GMSAs with hardened/immutable repo?

[burnsja]

Will the hardened/immutable storage repo, hosted on a Linux server, work with Active Directory Group-Managed Service Accounts (GMSA)?

We had been planning to move to GMSA accounts on the main Veeam B&R server's Veeam services. We have not implemented it yet. Our management is pushing for use to set up the hardened repo to get set up as a top priority, I need to know if using GMSA objects for the services' logon account on the Veeam Backup and Recovery console server (running Windows) is supported and will work with a hardened/immutable Veeam repo?

I know there was a feature request post on the Veeam R&D forums originating in April, 2020 asking if GMSA could be integrated into Veeam Backup & Recovery (VBR) console. The gist of that conversation was that GMSA is technically not supported by Veeam, but does work *if* you plug the GMSA into the Windows services *after* the initial installation of Veeam. In other words, VBR can't do the install with a GMSA, but can function with GMSAs after that. This was tested out successfully by Gostev.

Now I am wanting to know if that can work but also with a hardened/immutable repo on Linux. The VBR on Windows with GMSAs in the services and reaching over to the Linux repo.

Additional background: we already implemented GMSA accounts on the Veeam SQL database hosts and that works well.

[Gostev]

This does not apply to the hardened repository in principle. Unlike other Veeam components, hardened repository does not require storing credentials or using service accounts for reaching over to it. You only provide the credentials once and interactively when you deploy the hardened repository, which is why they are called "single-use credentials" in the UI.