Hello,
In version 12 how we can enable Immutable or offline (air gapped) media?
-
handian.sudianto
- Expert
- Posts: 101
- Liked: 1 time
- Joined: Jan 13, 2023 9:02 am
- Full Name: Handian
- Contact:
-
Mildur
- Product Manager
- Posts: 8735
- Liked: 2296 times
- Joined: May 13, 2017 4:51 pm
- Full Name: Fabian K.
- Location: Switzerland
- Contact:
Re: Immutable or offline (air gapped) media should be used
Hi Handian
You have different options:
- Use Tape --> Air Gapped if you remove the tape from the drive
- Use USB hard drive --> Air Gapped if you disconnect it from your backups server
- Use Object Storage with Object Lock --> Immutable
- Use Hardened Repository --> Immutable
- Use a Cloud Connect Service Provider --> Recycle Bin, Service Provider can restore your backups for a specific amount of time
For which option do you need more information?
Best,
Fabian
You have different options:
- Use Tape --> Air Gapped if you remove the tape from the drive
- Use USB hard drive --> Air Gapped if you disconnect it from your backups server
- Use Object Storage with Object Lock --> Immutable
- Use Hardened Repository --> Immutable
- Use a Cloud Connect Service Provider --> Recycle Bin, Service Provider can restore your backups for a specific amount of time
For which option do you need more information?
Best,
Fabian
Product Management Analyst @ Veeam Software
-
handian.sudianto
- Expert
- Posts: 101
- Liked: 1 time
- Joined: Jan 13, 2023 9:02 am
- Full Name: Handian
- Contact:
Re: Immutable or offline (air gapped) media should be used
Hi Fabrian,
Currently we backup to the SAN, so what option should i choose?
Currently we backup to the SAN, so what option should i choose?
-
Mildur
- Product Manager
- Posts: 8735
- Liked: 2296 times
- Joined: May 13, 2017 4:51 pm
- Full Name: Fabian K.
- Location: Switzerland
- Contact:
Re: Immutable or offline (air gapped) media should be used
Hi Handian
I assume, the SAN is your primary backup target? How is it connected or used with Veeam? Do you want to make backups immutable on this SAN?
In case the SAN is your only copy, I recommend to invest in a secondary immutable repository. What option you choose, depends on your budget, internal knowledge and backup strategy of your organization. Myself would probably choose in this order if I want to manage my backup myself:
1.) Buy a new physical machine with locally attached disks and use it as a hardened repository.
2.) If you don't have any experience on Linux, go with Object Storage. Object Storage can be a On-Premise appliance or a Cloud Service like Wasabi, AWS or Azure. There are many more. Please see our Veeam Ready List:
https://www.veeam.com/alliance-partner- ... ble&page=1
3.) Tape can be an alternative, but you have to operate it on a daily/weekly basis. Tapes must be removed from the tape Drive and transported to a different location for best protection.
Don't use USB hard drives. It works, but it's not really reliable. It's a "cheap" solution.
Best,
Fabian
I assume, the SAN is your primary backup target? How is it connected or used with Veeam? Do you want to make backups immutable on this SAN?
In case the SAN is your only copy, I recommend to invest in a secondary immutable repository. What option you choose, depends on your budget, internal knowledge and backup strategy of your organization. Myself would probably choose in this order if I want to manage my backup myself:
1.) Buy a new physical machine with locally attached disks and use it as a hardened repository.
2.) If you don't have any experience on Linux, go with Object Storage. Object Storage can be a On-Premise appliance or a Cloud Service like Wasabi, AWS or Azure. There are many more. Please see our Veeam Ready List:
https://www.veeam.com/alliance-partner- ... ble&page=1
3.) Tape can be an alternative, but you have to operate it on a daily/weekly basis. Tapes must be removed from the tape Drive and transported to a different location for best protection.
Don't use USB hard drives. It works, but it's not really reliable. It's a "cheap" solution.
Best,
Fabian
Product Management Analyst @ Veeam Software
-
handian.sudianto
- Expert
- Posts: 101
- Liked: 1 time
- Joined: Jan 13, 2023 9:02 am
- Full Name: Handian
- Contact:
Re: Immutable or offline (air gapped) media should be used
HI Fabian,
You are correct, my SAN is for primary backup target. Currently my VEEAM running under VMware and LUN on the SAN attached directly to the Veeam Server as RDM disk. For option number 1, can i know what kind hardening can we used?
You are correct, my SAN is for primary backup target. Currently my VEEAM running under VMware and LUN on the SAN attached directly to the Veeam Server as RDM disk. For option number 1, can i know what kind hardening can we used?
-
Mildur
- Product Manager
- Posts: 8735
- Liked: 2296 times
- Joined: May 13, 2017 4:51 pm
- Full Name: Fabian K.
- Location: Switzerland
- Contact:
Re: Immutable or offline (air gapped) media should be used
Option 1 would be a Linux server used as a Hardened Repository. Veeam uses the immutable flag of a linux file system to store a backup file with a specified retention time. You won't be able to delete those immutable files from within the Veeam console.
We also passed an independent compliance assessment with our Hardened Repository solution.
Veeam Hardened Repository passes independent compliance assessment
https://www.veeam.com/wp-guide-protect- ... ckups.html
A Hardened Repository is added to Veeam with single use credentials. This means, we only need the credentials once to connect to the Linux Server. We will install our transport, immutable and installer service and then change to certificate based authentication.
After that, you must disable SSH and limit access with any other remote management tool.
Backup Files cannot be removed within Veeam. You can only delete those backup files if you gain direct access to the Linux server with superuser permissions (sudo). That's why it is important to disable SSH and limit access any other remote management tool.
I can recommend to have a look at my colleagues Blog series about Hardened Repositories:
1. Selecting Hardware and Setting Up Environment for Veeam Hardened Repository
2. Installing Ubuntu Linux for Veeam Hardened Repository
3. Securing Veeam Hardened Repository Against Remote Time Attacks
Best,
Fabian
We also passed an independent compliance assessment with our Hardened Repository solution.
Veeam Hardened Repository passes independent compliance assessment
https://www.veeam.com/wp-guide-protect- ... ckups.html
A Hardened Repository is added to Veeam with single use credentials. This means, we only need the credentials once to connect to the Linux Server. We will install our transport, immutable and installer service and then change to certificate based authentication.
After that, you must disable SSH and limit access with any other remote management tool.
Backup Files cannot be removed within Veeam. You can only delete those backup files if you gain direct access to the Linux server with superuser permissions (sudo). That's why it is important to disable SSH and limit access any other remote management tool.
I can recommend to have a look at my colleagues Blog series about Hardened Repositories:
1. Selecting Hardware and Setting Up Environment for Veeam Hardened Repository
2. Installing Ubuntu Linux for Veeam Hardened Repository
3. Securing Veeam Hardened Repository Against Remote Time Attacks
Best,
Fabian
Product Management Analyst @ Veeam Software
-
handian.sudianto
- Expert
- Posts: 101
- Liked: 1 time
- Joined: Jan 13, 2023 9:02 am
- Full Name: Handian
- Contact:
Re: Immutable or offline (air gapped) media should be used
HI Fabian,
Is VEEAM support Azure File Share? If yes, can we do immutable for azure?
Is VEEAM support Azure File Share? If yes, can we do immutable for azure?
-
Mildur
- Product Manager
- Posts: 8735
- Liked: 2296 times
- Joined: May 13, 2017 4:51 pm
- Full Name: Fabian K.
- Location: Switzerland
- Contact:
Re: Immutable or offline (air gapped) media should be used
Hi
Supported, but a really bad idea for a backup storage and no immutability support.
You must use Azure Blob if you want immutability and a reliable backup target.
Best,
Fabian
Supported, but a really bad idea for a backup storage and no immutability support.
You must use Azure Blob if you want immutability and a reliable backup target.
Best,
Fabian
Product Management Analyst @ Veeam Software
-
handian.sudianto
- Expert
- Posts: 101
- Liked: 1 time
- Joined: Jan 13, 2023 9:02 am
- Full Name: Handian
- Contact:
Re: Immutable or offline (air gapped) media should be used
HI Fabian,
Can you explain more detail how we can use immutability for azure blob?
Can you explain more detail how we can use immutability for azure blob?
-
Mildur
- Product Manager
- Posts: 8735
- Liked: 2296 times
- Joined: May 13, 2017 4:51 pm
- Full Name: Fabian K.
- Location: Switzerland
- Contact:
Re: Immutable or offline (air gapped) media should be used
Hi Handian
1) Create a new Storage Account Container on Azure with the following settings:
https://www.veeam.com/kb4416
2) Add it to Veeam as Object Storage:
https://helpcenter.veeam.com/docs/backu ... ml?ver=120
3) Enable "Make recent backups immutable for:" in this step:
https://helpcenter.veeam.com/docs/backu ... ml?ver=120
Best,
Fabian
1) Create a new Storage Account Container on Azure with the following settings:
https://www.veeam.com/kb4416
2) Add it to Veeam as Object Storage:
https://helpcenter.veeam.com/docs/backu ... ml?ver=120
3) Enable "Make recent backups immutable for:" in this step:
https://helpcenter.veeam.com/docs/backu ... ml?ver=120
Best,
Fabian
Product Management Analyst @ Veeam Software
Who is online
Users browsing this forum: Semrush [Bot] and 133 guests