Hardened Repository

Hardened Repository

Comments 0 Comment
Hardened Repository

The Hardened backup repository is a backup repository who contain an option for immutability. This feature permit to protect data against data loss due to malware. Indeed, deletion of data is temporarily prohibiting. Note that only Linux backup repository provices the immutability option.

Job type supported

The immutability option can be enable only for this job :

  • Backup jobs and backup copy jobs (VMware, Hyper-V, Windows, Linux, MAC OS, AIX and Solaris)
  • Backup copy jobs from external repositories (Veeam Backup for Azure, AWS and Google)
  • Veeam Agent backup
  • Standalone full backup
  • vCloud Director
  • VeeamZIP backup
  • Nutanix AHV

Limitations

The job retention is overrides by the Immutability retention. So the file is not deleted even if the retention is over, the file is deleted when the immutability period is over. Note that immutable backup files can’t be deleted manually.

Backup copy jobs it is necessary to set up GFS retention policy. Without this retention policy, you can’t use the immutability. The immutability feature, require to select forward incremental with active full or synthetic full backup when the job is created. The Veeam Data Mover Service used by Hardened repository requires the Linux host 64 bits.

Create folder for the hardened repository

From the Linux server, create the folder with the following command. The Backup folder is created in the root.

sudo mkdir /Backup
Hardened Repository - Create folder

The folder has been created. Assign the folder’s owner. Replace nicolas by your user.

sudo chown -R nicolas /Backup
Hardened Repository - Configure folder for backup

You can grant access to the file only to the owner with the following command.

sudo chmod 700 /Backup
Hardened Repository - Configure folder for backup

Create Backup Repository

From the Veeam server, open the Backup Infrastructure view and select Backup Repositories. In the ribbon click on Add Repository.

Create Backup Repositories

Select Direct attached storage in the wizard.

Hardened Repository - Add new repositories

Click on Linux on the wizard.

Hardened Repository - Select Linux repositories

Enter the name of the repository and click on Next. You can enter description if you want.

Enter the name of the repository

Click on Add New for add new Repository server.

Add New Backup Server

Enter DNS name or IP address of the Linux Server.

Enter IP Address

Select the credential in the drop-down list or click on Add to add a new credential. Select Single-use credentials for hardened repository.

Add server name and credential for Linux repository

Configure credential and click on Ok.

Enter credential information

Credential has been added. Click on Next.

credential has been added

The component Transport will be installed. Click on Apply.

Transport will be installed

Click on Finish when it’s finished.

add backup server

The server is present in the drop-down list. Click on Next.

server has been added

With the Browse select the folder previously created and click on Populate. Check Use fast cloning on XFS volumes and Make recent backups immutable for. Configure the desired number of days

Configure Backup repositories

Select the desired mount server and click on Next.

configure mount server

Click on Apply for launch Backup Repository Backup.

Backup Repository is created

The backup repository appear on Veeam console.

Backup repositories appear on Veeam console.

Veeam Backup job

My backup job is started. He used linux repository previously created.

Job has started

When the job is finished, run the following command on the the folder who the Backup job file is present. Immutable attribute has set.

lsattr -l
Immutable attribute has set

I try to delete backup file with my user and with sudo, I can’t delete file. An error message appear : unauthorized operation

Delete file is not possible

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.