Hardened Repository
The Hardened backup repository is a backup repository who contain an option for immutability. This feature permit to protect data against data loss due to malware. Indeed, deletion of data is temporarily prohibiting. Note that only Linux backup repository provices the immutability option.
Job type supported
The immutability option can be enable only for this job :
- Backup jobs and backup copy jobs (VMware, Hyper-V, Windows, Linux, MAC OS, AIX and Solaris)
- Backup copy jobs from external repositories (Veeam Backup for Azure, AWS and Google)
- Veeam Agent backup
- Standalone full backup
- vCloud Director
- VeeamZIP backup
- Nutanix AHV
Limitations
The job retention is overrides by the Immutability retention. So the file is not deleted even if the retention is over, the file is deleted when the immutability period is over. Note that immutable backup files can’t be deleted manually.
Backup copy jobs it is necessary to set up GFS retention policy. Without this retention policy, you can’t use the immutability. The immutability feature, require to select forward incremental with active full or synthetic full backup when the job is created. The Veeam Data Mover Service used by Hardened repository requires the Linux host 64 bits.
Create folder for the hardened repository
From the Linux server, create the folder with the following command. The Backup folder is created in the root.
sudo mkdir /Backup
The folder has been created. Assign the folder’s owner. Replace nicolas by your user.
sudo chown -R nicolas /Backup
You can grant access to the file only to the owner with the following command.
sudo chmod 700 /Backup
Create Backup Repository
From the Veeam server, open the Backup Infrastructure view and select Backup Repositories. In the ribbon click on Add Repository.
Select Direct attached storage in the wizard.
Click on Linux on the wizard.
Enter the name of the repository and click on Next. You can enter description if you want.
Click on Add New for add new Repository server.
Enter DNS name or IP address of the Linux Server.
Select the credential in the drop-down list or click on Add to add a new credential. Select Single-use credentials for hardened repository.
Configure credential and click on Ok.
Credential has been added. Click on Next.
The component Transport will be installed. Click on Apply.
Click on Finish when it’s finished.
The server is present in the drop-down list. Click on Next.
With the Browse select the folder previously created and click on Populate. Check Use fast cloning on XFS volumes and Make recent backups immutable for. Configure the desired number of days
Select the desired mount server and click on Next.
Click on Apply for launch Backup Repository Backup.
The backup repository appear on Veeam console.
Veeam Backup job
My backup job is started. He used linux repository previously created.
When the job is finished, run the following command on the the folder who the Backup job file is present. Immutable attribute has set.
lsattr -l
I try to delete backup file with my user and with sudo, I can’t delete file. An error message appear : unauthorized operation