Terminology

3-2-1 Rule

The 3-2-1 backup rule is a proven data backup strategy designed to minimize data loss and ensure recovery in the event of data loss. It is based on the following principles:

  • 3 copies of your data: Maintain a total of three copies of the data: the original data and two backup copies.

  • 2 different storage media: Store the copies on at least two different media types, such as disk storage and object storage or tape storage. Two separate disk storage systems are also possible.

  • 1 off-site storage: Store at least one backup copy at an off-site location, away from the other copies, to ensure protection against physical hazards such as fire or flood.

Applying this rule significantly increases the security of your data and ensures that it can be restored even in the event of unexpected events.

3-2-1-1-0 Rule

The 3-2-1-1-0 backup rule extends the classic 3-2-1 strategy with additional security measures to ensure greater data integrity and availability. It includes the following principles:

  • 3 copies of your data: Maintain a total of three copies of the data: the original data and two backup copies.

  • 2 different storage media: Store the copies on at least two different media types, for example, disk storage and object storage or tape storage. Two separate disk storage systems are also possible.

  • 1 off-site storage: Store at least one backup copy at an off-site location, away from the other copies, to ensure protection against physical threats such as fire or flood.

  • 1 immutable or offline copy: Store a backup copy in an immutable format or offline to protect it from cyber threats such as ransomware.​

  • 0Backup Errors: Ensure that all backups are regularly checked for errors and are error-free to guarantee reliable recovery if needed.

Implementing the 3-2-1-1-0 rule significantly increases the security and reliability of backups and effectively protects data from various threats and failures.

AAB

see Application-Aware Backup

AWS S3

Amazon Simple Storage Service (AWS S3) is a scalable, cloud object storage service provided by Amazon Web Services. It allows users to store, manage, and retrieve any amount of data from anywhere on the web, offering high durability, availability, and security. S3 is widely used for backup, archiving, data lakes, and application storage, and supports lifecycle management, versioning, and fine-grained access control.

Backup

A backup is a copy of a system, parts of a system, or files and folders, created automatically by software or manually by a user. The duplicate comprises a data set that is periodically transferred to a storage independent of the original storage and kept there for a defined time and usually in several versions from different points in time. From these copies, a system or a data set can be restored if it has been intentionally or unintentionally deleted, destroyed, modified or compromised.

Active Fullbackup

An active full backup is a complete backup created from the original data of the production systems. This means the data is read/written directly over the network. In contrast, Veeam's synthetic full backup is a backup.

Synthetic Fullbackup

A synthetic full backup is a complete backup created "synthetically" by merging an existing full backup with the incremental backups created since then – without re-reading the original data from the production system. This creates a current full backup, reducing the load on the production system and the network and accelerating backup creation. Combined with block cloning, this saves significant amounts of storage space in the backup system.

Veeam's Active Full Backup is a contrasting feature.

Incremental Backup

Backs up only the changes since the last backup (full or incremental). This saves storage space.

Reverse Incremental Backup

Reverse incremental backup is a backup strategy in which the full backup is always kept up to date. Each backup process captures only the changes since the last backup, but these changes are retroactively integrated into the existing full backup. Previous data, which would otherwise be overwritten, is stored separately as reverse differences (i.e., the differences from the previous version). This creates:

  • A current full backup that is immediately usable for recovery,

  • And incremental reverse data that can be used to roll back to earlier points in time.

Differential Backup

Backs up all changes since the last full backup. Grows with each backup, faster recovery than incremental backups (only requires the last full backup and the last differential backup).

Application-Aware Backup

An Application-Aware Backup (AAB) is a backup of a machine with special attention to the consistency of an application, e.g. a database or Exchange. This method of backup ensures that the application is set to a consistent state before the backup and that the backed up state can also be restored to a working state. In most cases, this procedure also includes the ability to restore individual data sets or individual data within the application.

File-level Backup

Backup of files and folders within a file system. Today mostly no longer the primary method for backing up data, because it is based on whole files. If one byte in a file has changed, the entire file is backed up again.

Backup-as-a-Service

Backup as a Service (BaaS) is a cloud-based service where an external provider handles the backup, storage, and recovery of data for companies. Instead of operating their own physical backup infrastructure, organizations can securely transfer their data over a network connection to the service provider, who stores and manages it in the cloud.

By using BaaS, companies can optimize their data backup processes and focus on their core competencies, while the service provider ensures the integrity and availability of the backed-up data.

Backup Copy

A backup copy is an additional backup of existing backup data, created to increase backup redundancy and availability. These copies are often stored in different physical locations or on different storage media to minimize risks such as hardware failure, natural disasters, or cyberattacks. By using backup copies, companies can ensure that their data can be restored even if the primary backups are lost or corrupted.

Bare Metal

In information technology, bare metal refers to a physical server or computer that runs directly on the hardware—without a virtualization layer in between. This means that all system resources (such as processor, memory, hard drives, etc.) are exclusively available, often leading to higher performance and better control. This direct use of hardware is primarily used in data centers and for applications that require maximum performance and minimal overhead.

Bare-Metal Restore

Bare-metal restore refers to the restoration of an entire computer system—including the operating system, applications, configurations, and data—directly to the physical hardware, without the need to install an operating system first. A previously created complete system image is used to restore the system to its original state, which contributes to rapid recovery, especially in the event of a disaster or serious system failure. A special boot image on an external storage device or an ISO file, mounted, for example, via the iDRAC, is used to boot the system and launch the backup software.

Block Cloning

Block cloning is a technique in which data is copied at the block level without physically duplicating the actual content. Instead, a logical copy is created that references the original data blocks—often via internal pointers or metadata. This enables very fast copy operations and saves storage space by avoiding redundant physical data. Block cloning is often used in storage and backup solutions, for example, to efficiently create virtual clones of volumes or databases.

Changed Block Tracking

Changed Block Tracking (CBT) is an incremental backup technique that identifies changes in the data set at the block level of storage and copies only those blocks that have changed since the last backup.

Database

A database is an electronic system that centrally stores, manages, and makes structured data accessible. It enables the efficient organization, maintenance, and analysis of large amounts of information, with a focus on integrity and security.

There are different types of databases:

  1. Relational databases: In relational systems, data is organized in tables (rows and columns) with defined schemas and relationships (using primary and foreign keys). They are particularly suitable for transactional systems where data integrity and ACID properties (atomicity, consistency, isolation, durability) are paramount. Examples include Oracle, DB2, MySQL, PostgreSQL, and Microsoft SQL Server.

  2. NoSQL databases: This category includes systems that are not based on a fixed table model and enable high flexibility and horizontal scaling. NoSQL databases can be further divided into:

    • Document-oriented databases: Store data as documents (e.g., in JSON format); examples include MongoDB and CouchDB.

    • Key-value databases: Use key-value pairs, ideal for fast read/write access; examples include Redis and Amazon DynamoDB.

    • Columnar databases: Optimized for extensive analytical queries by storing data column-wise (e.g., Apache Cassandra, HBase).

    • DBGraph databases: Focus on managing and querying relationships between data points; examples include Neo4j and Amazon Neptune.

  3. Object-oriented or object-relational databases: These systems enable the direct storage of objects, as they appear in object-oriented programming languages, and thus facilitate the handling of complex, hierarchical data structures. Examples include Db4o (object-oriented) and PostgreSQL (object-relational).

  4. In-memory and cloud databases: For real-time applications and high performance, in-memory databases (such as SAP HANA or Redis in in-memory mode) are often used. In addition, cloud databases (e.g., Amazon RDS, Google Cloud SQL) enable dynamic scaling and easy, global access.

  5. NewSQL: As a hybrid solution, NewSQL systems combine the ACID properties of relational databases with the scalability of NoSQL, with Google Spanner being a prominent example. This diversity allows data management to be precisely tailored to operational requirements—for example, with regard to performance, consistency, and scalability—and thus implement a solid data backup concept and a comprehensive storage environment for companies.

DB

see Database

Deduplication

Data deduplication is a process for identifying redundant data blocks and storing them only once. Instead of creating multiple copies, references to the original, which has already been stored once, are used. In short: storing the same data only once saves storage space.

DISA-STIG

The Defense Information Systems Agency – Security Technical Implementation Guide (DISA-STIG) is a collection of security-related configuration guidelines from the U.S. Defense Information Systems Agency (DISA). The STIGs define detailed instructions for the secure configuration of IT systems, applications, and networks and serve to harden them against cyber threats. They are mandatory for systems within the U.S. Department of Defense (DoD), but are also used outside the military as best practices for IT security and compliance.

Erasure Coding

Erasure coding is a data backup technique in which data is divided into smaller blocks and provided with additional, redundantly generated coding information. This method makes it possible to restore the complete original data set from a limited number of retained data blocks, even if individual blocks are lost or corrupted. This achieves high fault tolerance and efficient use of storage space in distributed storage systems and cloud solutions.

Fibre-Channel

Fiber Channel (also called Fibre Channel) is a high-speed network protocol primarily used in storage area networks (SANs) to transfer block-based data between servers and storage systems. It typically uses optical fiber—or copper cables in some implementations—and offers high bandwidth and low latency, enabling reliable and high-performance data transmission in mission-critical environments.

Frequency

The interval between two backups - see also RPO

Hardened Repository Server

A server hardened to specific conditions (DISA-STIG). This provides immutable storage on a Linux server.

HA

see High Availibility

High Availibility

High Availability (HA) refers to the design and implementation of systems and services that minimize downtime and ensure continuous operation, even in the event of hardware failures, software issues, or network interruptions. It is typically achieved through redundancy, failover mechanisms, and load balancing, ensuring that critical applications and data remain accessible with minimal service disruption. One mechanism to protect a system from the failure of one or more hard drives is, for example, RAID.

iDRAC

The integrated Dell Remote Access Controller (iDRAC) enables out-of-band management on certain Dell servers.

Immutablility

In information technology, immutability refers to the state or property of data or objects that cannot be altered or deleted after their creation. This ensures that the information is preserved in its original state and protected from unauthorized modifications.

In the context of data storage, immutable storage refers to storage solutions in which data cannot be altered or deleted after it has been written. This is particularly important for regulatory compliance and protection against data loss or tampering.

  • Data integrity: Immutable data ensures that information is always preserved in its original form, which is essential for audits and compliance.

  • Security: Protection against unauthorized modification or deletion makes immutable storage an effective measure against cyberattacks such as ransomware.

Infrastructure-as-a-Service

Infrastructure-as-a-Service (IaaS) is a cloud service model in which core IT resources - such as virtualized servers, storage, and network infrastructure - are delivered over the internet. This allows companies to leverage scalable computing power and storage without having to invest in their own physical hardware or manage it on-site. This optimizes IT cost structures and outsources the burden of operating and maintaining the infrastructure to the service provider. Everything from the operating system level onward is the customer's responsibility.

Infrastructure-as-Code

Infrastructure-as-Code (IaC) is an approach in which IT infrastructure - such as servers, networks, and storage - is defined, deployed, and managed using machine-readable configuration files and scripts. This automated process makes infrastructure setup and modification standardized, repeatable, and versionable, leading to greater efficiency, consistency, and scalability in modern IT and cloud environments.

iSCSI

iSCSI (Internet Small Computer Systems Interface) is a standardized network protocol that encapsulates SCSI commands in TCP/IP packets to make block storage accessible over existing IP-based networks, such as Ethernet. This allows servers to utilize centralized storage in a storage area network (SAN), enabling scalability and cost-effective deployment.

ITIL

ITIL (Information Technology Infrastructure Library) is a widely adopted framework for managing and delivering IT services in a structured, efficient, and business-aligned way. It provides best practices for processes such as incident, problem, change, and service management, helping organizations improve service quality, reduce risks, and ensure consistent, customer-focused IT operations.

Jour Fixe

A regular, recurring event, usually scheduled for meetings or the exchange of information within a group.

LACP

Link Aggregation Control Protocol (LACP) is a network protocol defined in IEEE 802.3ad that dynamically manages the bundling of multiple physical network links into a single logical connection, known as a link aggregation group (LAG). This allows for increased bandwidth, redundancy, and load balancing between connected network devices, while automatically detecting link failures and adjusting traffic distribution accordingly.

LACP Channel

A Link Aggregation Control Protocol (LACP) channel is a logical connection that aggregates multiple physical network links into a single, virtual data path. This improves bandwidth capacity and provides redundancy, as if a single link fails, traffic is automatically routed over the remaining links. LACP dynamically detects and manages aggregation, resulting in a more efficient and resilient network architecture.

LUN

A LUN (Logical Unit Number) is a unique identifier assigned to a logical storage device—such as a virtually partitioned storage area in a storage area network (SAN). By assigning LUNs, physical storage is divided into separate, manageable logical units that can then be assigned to individual servers or applications. This enables flexible storage organization, more efficient use of resources, and targeted data protection.

MAC Address

A MAC address (Media Access Control address) is a unique identifier assigned to a network interface card (NIC) for communication on a physical network segment. It operates at Layer 2 (Data Link Layer) of the OSI model and is used to identify devices within a local network. MAC addresses are typically 48-bit hexadecimal numbers, for example, 00:1A:2B:3C:4D:5E.

Object-Lock

Object Lock is a feature in object-based storage systems that marks stored objects (e.g., files or data blocks) as immutable for a defined period of time or permanently. This means that these objects cannot be deleted or modified—an important feature for complying with legal retention periods or protecting data from malicious modification (such as ransomware attacks). This feature is often used in cloud object storage solutions, such as AWS S3 Object Lock, to ensure robust data integrity and compliance.

On-Premise

On-premise refers to IT solutions, software, and hardware that are installed, operated, and managed directly within the company—for example, in company-owned data centers or server rooms. This approach enables complete control over the infrastructure and data, in contrast to cloud-based solutions where resources are hosted externally.

Off-Premise

Off-premise refers to IT solutions and resources that are not operated or managed directly at the company's own location, but are hosted externally, for example, in a cloud data center or with a service provider. This outsourcing enables flexible scaling and reduces the effort required to operate the infrastructure in-house.

PoC

Proof of Concept; feasibility study in collaboration with the customer

Protection Group

Grouping of similar computers. Applies to agents (e.g., hardware computers). This allows me to define a backup job, for example, that backs up these similar computers! (Previously, when selecting the objects to be backed up, we had either the VM or tags, or even a repository for COPY jobs.)

RAID

RAID (Redundant Array of Independent/Inexpensive Disks) is a storage technology that combines multiple physical hard drives into a single logical unit. Different techniques such as striping, mirroring, or the use of parity information can either increase performance, enhance data security, or combine both, resulting in a fail-safe and high-performance storage infrastructure. Overview of common RAID levels:

  • RAID 0 (Striping): Data is distributed evenly across all hard drives, resulting in a significant performance improvement. However, there is no redundancy – the failure of one drive results in data loss.

  • RAID 1 (Mirroring): The data is mirrored identically on at least two hard drives. This means RAID 1 offers high fail-safe performance, but the available storage space is reduced by a factor of 2, since each piece of information is stored twice.

  • RAID 5 (Distributed Parity Striping): In addition to striping, parity information (for data recovery in the event of a failure) is evenly distributed across all participating drives. This allows for the failure of a single drive without data loss – with a moderate loss of capacity.

  • RAID 6 (Double Parity Striping): Similar to RAID 5, but two independent parity information sets are stored. This allows for up to two drive failures, providing increased fault tolerance.

  • RAID 10 (Combination of Striping and Mirroring): Data is first mirrored (RAID 1) and then striped across the mirror groups (RAID 0). This configuration combines high performance with robust redundancy, but requires at least four hard drives and results in a 50% loss of storage space.

Other combinations such as RAID 50 and 60 are analogous to RAID 10. Outdated and obsolete levels such as RAID 3 and RAID 4 are not covered.

RCA

Root Cause Analysis: A process that aims to identify the root cause of a problem. This usually involves a problem (PR, etc.). A specific form must be completed for the Root Cause Analysis.

Restore

Restore is the process of recovering data. The cause of a restore can be data loss due to various events such as hardware defects, human errors or disasters.

Retention

Retention describes the retention period of a backup on the backup storage. It can be described as the number of versions (restore points) that are kept before the oldest version is deleted or the number of days that a backup is kept.

Repository

Storage area on a server or in a cloud where the backup data is kept

RMAN

RMAN (Recovery Manager) is a tool provided by Oracle for backup, recovery, and recovery management of Oracle databases. It enables consistent and incremental backups, automates recovery processes, and offers comprehensive features for managing backup media, logs, and recovery scenarios. RMAN is fully integrated with the Oracle database and supports both local and centralized backup strategies.

RPO

Recovery Point Objective (RPO) is the age of the files that must or can be recovered from the backup storage so that normal operation can be resumed after a failure. It denotes the maximum period of data loss in the event of a system failure, e.g. in the case of daily backup, up to 24 hours of data loss can occur if the system fails and has to be restored exactly before the next backup.

RTO

Recovery Time Objective (RTO) refers to the time required to recover a system or application, or the time period agreed with the customer that is acceptable to the customer.

S3

see AWS S3

SAN

see Storage Area Network

SAN Switch

A SAN switch is a specialized network device that connects servers and storage systems within a storage area network (SAN). It forms the heart of the SAN infrastructure, routing data traffic over dedicated Fibre Channel or IP-based networks, enabling high bandwidth, low latency, and redundancy for reliable data exchange in mission-critical environments.

SCSI

SCSI (Small Computer System Interface) is a standardized interface used for connecting and communicating between a computer and peripheral devices such as hard drives, printers, or scanners. It defines both physical cabling and connector standards as well as data transmission protocols to ensure interoperable and efficient device connectivity.

Site Reporting

Ability to report point usage and create license files as a "sub-customer" in the Veeam Pulse Portal.

SLA

A Service Level Agreement (SLA) is a framework contract concluded between a service provider and a customer to define the quality of a recurring service.

Software-as-a-Service

Software-as-a-Service (SaaS) is a cloud-based delivery model in which software applications are delivered over the internet and operated by the provider. Users typically access the software via a web browser, without having to worry about installation, maintenance, or infrastructure. Typical characteristics of SaaS:

  • Subscription model (monthly or annual)

  • Centralized management and updates by the provider

  • Scalability and location-independent access

Examples: Microsoft 365, Google Workspace, Salesforce. SaaS is particularly suitable for companies seeking flexible, low-maintenance solutions with rapid deployment.

Stage

Staging describes a step in the workflow of most development projects. In our environments, it refers to the status of a system—e.g., production, test, development, etc.

Storage

In IT, "storage" refers to all available storage used for the permanent storage and management of digital data. This can be locally installed or network-based storage solutions, which meet different performance and scaling requirements depending on the application.

Block Storage

Data is stored in small, fixed blocks. These "raw" storage areas are provided with a file system by operating systems or applications, making them particularly suitable for data-intensive, high-performance applications (e.g., databases in SAN environments).

File Storage

Here, storage takes the form of files and folders, organized in a hierarchical structure. Access is via standardized protocols such as NFS (Network File System) or SMB (Server Message Block) and is ideal for applications that require traditional file server access. Often also used as Network Attached Storage (NAS).

Disk Storage

Disk storage refers to the storage of data on hard disks, whether traditional HDDs or modern SSDs. This storage format is used in both direct-attached storage (DAS) and SAN/NAS environments and offers a good compromise between performance, capacity, and cost-effectiveness.

Object Storage

Data is stored as discrete objects that contain not only the actual data but also extensive metadata and a unique identifier. Object storage systems are extremely scalable and are particularly suitable for large, unstructured data volumes, such as multimedia content or cloud backup data.

Tape Storage

Tape storage uses magnetic tape media for data storage. It offers a cost-effective solution for long-term archiving and backups because tapes offer high storage capacity—however, access times are generally slower than hard disks.

Storage Area Network

A SAN (Storage Area Network) is a specialized, dedicated, high-speed network that centrally deploys and manages block-based storage. This isolates storage resources from the normal application and data networks, ensuring high performance, scalability, and resiliency in data centers and mission-critical systems.

Tag

Tags are comparable to nameplates that can be assigned to individual components, such as virtual machines. These "nameplates" allow VMs to be automatically assigned to backup jobs. Tags are available in various environments, such as VMware, ProxMox, most clouds, and more. Support in Veeam is gradually being expanded. In environments where Veeam does not (yet) support tags, assignment to jobs can be done using scripts.

TOTP

Time-based One-Time Password (TOTP) is an algorithm for generating time-limited one-time passwords, typically used for two-factor authentication (2FA). It is based on a shared secret and the current time. TOTP codes are only valid for a short period of time (e.g., 30 seconds), which significantly increases security compared to static passwords. The standard is defined in RFC 6238.

VCSP

VCSP

Veeam Cloud & Service Provider

Veeam Products

VBR

Product: Veeam Backup & Replication.

VB M365

Product: Veeam Backup for M365 backup.

VDC M365

Product: Veeam Data Cloud for M365 data backup

VCD Azure

Product: Veeam Data Cloud for backing up Azure data/machines/etc.

VDC EntraID

Product: Veeam Data Cloud for Microsoft EntraID backup

VDC Salesforce

Product: Veeam Data Cloud for Salesforce backup

Veeam Enterprise Manager

Product: Management of multiple VBR servers and self-service portal for restores

Veeam One

Produkt: Monitoring / Reporting für VBR Umgebungen

Veeam Pulse Portal

Portal where Veeam license files can be generated and the consumption of Veeam license points must be reported

VVAR

Veeam Value Added Reseller

WORM

WORM (Write Once, Read Many) refers to a storage medium or technology where data can be written once and then only read, but can no longer be modified or deleted. WORM is often used for legally compliant archiving, e.g., to meet compliance requirements such as GoBD, SEC 17a-4, or GDPR, as it reliably prevents tampering. Typical applications:

  • Long-term archiving of financial data

  • Email archiving

  • Backup repositories with immutable storage (e.g., for ransomware protection)

Examples of WORM media include optical discs (CD-R, DVD-R), WORM-capable tape systems, or software-based WORM volumes in object storage.

WWN

A WWN (World Wide Name) is a globally unique identifier used in storage area networks (SANs) and Fibre Channel environments to identify devices (such as storage or network interfaces). Similar to a MAC address, the WWN ensures that each device on the network can be uniquely addressed, which is particularly beneficial for managing and troubleshooting large, distributed storage solutions.

WWNN / WWPN

A World Wide Port Name (WWPN) is a globally unique identifier assigned to a specific port of a device in a Fibre Channel network. The WWPN enables the unique identification and communication of that port within the storage area network (SAN). In contrast, the World Wide Node Name (WWNN) identifies the entire device or node. Each port of a device, such as a host bus adapter card (HBA) or a storage array, has its own WWPN, while all ports of the same device can share the same WWNN.

Zoning

Zoning is a technique in Fibre Channel-based storage area networks (SANs) that divides the network structure into smaller, logically separate segments. This segmentation allows for targeted traffic control, increased security, and simplified administration. Only devices within the same zone can communicate with each other, while access to devices outside the zone is blocked.

Zoning in SANs ensures that only authorized devices can communicate with each other, increasing security, optimizing data traffic, and facilitating network management.

There are different types of zoning:

  • Hard zoning: This method strictly controls access at the hardware level by the SAN switches. Only explicitly defined devices can communicate with each other, providing a high level of security.

  • Soft zoning: This method is based on software definitions that limit the visibility of devices on the network. Although devices outside the defined zones are not visible, they may still attempt to access other devices, posing potential security risks.​

  • Port zoning: This creates zones based on the physical ports of the SAN switches. Devices connected to specific ports belong to a zone. Changing the physical connection requires reconfiguration.

  • WWN zoning (World Wide Name Zoning): This creates zones based on the unique WWNs of the devices. This allows for more flexible management, as devices can be identified regardless of their physical connection location.

PreviousIX - Extending Backup Measurements - Understanding RTO and RTANextVeeam

Last updated