Data protection, Kubernetes, cybersecurity and AI. Hands-on guides from the trenches: Veeam, Kasten, VMware, Oracle, cloud, and whatever I’m breaking in the homelab this week.
Table of ContentsTable of Contents
Tremendous news with the release of version 11 of Veeam Availability Suite containing over 200 enhancements, CDP Snapshotless Replication, Instant Recovery for NAS / Databases and also Veeam Hardened Repository. In this post we will focus on the installation, configuration in detail of this new type of repository that will allow us to keep our backups immutable!
Where we can see all the requirements for this feature where one of the most important is that the backup jobs should use Forward Incremental with Full or Synthetic backups for the correct operation of immutability.
After reading the documentation we move on to the base installation of a Linux Ubuntu 20.04 LTS and after finishing, we connect via SSH and perform the operating system update:
sudo apt-get update -y
sudo apt-get upgrade -y
```json
After the update, we will shut down the Linux server with the command:
```bash
sudo poweroff
```bash
In my case, being a virtual machine, I will add a disk of the necessary size to use it as a repository, therefore, we edit the VM configuration and add a disk (for this LAB I will add a 2 TB disk) and then we turn on the machine :
## Veeam Repos ManagerAgain we connect via SSH and in this case we will use a great tool, Veeam Repo Manager, to further facilitate the configuration of the immutable repository of Veeam, which can be found on the Github of Timothy Dewin, Solutions Architect at Veeam:
https://github.com/tdewin/veeamhubrepo
This tool allows us to visually configure all the requirements to achieve the correct configuration of the repository, therefore, we will proceed to install it.
## Installation and configurationSince we are connected via SSH to the Ubuntu 20.04 LTS Linux server and we also added a disk to store the backups, we must execute the following:
```bash
sudo wget -O ./veeamhubrepo.deb https://github.com/tdewin/veeamhubrepo/releases/download/v0.3.1/veeamhubrepo_noarch.deb
sudo apt-get install ./veeamhubrepo.deb
sudo veeamhubrepo
```bash
And with the last command we run “sudo veeamhubrepo ” will show us the wizard of this tool:
Where we will select"Yes" by pressing "Enter" and then enter the username that will have the momentary privileges to use immutability, by default it is "veeamrepo”, if you want to change it, do it according to your user nomenclature, if not, leave it as default:
Then we select "OK" to indicate that the user does not exist and confirm its creation:
We select “Yes” and enter the password for this user:
Then it will confirm that the user was created and we select "OK" so that we can go to the configuration of the partition of the added disk:
In this LAB I need to select the disk number "3" which we additionally add 2 TB, moving with the keyboard arrows and then press "Enter", in your case you must select the disk that you added:
We confirm the selection and then “OK”
After confirming and applying the changes, it will indicate in which path or path the disk will be mounted:
If you want to change the path or route it is possible to edit it, in our case we will leave it by default in /backups/repo001 and we will select “OK” to confirm the creation and mounting:
After the configuration of the disk where the backups with immutability characteristics will be stored, there is a very important part to configure the time and time zone and we select “Yes”:
In my case I will select:
```text
/usr/share/zoneinfo/Chile/Continental
```json
Selecting and pressing Enter on “OK” will confirm the configuration:
Then when selecting "OK" it will ask us for our NTP service, which can be local or via the internet
Then it will show us if we want to update
At the end you will lose connection with the server, so we will connect through the vCenter Web console and execute the command:
```bash
sudo veeamhubrepo
Since Veeam Backup & Replication, we will add the repository:
And as we see in the previous image we will select “Single-use credentials for hardened repository…” in we enter the credentials
Then we click on “Next” and confirm:
To finish viewing the configuration summary:
While setting from Veeam Backup & Replication the Repo Manager utility detects the process of Veeam
And then we continue with the repository configuration by selecting the partition to host the backups
And here is the most important part for this type of repository, this tool configures the partition with XFS enabling reflink to take advantage of the features when we perform Synthetic Full for example and also enable the option to make backups immutable for any number of days necessary, default is 7 days:
This is where the magic appears, as you can see in the previous image
Then we release a new backup to the new Hardened Linux Repository
Since we have a backup in the repository and we previously enabled immutability in the repository, we will check if it is possible to delete backups, so in Veeam Backup Server, we will go to the backup and delete the file:
After confirming the deletion, the operation status window appears where we will observe that it is NOT possible to delete the backup file and also indicates the day (03/03/2021 20:02) when this immutability is deactivated, since it we enable for 7 days:
Even if you access the server you will not be able to delete the file since it has the advanced parameter +i that even root cannot delete.
I know what you are thinking right now, and if root removes the +i parameter, and delete, if possible, the important thing here is that the credentials of this server and the access methods are totally restricted so that from the network no the backup files are reached and deleted by some malicious agent.
In addition, this solution maintains a daemon on the linux server to use the immutability logic and make changes according to the days of immutability that you have configured.
With this we finish this post in detail for the immutability configuration with the new type of repository for Veeam Backup & Replication called Linux Hardened Repository.
