Backup Storage

Object First OOTBI Appliance Quick Setup

Object-First-Appliance-unboxing

In case you are not familiar with Object First OOTBI (Out-of-the-box immutability). It is an enterprise-grade object storage appliance designed specifically for Veeam Backup and Replication. It provides a fast, ransomware-proof storage that is easy to deploy and manage. In this article, we shall discuss the “Object First OOTBI Appliance Quick Setup”. Please see How to perform DriveLock quick setup, How to backup Azure VM with VM Settings, and Set up Veeam Backup for Microsoft Azure.

Before diving into this setup fully, I would like to seize this opportunity to appreciate @Geoff Burke and Object First for the opportunity to test a 128TB-Object First Storage.

Since my hardware developed some issues and will be replaced, I have decided to discuss how to access Object First (OOTBI) remotely. This is because, the IPMI technology is crucial for IT administrators to access and manage servers in this case OOTBI remotely.

More importantly, to be able to perform diagnostics, troubleshoot issues, and perform various tasks without physically being present at the server location. Therefore, when having hardware issues, this is how the support engineers will connect to your OOTBI appliance. There is also optimal OOTBI performance post-setup support should any unforeseen issues arise.

Please see how to Change the Default Web Browser on Windows 11, how to Install Group Policy Templates for Microsoft Edge and Google, and

Why should you choose OOTBI by Object First?

Object First acknowledge the persistence and landscape of ransomware attacks targeting businesses. This is where OOTBI comes in and stands out with its out-of-the-box immutability, rendering backup data impenetrable to attacks.

OOTBI is designed around Zero Trust and Data Security Principles, integrates built-in immutability to significantly diminish the threat of ransomware compromising backup data. See Demystifying Zero Trust with Veeam: Design your Architecture.

Reinforcing security measures, a customised hardened Linux operating system further fortifies OOTBI. With zero access granted to root or operating system, even the most privileged user finds altering OOTBI or its immutable data impossible.

If you’re constrained by legacy solutions like Direct-Attached Storage (DAS), dedupe appliances, or Hardened Linux Repositories that lack explicit optimisation for Veeam and necessitate security expertise and costly technical staff to manage, compromising security, simplicity, or power, you should consider acquiring an Out-of-the-Box (OOTB) appliance.

Note: Say no to ransom payments and regain control with OOTBI for confident recovery! So what are you waiting for? Here is how to purchase OOTBI by Object First. You may want to request a DEMO before purchasing one as OOTBI drastically reduces the risk of ransomware affecting your backup data.

Object First OOTBI Appliance Unboxing

As you can see below, the OOTBI appliance came with the following power cords, screws, and other accessories required for the Object First Out of the Box Installation (OOTBI). Installation becomes effortless and takes only a few minutes.

Furthermore, in the image below. You will find the maximum capacity for cluster depending on the OOTBI appliance you have purchased, storage configuration, and specifications etc.

To demonstrate the simplicity of installing and configuring OOTBI appliance. Object First sends alongside a flyer containing step-by-step installation and configuration instructions.

Additionally, the flyer presents the configuration of the Veeam Backup and Replication repository.

How Does OOTBI integrate with Veeam?

Veeam Data Platform V12 fully embraces S3 Object Storage as its primary backup target. OOTBI is a Veeam Ready repository that leverages Veeam’s “direct-to-object” functionality, utilising S3 object storage to provide high-performance backup while ensuring security and immutability. Please see the image below for more information.

Note: The ZTDR architecture and secure appliance form factor inherently separate the OOTBI from the Veeam Backup & Replication server. This segmentation ensures proper isolation between the Backup Software and Backup Storage layers, thereby guaranteeing ransomware resilience.

Note: In this article to configuring and integrating Object First with Veeam Backup and Replication, this subject will be further demystified.

It fully supports Veeam Smart Object Storage API (SOSAPI) with HTTPS which ensures secure communication and encrypts all network traffic between Veeam and Ootbi. Since OOTBI was developed with Veeam Backup and Replication in mind. It is optimised to deliver fast backup storage and instant recovery with Veeam as shown in the image below.

The solution also includes data offload automation along with automated load balancing in clustered Ootbi deployments which makes the administrator’s backup-related tasks effortless.

You may want to learn the difference between iDRAC, ILOM, IPMI or ILO, and how to Upgrade Windows Server 2019 to 2022 via iDRAC.

Physical Security

Ensuring physical security for the appliance is paramount and we can achieve this by placing OOTBI apliance in a secure location such as a dedicated server (equipment) room or service closet with restricted access. Also, access should be limited to authorised personnel only.

The installation site should be dust-free, clean, and well-ventilated, avoiding areas with electrical noise, heat, or electromagnetic fields. Consider surveillance to monitor the OOTBI appliance and its surroundings. Physical security hinges on controlling access and monitoring for any potential breaches.

Note: Remember that physical security is often overlooked in favour of cybersecurity but is equally critical and crucial. Allowing unauthorized physical access could compromise your data, regardless of digital defenses.

Network Security as it relates to OOTBI

Implement access control measures to limit who can interact with the OOTBI appliance. To achieve this, ensure that the IP addresses of IPMI, Cluster etc are not accessible from the Internet. That is, no public IP address is used. See other aspects to consider below.

  • After setup, the IPMI access should be disabled and this can be achieved easily by pulling off the cable.
  • Set up Multi-Factor Authentication.
  • SSH access is disabled by default. Double check to ensure it is disabled.
  • Change the factory-generated IPMI password

Here is How to uninstall Veeam Backup and Replication from your server, and how to install Apache Tomcat on Ubuntu. See Veeam Agent Vulnerability: Fix Veeam Agent vulnerability for Microsoft Windows.

Accessing the Object First OOTBI Appliance

To complete the Object First OOTBI Appliance Quick Setup you have racked in a secure location. It is time to access it. As you can see from the flyer attached, we have to options to access the OOTBI appliance.

1: Local Console Access: For OOTBI management, where IPMI remote connection is not possible, the console can be accessed locally by connecting a VGA-compatible screen and USB-compatible keyboard to the server during physical server installation and connection.

Once connected, enter the appliance credentials to access Object First TUI. You should be able to interact with the server’s IPMI TUI.

2: Remote IPMI Console Connection: The IPMI is a standardised interface defined by the Intelligent Platform Management Interface Forum (IPMI Forum). IPMI is not tied to a specific vendor but is a standardized protocol that various server manufacturers implement in their hardware. You may want to learn the difference between iDRAC, IPMI, and ILO.

If the server’s IPMI is configured for remote connection. Plugin the IPMI cable and obtain the IP address IPMI interface obtained over DHCP.

connected-device

Next, launch a web browser on your client machine and enter the URL for the IPMI interface in the following format https://<IP_address_of_server> .

Once you access the IPMI interface URL, you will likely be prompted to enter login credentials. The username is ADMIN and the password is associated with the hardware. You should change these details afterwards.

Login-to-the-IPMI-interface

Once the login is successful, the IPMI main screen is available as shown below.

IPMI-interface

Remote Console Connection Options

IPMI (Intelligent Platform Management Interface) provides remote management capabilities for servers/hardware. We have two optioned to connect to the Text User Interface (TUI). We have the Java and HTML5 option to accessing the Text User Interface (TUI) remotely.

Upon launch and access the IPMI, we can see the current interface is “Java Plugin”. If you prefer using Java over HTML5, please proceed and launch the console.

Note: HTML5 console is often considered better in terms of security, compatibility, and ease of use. Especially considering the decline in support for Java applets in modern browsers. However, the choice ultimately depends on your specific requirements.

Current-conenction-Java

My preferred connection method is HTML 5. But I would like to show your how this works with Java and the security involved.

Note: Once a remote console session is connected, switching between JAVA and HTML5 is not supported.

Remote Connection Via HTML5

Access to the server’s IPMI interface over the network. Unlike the Java method which we will discuss very shortly, the HTML5 method relies on modern web technologies. You need a browser that supports HTML5 and related technologies such as WebSocket for real-time communication.

To change the current interface, click the link “here” as shown below.

Select HTML5 and click save.

HTML5

Then launch the remote console again. The interface should load directly within the browser without requiring any additional plugins or installations. You should be able to access the TUI directly through the browser interface, which resembles a traditional command-line interface.

Use the TUI interface to navigate through different menus and options to perform the desired management tasks.

IPMI-TUI-for-Object-First-Accept-License

Now, you can set up your Cluster! You might be wondering why do we have to setup a cluster on a single note. This will be explained in the next article.

Setup-your-Cluster

Configure the network interface

Configure-Network-interface
I will stop here for now and the rest steps will be discussed in a different article.

Remote Connection via Java

Make sure that the client machine from which you intend to access the IPMI TUI has Java Runtime Environment (JRE) installed.

You can download and install the latest version of JRE from the official Oracle Java website. Once the Java applet is installed and running, you should be able to access the Text User Interface (TUI) of the IPMI interface. Here is how to install Java Runtime Environment on Mac OS, and how to Disable Hardware Acceleration in Browsers and Windows.

If you are connecting from a Mac Device, you will have to unblock the launch.jnlp because it is from an unidentified developer.

unblock-launch.jnlp-

Because, you do not have a valid certificate. You might receive security warnings when launching the Java applet. Review and accept these warnings if you trust the source.

Connect-to-website

Next, you can access the TUI through the Java applet viewer. Click run as shown below.

Java-Viewer

Note: If you are missing some Java updates, you will be prompted to download and install these missing updates.

Focus on Java and HTML Compatibility and Security

Determining which method is better depends on various factors including security, compatibility, and ease of use:

  • Security: HTML5 is generally considered more secure than Java due to the numerous security vulnerabilities associated with Java applets. HTML5 relies on modern web standards and sandboxing mechanisms implemented in browsers.
  • Compatibility: HTML5 is more compatible with modern browsers across different platforms compared to Java applets. Additionally, many browsers are phasing out support for Java due to security concerns, which might make the HTML5 method more future-proof.
  • Ease of Use: HTML5 tends to be more user-friendly since it eliminates the need for users to download and install additional software (Java Runtime Environment) on their machines. Users can simply access the IPMI interface using their preferred HTML5-compatible browser.

Overall, the HTML5 method is often considered better in terms of security, compatibility, and ease of use. However, the choice ultimately depends on your specific requirements and the capabilities of your server hardware and management interface

Conclusion on Object First OOTBI Appliance Quick Setup

Object storage is a reliable choice for data backup and recovery because of its S3 native immutability, unlimited scalability, lower cost of storing large volumes of data, seamless on-premises-to-cloud data copy, simplified management, reliability, and availability.

Note: Whether you are saving your backups to an external cloud or inside your datacenter. It is imperative to ensure that anyone with access to this data cannot read it unless authorised. Data exfiltration is something that can impact our backups as well, and if they are not encrypted any instance of VBR can read them.

I hope you found this article on “Object First OOTBI Appliance Quick Setup” very useful. Please feel free to leave a comment below.

Subscribe
Notify of
guest

0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x