-
- Service Provider
- Posts: 254
- Liked: 35 times
- Joined: Jun 30, 2015 9:13 am
- Full Name: Stephan Lang
- Location: Austria
- Contact:
re-enable the usage of immutable option for non-hardened linux repos
hi, this is kinda ah feature request or better said ah step backwards-request...
in V11 it was possible to have immutable option enabled on ah repository even when the linux host wasn't added with "single-use" credentials...
there where ah warning/information popup that its highly recommended to have the linux repo added with single-use credentials but you could just still use it with normal credentials too!!
with V12 this "hole" has been fixed as you can only enable immutable when you've added as hardened linux repositorys, that in turn only allows single-used linux hosts.
i understand that enabling immuteable with non single-use credentials in use isn't as secure as it might can be with ah correctly hardened linux implementation BUT now its even worse, let me explain:
as if for some reason its simply not possible to have ah single-use linux server, as for example these servers are also used as directSAN Backup Proxy that its impossible
not if you've an Enterprise Manager, with restore operator roles, the restore operators could un-intentionally delete backups? sure they should know what they are dooing but with the V11 configuration this was somewhat ah safenet you still had in place for human error...
i feel that this configuration has still its justification and in V12 this has been taken away.
btw. i didn't tested what happens with such configuration while V12 update... might do this in ah few days but i expect some issues, V12 Update block propably?
in V11 it was possible to have immutable option enabled on ah repository even when the linux host wasn't added with "single-use" credentials...
there where ah warning/information popup that its highly recommended to have the linux repo added with single-use credentials but you could just still use it with normal credentials too!!
with V12 this "hole" has been fixed as you can only enable immutable when you've added as hardened linux repositorys, that in turn only allows single-used linux hosts.
i understand that enabling immuteable with non single-use credentials in use isn't as secure as it might can be with ah correctly hardened linux implementation BUT now its even worse, let me explain:
as if for some reason its simply not possible to have ah single-use linux server, as for example these servers are also used as directSAN Backup Proxy that its impossible
not if you've an Enterprise Manager, with restore operator roles, the restore operators could un-intentionally delete backups? sure they should know what they are dooing but with the V11 configuration this was somewhat ah safenet you still had in place for human error...
i feel that this configuration has still its justification and in V12 this has been taken away.
btw. i didn't tested what happens with such configuration while V12 update... might do this in ah few days but i expect some issues, V12 Update block propably?
-
- Chief Product Officer
- Posts: 31561
- Liked: 6725 times
- Joined: Jan 01, 2006 1:01 am
- Location: Baar, Switzerland
- Contact:
Re: re-enable the usage of immutable option for non-hardened linux repos
In general I agree with you, however I would not call such configuration with the word "immutable" and rather something along "protect against accidental deletion" lines. @Egor Yakovlev could we look at enabling this back?
-
- Service Provider
- Posts: 254
- Liked: 35 times
- Joined: Jun 30, 2015 9:13 am
- Full Name: Stephan Lang
- Location: Austria
- Contact:
Re: re-enable the usage of immutable option for non-hardened linux repos
Gladly this can be renamed!
And thx for seeing the need for this too, it's just ah missed opportunity now to can have this enabled, as it might just be another small block for security and governance. ..
I did some tests btw, having "immutable" files on the not immutable repo, in the VM-Backup points window it still recognize them as immutable! So file Attribute is read correctly, i even thought of having ah manual script but honestly this should be necessary even more if there is ah missconfig between the "retention" times it just is ah potential issue again someone might run into ....
And thx for seeing the need for this too, it's just ah missed opportunity now to can have this enabled, as it might just be another small block for security and governance. ..
I did some tests btw, having "immutable" files on the not immutable repo, in the VM-Backup points window it still recognize them as immutable! So file Attribute is read correctly, i even thought of having ah manual script but honestly this should be necessary even more if there is ah missconfig between the "retention" times it just is ah potential issue again someone might run into ....
-
- Veeam Software
- Posts: 2537
- Liked: 683 times
- Joined: Jun 14, 2013 9:30 am
- Full Name: Egor Yakovlev
- Location: Prague, Czech Republic
- Contact:
Re: re-enable the usage of immutable option for non-hardened linux repos
I will have a discussion with the teams.
/Thanks!
/Thanks!
-
- Product Manager
- Posts: 14322
- Liked: 2890 times
- Joined: Sep 01, 2014 11:46 am
- Full Name: Hannes Kasparick
- Location: Austria
- Contact:
Re: re-enable the usage of immutable option for non-hardened linux repos
Hello,
Having a direct SAN proxy or tape server on a Hardened Repository is a valid feature request. Both roles require root permissions to run (NBD proxy not, that's why we allow it in V12).
Best regards,
Hannes
did you see that or is it a question? restore operators can restore. not delete. As far as I see, you might not need Hardened Repository for your use-casethe restore operators could un-intentionally delete backups?
Additional to normal credentials, this also requires root. Root is impossible for V12 Hardened Repository and the upgrade is blocked, yes. https://www.veeam.com/kb4348 has details.also used as directSAN Backup Proxy
Having a direct SAN proxy or tape server on a Hardened Repository is a valid feature request. Both roles require root permissions to run (NBD proxy not, that's why we allow it in V12).
Best regards,
Hannes
-
- Service Provider
- Posts: 254
- Liked: 35 times
- Joined: Jun 30, 2015 9:13 am
- Full Name: Stephan Lang
- Location: Austria
- Contact:
Re: re-enable the usage of immutable option for non-hardened linux repos
hi,
i'm testing the update procedure right now, setup has ah check nice!
also the KB is nice...
https://www.veeam.com/kb4348
with my "insecure" configration there could still be ah problem now... when veeam changes this to single-use it might break configuration where the customers uses exactly what i described above (directsan, etc..)
i'm testing the update procedure right now, setup has ah check nice!
also the KB is nice...
https://www.veeam.com/kb4348
with my "insecure" configration there could still be ah problem now... when veeam changes this to single-use it might break configuration where the customers uses exactly what i described above (directsan, etc..)
-
- Product Manager
- Posts: 14322
- Liked: 2890 times
- Joined: Sep 01, 2014 11:46 am
- Full Name: Hannes Kasparick
- Location: Austria
- Contact:
Re: re-enable the usage of immutable option for non-hardened linux repos
it will break when you apply KB4348, because direct SAN proxy does not work with reduced permissions.
That design is not upgradeable and need to be fixed before upgrade.
That design is not upgradeable and need to be fixed before upgrade.
-
- Influencer
- Posts: 15
- Liked: 1 time
- Joined: Jul 28, 2020 11:35 am
- Full Name: Freddy Neuhaus
- Contact:
Re: re-enable the usage of immutable option for non-hardened linux repos
Hi
Any news regarding SANDirect-Proxy and TapeServer on hardened Repo
Best regards
Freddy
Any news regarding SANDirect-Proxy and TapeServer on hardened Repo
Best regards
Freddy
-
- Product Manager
- Posts: 14322
- Liked: 2890 times
- Joined: Sep 01, 2014 11:46 am
- Full Name: Hannes Kasparick
- Location: Austria
- Contact:
Re: re-enable the usage of immutable option for non-hardened linux repos
Hello,
Best regards,
Hannes
not in foreseeable future because of the root permissions required for that. We want to make (keep) it as secure as possible.Any news regarding SANDirect-Proxy and TapeServer on hardened Repo
Best regards,
Hannes
-
- Chief Product Officer
- Posts: 31561
- Liked: 6725 times
- Joined: Jan 01, 2006 1:01 am
- Location: Baar, Switzerland
- Contact:
Re: re-enable the usage of immutable option for non-hardened linux repos
Any service running under root dramatically increases attack surface...
-
- Service Provider
- Posts: 254
- Liked: 35 times
- Joined: Jun 30, 2015 9:13 am
- Full Name: Stephan Lang
- Location: Austria
- Contact:
-
- Chief Product Officer
- Posts: 31561
- Liked: 6725 times
- Joined: Jan 01, 2006 1:01 am
- Location: Baar, Switzerland
- Contact:
Re: re-enable the usage of immutable option for non-hardened linux repos
No, except for support for VMware Backup proxy in NBD transport mode, which is the only transport mode that does not require root privileges to function.
-
- Enthusiast
- Posts: 75
- Liked: 2 times
- Joined: Dec 24, 2022 5:19 am
- Full Name: Hirosh Arya
- Contact:
Re: re-enable the usage of immutable option for non-hardened linux repos
@Gostev @HannesK
were there any update regarding this issue, so we can utilize Hardened repository & direct SAN Proxy mode without compromising Security?
regards,
Ledwan.
were there any update regarding this issue, so we can utilize Hardened repository & direct SAN Proxy mode without compromising Security?
regards,
Ledwan.
-
- Product Manager
- Posts: 8735
- Liked: 2294 times
- Joined: May 13, 2017 4:51 pm
- Full Name: Fabian K.
- Location: Switzerland
- Contact:
Re: re-enable the usage of immutable option for non-hardened linux repos
Hi Ledwan
No.
Please see the answer from Gostev 3 days ago.
Best,
Fabian
No.
Please see the answer from Gostev 3 days ago.
Best,
Fabian
Product Management Analyst @ Veeam Software
Who is online
Users browsing this forum: No registered users and 112 guests