. The other requirements are more clear and specific, and can be met with the Veeam solution features and best practices. References: Veeam Certified Architect 2022 Exam Guide, page 9; Veeam Backup & Replication v11: Architecture and Design course, module 6.

The component sizing that should be adjusted is the physical storage in the repositories. The repositories are the backup storage locations where Veeam Backup & Replication stores backup files, VM copies and metadata for replicated VMs1. Increasing the retention period from four to five years means that more backup files will be kept on the repositories, and thus more storage space will be required. The other options are not affected by the retention period change, as they are either related to off-site backups (option A), Veeam Backup & Replication server performance (option C), or backup proxy performance (option D). References: Backup Repositories.

The best option to still satisfy the requirement for offsite, immutable or air gapped backups if the cloud provider selected for archive storage does not support immutability is to set up Scale-out Backup Repository capacity tier to a different cloud provider than the archive tier. Scale-out Backup Repository is a logical entity that groups several backup repositories into a single pool of storage, and allows to move backup files between performance and capacity tiers1. The capacity tier can be configured to use Amazon S3 or Microsoft Azure Blob Storage, which support Object Lock feature for immutability2. By using a different cloud provider for the capacity tier than the archive tier, the backup data can be stored in two separate locations, with one copy being immutable or air gapped. The other options are either not feasible (option A, as the scenario does not mention another site), not secure (option C, as the backup data can still be accessed or modified when the repository is online), or not offsite (option D, as the scenario requires a copy of backup data in a public cloud). References: Scale-out Backup Repository, Object Storage Immutability.

The requirement C will act as a constraint on the decision of whether to use a local repository or not for the remote sites. Data locality and privacy laws may vary by country or region, and may impose restrictions on where the backup data can be stored or transferred. For example, some countries may prohibit the export of personal data outside their borders, or require encryption or anonymization of sensitive data. Therefore, the Veeam solution must comply with these laws and regulations, and may need to use a local repository for each remote site, or use a cloud provider that has a local presence in each region. The other requirements are not constraints, as they can be met with either a local or a central repository, using the features and options of the Veeam solution. References: Veeam Certified Architect 2022 Exam Guide, page 11; Veeam Backup & Replication v11: Architecture and Design course, module 5.

Immutable repositories are backup storage locations that prevent unauthorized modifications or deletions of backup data, ensuring its integrity and recoverability. Immutable repositories are essential for protecting backups against ransomware attacks, accidental deletions, or malicious insiders1.

Veeam Backup & Replication supports several types of immutable repositories, such as hardened repositories, immutable object storage repositories, and immutable deduplicating storage appliances2. Among these options, the best configuration for ensuring SLA compliance and providing protection against ransomware is to leverage hardened repositories at both primary and secondary sites, and offload to object storage in a public cloud with immutability enabled.

Hardened repositories are Linux-based repositories that use XFS file system with immutability flag to protect backup files from changes or removals. Hardened repositories can be used as primary or secondary backup targets, and can be combined with Veeam Scale-out Backup Repository to simplify backup management and optimize storage utilization3.

Object storage repositories are cloud-based repositories that use object storage services, such as Amazon S3, Microsoft Azure Blob Storage, or Google Cloud Storage, to store backup data. Object storage repositories can be used as secondary backup targets, and can leverage the immutability feature of the cloud provider to prevent backup data from being overwritten or deleted.

By using hardened repositories at both primary and secondary sites, you can achieve high availability and redundancy for your backup data, as well as fast and reliable restores. By offloading to object storage in a public cloud with immutability enabled, you can achieve long-term retention and compliance, aswell as cost savings and scalability. This configuration also follows the 3-2-1-1 backup rule, which recommends having three copies of data, on two different types of media, with one copy off-site and one copy immutable.

You can find more information about immutable repositories and how to configure them in the following resources:

• Immutable Backup Solutions: Linux Hardened Repository
• Unstructured Data Backups in Immutable Repositories
• Hardened Repository
• [Immutability for Object Storage Repositories]
• [3-2-1-1 Backup Rule]