In Veeam B&R v11, Veeam introduced the ability to build your own immutable (Veeam Immutable Backup), hardened backup repositories on Linux. In the upcoming Veeam Availability Suite v12 release, Veeam announced some new features. Here’s a blog post about Linux permissions management in v12.
Manage Linux Without SSH And SUDO:
- -Physical, VMware & Hyper-V,
- -Application processing and agent management,
- -No sudo requirements after installation,
- -SSH required for deployment,
- -Future: standalone deployment option as in Windows today.
Veeam still uses ports 2500-3300 per default for backup.
Single-use credentials are required. That stops insecure configurations that were possible in the past.
Dedicated repository type:
Single-use credentials required Immutability cannot be “unchecked:
Massively Simplified Upgrades => No SSH/credentials are needed anymore.
Other Linux improvements:
-Linux proxy: Backup from Storage Snapshots for NFS,
-CDP proxy on Linux,
-Tape server on Linux.
Hardened Repository Immutability Support (v12 overview):
To better protect backup data, you should follow some guidelines to enforce security:
- -Although persistent credentials can be used, is recommended the use the new Single-use credentials for the hardened repositories during the deployment to avoid storing the credentials in Veeam B&R,
- –SSH should be disabled,
- -Time should be synced with a reliable NTP Server to avoid time changes from a potential attacker. Time changes could alter the Immutability retention,
- –iDRAC, iLO or other remote management solutions to the repository should be disabled or hardened.
Hardened Repository in Veeam v12: Blog Post
Wasabi Object Storage Usage with Veeam B&R v12: Blog Post
VeeaMover in v12: Blog Post
Ransomware & Cybersecurity with Veeam v12: Blog Post
Why backup directly to Object Storage? Blog Post
Veeam B&R v12 New Features Overview: Blog Post
[REPLAY] Webinar Veeam v12 and Wasabi: Replay
Protect your data with Veeam and Wasabi: Blog post
Wasabi – Object Lock feature spotlight: Blog post
Veeam and the S3-compatible object storage solutions: Blog Post
[PODCAST] Veeam User Group France #1: Record
Conti initiates their attacks on Backup: Blog Post
Backup with Trusted Repository Storage: Blog Post.
Protect your Backup against Ransomware: Blog Post.