It’s been a few weeks since I returned from the most excellent Veeam 100 summit, this time in Berlin! I’m lucky enough to have been a Veeam Vanguard since 2021, and this was the first time the summit happened in Berlin. The last time I was in Berlin was at least 15 years ago.
In this post I am not going to sum up the summit directly; There are some blog post from fellow Veeam Vanguards and Legends I link at the end of the post. Instead, I want to focus on the new version of Veeam Hardened Repository (VHR), that was introduced during the summit.
I have set up VHR in my home lab before, and decided to load the ISO directly into the home lab from Berlin, because….why not;-)
One big change is that VHR is becoming official…like production official. VHR will be supported by Veeam, so you can open a support case if you run into issues. Here is the statement from Anton Gostev, Chief Product Officer at Veeam.
“Support This build is now a subject to Veeam Experimental Support. This means this build is officially supported for use in production environments and in case of issues you can open support cases directly with our Customer Support, just with no SLA guarantees. Please do feel free to keep sharing your feedback and experiences directly in this forum thread, but also help us build Support expertise with this new offering by opening support cases for all technical issues.” (Link)
For someone who works in a highly regulated and audited industry, I’m especially happy about the support statement. So without much further ado, let’s set it up in the home lab…
First things first, make sure you run Veeam Backup & Replication 12.2 or later. You will need a:
- Physical server or virtual machine on RHEL compatibility list with at least 2 disks of at least 100GB each.
- or a VM, but be aware: Using a VM is not recommended due to vastly increased attack surface (hypervisor) and inability to access backups in case of a hypervisor host outage.
For the home lab a VM is fine. Load the OVA found in the Customer Portal or trial downloads on Veeam’s web site. In there, click Additional Downloads > Extensions and Other > Veeam Hardened Repository ISO
Import the ova and start it up. The first boot should look like this:
Once it comes up, you will be greeted with a pretty nice looking setup screen!
Pay attention to the items marked with an exclamation point, this needs to be completed. Set up network:
And don’t forget timezone and NTP settings. In this version (this should change in future releases), you can go into destination settings, but there is nothing to do other than to hit return.
Once it’s all completed, the installation continues.
After one more reboot, we need to change the password.
This is a secure setup, so DISA STIG security templates have already been applied, so pay extra attention to the minimum requirements (I didn’t at first, and it took a moment to create a good password)
After login (user is vhradmin), we see the main menu. This is also a big improvement from previous versions and makes it easier to administrate this repository
We can also start ssh from there. We will need this on for our initial setup on the Veeam R&B side.
So let’s turn on SSH and head over to our VB&R to add the repo to Veeam!
Start the Wizard for new, direct attached storage. Look, there is even a button for VHR 😉
When adding the new Linux Server, we will have to provide one time SSH credentials:
After adding the server and installing the necessary services, we are ready to populate the directories
Choose /mnt/YourNAME
Important to check Use fast cloning on XFS volumes and set immutable to your liking.
Finish the wizard and our brand new, immutable repo has been added.
Don’t forget to disable SSH on our VHR, it’s not needed anymore.
Doing a test run to our new repo:
So, let’s test if it is really immutable!
Yep, unable to delete, just as it should be.
The entire setup really doesn’t take that long, and you end up with immutable storage. I found the new setup interface really easy to use and can recommend this for anyone looking to protect your backups from ransomware. Just make sure to use a physical server to lower the attack vector.
As I mentioned before, for those looking for a recap of the Veeam 100 Summit, I’ve linked some posts below:
Chris Childerhose – Veeam 100 Summit Recap – Berlin 2024
Luciano Patrao – Reconnecting and Reflecting: Veeam Vanguard Summit in Berlin 2024
Al Rasheed – Recap of the 2024 Veeam 100 Summit
Lastly, here are some pictures from Berlin and the summit, as I did on last year’s blog post.
Thanks again to Veeam and the entire team to make this all possible for us!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
2 Replies to “Veeam 100 Summit and Hardened Repository with immutability”