Hardened Repository
The Hardened backup repository is a backup repository who contain an option for immutability. This feature permit to protect data against data loss due to malware. Indeed, deletion of data is temporarily prohibiting. Note that only Linux backup repository provices the immutability option.
Job type supported
The immutability option can be enable only for this job :
- Backup jobs and backup copy jobs (VMware, Hyper-V, Windows, Linux, MAC OS, AIX and Solaris)
- Backup copy jobs from external repositories (Veeam Backup for Azure, AWS and Google)
- Veeam Agent backup
- Standalone full backup
- vCloud Director
- VeeamZIP backup
- Nutanix AHV
Limitations
The job retention is overrides by the Immutability retention. So the file is not deleted even if the retention is over, the file is deleted when the immutability period is over. Note that immutable backup files can’t be deleted manually.
Backup copy jobs it is necessary to set up GFS retention policy. Without this retention policy, you can’t use the immutability. The immutability feature, require to select forward incremental with active full or synthetic full backup when the job is created. The Veeam Data Mover Service used by Hardened repository requires the Linux host 64 bits.
Create xfs volume
Check if the disk is been configred on the Linux server by running the following command. With this command you can verify if all data disk has been attached.
/sbin/fdisk -l
The XFS volume is created with the data volume (not partitionned for now). Run the following command to install xfs module on the Debian Server.
apt-get update
apt-get upgrade
apt-get install xfsprogs
The XFS volume is created with the data volume (not partitionned for now). Run the following command to create partition. Replace /dev/sdb on the following command by your desired disk (exemple : /dev/sdc if you have multiple disk on the server.
/usr/sbin/mkfs.xfs -b size=4096 -m reflink=1,crc=1 /dev/sdb
Create folder in MNT. This folder is used for mount volume. The following command is used, you can replace production by another name.
mkdir /production
Copy the original fstab file. This copy permit to retrieve original configuration if it’s needed. Run the following command to copy the file
cp /etc/fstab /etc/fstab.bak
Run the command /sbin/blkid >> /etc/fstab to add UUID of the xfs volume in fstab file. This command permit to mount volume after that the server is restarted.
Edit the fstab file with nano and modify the line sdb. Delete the line for the line sda1 and sda5.
Save the modification and run the command mount -a to validate there is no errors. You can use df -h to verify the volume.
Configure permission
The user account used for the backup must own the directory and have the appropriate permissions. Run the following command to configure owner of the directory. User account must be the owner. Replace nicolas by your user account.
chown -R nicolas /production
Configure permission on the directory with the following command. Replace the directory name by your directory.
chmod 700 /production
The linux server is now been configured.
Add new repository
A new repositories can now been configured. From the Veeam console, click on Backup Infrastructure then select Backup Repositories. Click on Add Repository in the ribbon.
Click on Direct attached storage in the window that appears.
Click on Linux for lauch the wizard.
Enter the name of the repository and click on Next
Click on Add New to the linux server.
A new wizard appears, enter the server name and click Next.
Click on Add to add new credential. In the list, select Single-use credential for Hardened repository.
Enter the username and password of the user account then check Use “su” if “sudo” fails. Enter the password of the root account.
Credential is now configured.
Click on Next then on Apply to finish to add the server. Click on Populate, the paths appear.
Click on Browse then select the repository previously created. Click on Populate to verify the capacity and the Free space. Check Use fast cloning on XFS volumes and Make recent backups immuatable for. Configure the number of the days that you want protect your backup job
Validate the following windows and then proceed with the creation of the new repository.
The repository appear and can be used for the Veeam Backup Job.