Veeam backup repository
![veeam backup repository veeam backup repository](https://nolabnoparty.com/wp-content/uploads/2019/10/veeam-10-nfs-repository-setup-14-600x336.jpg)
During the upgrade of other Veeam components to apply version 11a, the Hardened Repository was skipped. Open the Veeam console and select from the menu the Settings > Upgrade option. To apply the update, the first step is to add the used service account back to the sudo group.Įnable the remote access to your repository and login with the administrative account set during the installation of your Linux repository.Īdd the Veeam service account to the group sudo with the command: In addition, the account used by Veeam to connect the repository doesn't have any permission to do operations on the Linux machine since it is not a member of the sudo group. If the repository was configured by following the best practices, the Single-use credentials for hardened repository option was used to connect Veeam to the repository. This is an expected behavior since Veeam doesn't have the credentials stored anywhere to access the Hardened Repository.
#Veeam backup repository update
When a new version or patch is released by Veeam, when you try applying the update to the repository, it will fail. Hardened repository can store all kind of Veeam backup data.With the introduction of the Immutability feature in Veeam Backup & Replication v11, a Hardened Repository requires a specific procedure to be upgraded.Ī normal upgrade of this type of repository cannot be performed in the "classic" way due to the restrictions applied during the configuration procedure of the repository itself. HPE iLO, Dell IDRAC and other out-of-band management interfaces should be disabled or hardened as they offer remote access. Remote access to server console via IPMI interfaces: with a hardware dongle syncing time via GPS. with a domain controller which is compromised, attackers can perform a “time travel” to by-pass the configured immutability time. Synchonize time with a reliable NTP server!īecause if you sync time eg. Important note about time synchronization:
![veeam backup repository veeam backup repository](https://kb.probax.io/hs-fs/hubfs/VeeamRepos-1.png)
Inside the linux repository, a service with higher privileges is taking care of the immutability flag. no SSH,…).Īs a consequence, no other Veeam roles can be hosted on this repository server.įrom the outside, only port TCP 6162 and some highports (TCP 2500 to 3300 only assigned when needed) as transmission channels are in use:Īll Veeam components are accessing the linux repository with non-root user credentials.
#Veeam backup repository full
To reach full protection, no connections except for Veeam transport service are allowed to be open/enabled (eg. Now we have a linux based repository with XFS filesystem and immutable backup files. Perfect protection even for long time retention! monthly, yearly,… backups) – they are made immuatable for the entire duration of their retention policy. So take care to chose the correct chain when configuring your backup jobs.īy the way, when talking about GFS full backups (eg. Only forward incremental chains with active or synthetic fulls are possible. Just configure a number of days to proctect backups from modification or deletion by ransomware or hackers.Īs backup files are protected against modification/deletion in the hard way, you have to choose a compatible backup chain.
![veeam backup repository veeam backup repository](https://reboote.weebly.com/uploads/2/1/3/2/21322080/7125101_orig.jpg)
When you add the new linux repository to your Veeam infrastructure the wizard offers a new configuration setting: Doing so enables the XFS filesystem to reuse the same data blocks between files, providing “a kind of deduplication” (takes up less space) and makes copy operations much faster. It makes sense to use a distribution that supports Veeam Fast Clone (based on reflink technology). The repository itself must be based on Linux. With Veeam Backup & Replication v11 the new hardened (immutable) repository is available to safeguard your valuable data in an easy but effective way. Backups are your treasure if the worst comes to the worst.