#Veeam + NetApp Backup Solution ransomware resilient

Anyone here built a Backup Solution with Veeam + NetApp and have it ransomware resilient?

The Idea is to use NetApps as Backup Repos for VMs, physical Servers and Databases etc.
Map those Repos via NFS and have some tamperprrof Snapshots with retention X on top to protect them against ransomware attacks.
Then have a copy job of all those jobs sent to an Offsite System either ONTAP S3, or StorageGrid and use the immutability feature inside Veeam on S3 + enable MAV on everything (Veeam + NetApp)

On the File Services side I would completely go with NetApp, using Tamperproof Snapshots that are replicated to the same Veeam Backup Netapp. From there replicate those Snapshots to the same Offsite System as the Veeam stuff, either ONTAP or Storagegrid.

Where this idea kinda falls apart is when I add Veeam NAS Backup into the mix. Apparently Veeam NAS Backups performs horribly when directly backing it up to tape, so there has to be a disk stage before sending it top tape in a performant manner.

Input, Comments and Remarks are welcome.

why backup NAS when you can simply mirror snapshots? you can also lock local snapshots, for that matter. Backup of NAS filesystems, unless they are very small, or going to be prohibitively slow, as in, you will never complete a job within a time-frame that makes that backup or restore remotely usefull for securing data. Too many changes happen between start and end of the backup

may you check out https://tecblog.au.de/ontap-9-14-1p1-veeam-s3-backup-mit-object-lock/ the article gives you an overview how to use ONTAP S3 with Object lock for Veeam.

This was my initial idea, but it looks like I cannot get away without a copy to tape. And to do that AND have single file restore I have to use VEEAM NAS Backup and cannot simply dump to tape via NDMP