Hi I have been running Veeam 12 backups directedly to wasabi for the last 15+ months on a 1Gbps line and so far so good & no major complains
Now I have a new all flash san with plenty of storage. Thinking about setting up a hardened Linux Veeam repository vm and utilizing
this to speed up the wasabi process. Say write backups here first then push to Wasabi soothing likes this - Possible
This repository will sit with the Veeam server which is a VM so it will be faster to transfer
Any advise ?
-
- Enthusiast
- Posts: 58
- Liked: 9 times
- Joined: Jun 01, 2023 11:28 am
- Contact:
-
- Product Manager
- Posts: 10978
- Liked: 3015 times
- Joined: May 13, 2017 4:51 pm
- Full Name: Fabian K.
- Location: Switzerland
- Contact:
Re: local hardened Linux repository to speed up Wasabi backups
Hello TDG
Imagine an attacker gaining root access to the hypervisor, either through leaked credentials or a security vulnerability. With root access, the attacker can reboot your repository VM and reset the root password. From there, they can easily format all mounted disks, even if there are immutable files on them.
The same goes for an attacker with access to the SAN administration UI or Shell—they can simply delete the SAN volume. The SAN does not care about immutable backups.
If the SAN storage is connected as a Datastore to the hypervisor and your Linux VM stores virtual disks on that datastore, it becomes even easier for an attacker to delete the entire VM, resulting in permanent loss of all your immutable backups.
Therefore, we strongly recommend using local machines with locally attached disks for a Hardened Repository.
10Gbit network adapters for your Hypervisor and repository machines should not be expensive anymore.
Fabian
May I ask, is this storage for backup only or shared with production VMs?Now I have a new all flash san with plenty of storage.
This approach is not recommended from a security perspective. A VM, especially one running on the production hypervisor, can be easily compromised.This repository will sit with the Veeam server which is a VM
Imagine an attacker gaining root access to the hypervisor, either through leaked credentials or a security vulnerability. With root access, the attacker can reboot your repository VM and reset the root password. From there, they can easily format all mounted disks, even if there are immutable files on them.
The same goes for an attacker with access to the SAN administration UI or Shell—they can simply delete the SAN volume. The SAN does not care about immutable backups.
If the SAN storage is connected as a Datastore to the hypervisor and your Linux VM stores virtual disks on that datastore, it becomes even easier for an attacker to delete the entire VM, resulting in permanent loss of all your immutable backups.
Therefore, we strongly recommend using local machines with locally attached disks for a Hardened Repository.
Most likely you will not loose any performance if you use a local machines with local disks as are commended.This repository will sit with the Veeam server which is a VM so it will be faster to transfer
10Gbit network adapters for your Hypervisor and repository machines should not be expensive anymore.
Fabian
Product Management Analyst @ Veeam Software
-
- Enthusiast
- Posts: 58
- Liked: 9 times
- Joined: Jun 01, 2023 11:28 am
- Contact:
Re: local hardened Linux repository to speed up Wasabi backups
Hello Fabian
Thanks I will take your advise
and will setup as a separate machine with locally attached storage
This will be cheaper than Object first single node 64TB approx. £25K. Good solution for a non-tech people with $$$
I can easily build one under £6K using HPE or Dell H/W
But remember the SAN people are getting better
https://blog.purestorage.com/products/h ... snapshots/
https://docs.netapp.com/us-en/ontap/sna ... g-a-volume
https://www.hpe.com/psnow/doc/a00127331enw
Thanks I will take your advise

This will be cheaper than Object first single node 64TB approx. £25K. Good solution for a non-tech people with $$$
I can easily build one under £6K using HPE or Dell H/W
But remember the SAN people are getting better

https://blog.purestorage.com/products/h ... snapshots/
https://docs.netapp.com/us-en/ontap/sna ... g-a-volume
https://www.hpe.com/psnow/doc/a00127331enw
-
- Enthusiast
- Posts: 58
- Liked: 9 times
- Joined: Jun 01, 2023 11:28 am
- Contact:
Re: local hardened Linux repository to speed up Wasabi backups
Or my question is: Say I have have a separate Veeam server, a hardened repository with plenty of storage
How do I utilise this to preform faster & reliable backups to Wasabi S3 ?
How do I utilise this to preform faster & reliable backups to Wasabi S3 ?
Who is online
Users browsing this forum: Baidu [Spider] and 106 guests