In Veeam B&R v11, Veeam introduced the ability to build your own immutable (Veeam Immutable Backup), hardened backup repositories. This can be accomplished using any Linux server with storage and the XFS file system. As a reminder, immutability in this context means, a backup file cannot be changed, altered, or deleted without having root access within the Linux host before the defined timespan has passed. Here’s a blog post about news and changes of Hardened Repository in Veeam B&R v12.
Requirements in v11 :
Pretty simple, all you need is a Linux repository formatted with XFS and VBR v11. Please notice: When using this new feature, the Linux server cannot be used as a backup proxy.
For the Linux distribution, you are free to choose from CentOS 8.2 and 8.3, Debian 10.x, RHEL 8.2 or later, SLES 15 SP2, Ubuntu 18.04 LTS, and 20.04 LTS. XFS with Reflink clone need to be enabled. XFS Reflink achieves the same benefits as ReFS in terms of speed and space consumption also called Fast Clone.
Last but not least, the backup chains must be compatible with immutable files. Because backup files cannot be changed or deleted during the specified period of immutability, the backup chain only can create new files without changing any of the existing ones. In summary only forward incremental with periodic synthetic or active full backup fulfill this requirement. If you use or plan to use a backup copy job, the GFS setting is required.
What’s new in v12?
Single-use credentials are required. That stops insecure configurations that were possible in the past.
Dedicated repository type:
Single-use credentials required Immutability cannot be “unchecked:
Massively Simplified Upgrades => No SSH/credentials are needed anymore.
Hardened Repository Immutability Support:
NBD Proxy On Hardened Repository:
Why? Customers want to use Hardened Repository hardware more efficient.
How? NBD works without root requirements.
Improved Compatibility With Standards:
-Security standards as DISA STIG, NIST 800-171 etc. require umask 077,
-Manual umask settings not needed anymore (KB).
No Perl Needed For Hardened Repository:
Wasabi Object Storage Usage with Veeam B&R v12: Blog Post
VeeaMover in v12: Blog Post
Ransomware & Cybersecurity with Veeam v12: Blog Post
Why backup directly to Object Storage? Blog Post
Veeam B&R v12 New Features Overview: Blog Post
[REPLAY] Webinar Veeam v12 and Wasabi: Replay
Protect your data with Veeam and Wasabi: Blog post
Wasabi – Object Lock feature spotlight: Blog post
Veeam and the S3-compatible object storage solutions: Blog Post
[PODCAST] Veeam User Group France #1: Record
Conti initiates their attacks on Backup: Blog Post
Backup with Trusted Repository Storage: Blog Post.
Protect your Backup against Ransomware: Blog Post.
