Hardened Repository

Hardened Repository

HARDENED REPOSITORY

The Hardened backup repository is a backup repository who contain an option for immutability. This feature permit to protect data against data loss due to malware. Indeed, deletion of data is temporarily prohibiting. Note that only Linux backup repository provices the immutability option.

Job type supported

The immutability option can be enable only for this job :

  • Backup jobs and backup copy jobs (VMware, Hyper-V, Windows, Linux, MAC OS, AIX and Solaris)
  • Backup copy jobs from external repositories (Veeam Backup for Azure, AWS and Google)
  • Veeam Agent backup
  • Standalone full backup
  • vCloud Director
  • VeeamZIP backup
  • Nutanix AHV

Limitations

The job retention is overrides by the Immutability retention. So the file is not deleted even if the retention is over, the file is deleted when the immutability period is over. Note that immutable backup files can’t be deleted manually.

Backup copy jobs it is necessary to set up GFS retention policy. Without this retention policy, you can’t use the immutability. The immutability feature, require to select forward incremental with active full or synthetic full backup when the job is created. The Veeam Data Mover Service used by Hardened repository requires the Linux host 64 bits.

Create xfs volume

Check if the disk is been configred on the Linux server by running the following command. With this command you can verify if all data disk has been attached.

/sbin/fdisk -l
HARDENED REPOSITORY Veeam - Verify the disk on the server

The XFS volume is created with the data volume (not partitionned for now). Run the following command to install xfs module on the Debian Server.

apt-get update
apt-get upgrade
apt-get install xfsprogs
Upgrade source debian with mirror apt-get update upgrade and install

The XFS volume is created with the data volume (not partitionned for now). Run the following command to create partition. Replace /dev/sdb on the following command by your desired disk (exemple : /dev/sdc if you have multiple disk on the server.

/usr/sbin/mkfs.xfs -b size=4096 -m reflink=1,crc=1 /dev/sdb
Create XFS volume

Create folder in MNT. This folder is used for mount volume. The following command is used, you can replace production by another name.

mkdir /production
Create folder to mount volume

Copy the original fstab file. This copy permit to retrieve original configuration if it’s needed. Run the following command to copy the file

cp /etc/fstab /etc/fstab.bak
Copy fstab file

Run the command /sbin/blkid >> /etc/fstab to add UUID of the xfs volume in fstab file. This command permit to mount volume after that the server is restarted.

add UUID of the xfs volume

Edit the fstab file with nano and modify the line sdb. Delete the line for the line sda1 and sda5.

modify fstab file

Save the modification and run the command mount -a to validate there is no errors. You can use df -h to verify the volume.

Verify configuration with mount -a command

Configure permission

The user account used for the backup must own the directory and have the appropriate permissions. Run the following command to configure owner of the directory. User account must be the owner. Replace nicolas by your user account.

chown -R nicolas /production
Configure owner of the directory

Configure permission on the directory with the following command. Replace the directory name by your directory.

chmod 700 /production
Configure permission on the directory

The linux server is now been configured.

Add new repository

A new repositories can now been configured. From the Veeam console, click on Backup Infrastructure then select Backup Repositories. Click on Add Repository in the ribbon.

Add new repositorie in Veeam console

Click on Direct attached storage in the window that appears.

Select directo attached storage

Click on Linux for lauch the wizard.

Select Linux in the list

Enter the name of the repository and click on Next

Enter the name of the repository

Click on Add New to the linux server.

Add new linux server on Veeam Infrastructruee

A new wizard appears, enter the server name and click Next.

Enter the name of the server

Click on Add to add new credential. In the list, select Single-use credential for Hardened repository.

Select Single-use credential for hardened repository

Enter the username and password of the user account then check Use “su” if “sudo” fails. Enter the password of the root account.

Configure account for hardened repository

Credential is now configured.

Credential is been configured

Click on Next then on Apply to finish to add the server. Click on Populate, the paths appear.

The path appear

Click on Browse then select the repository previously created. Click on Populate to verify the capacity and the Free space. Check Use fast cloning on XFS volumes and Make recent backups immuatable for. Configure the number of the days that you want protect your backup job

Configure option for the repository

Validate the following windows and then proceed with the creation of the new repository.

launch creation of the repository

The repository appear and can be used for the Veeam Backup Job.

The repository appear and can be used for the Veeam Backup Job.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.