Comprehensive data protection for all workloads
Post Reply
Gostev
Chief Product Officer
Posts: 32282
Liked: 7634 times
Joined: Jan 01, 2006 1:01 am
Location: Baar, Switzerland
Contact:

Re: [RELEASE] Managed Hardened Repository ISO by Veeam

Post by Gostev »

I thought DAS is no different from internal disks (in terms how OS sees both). So if they are connected at the time of ISO installation, they should just become a part of the pool. Or am I completely wrong here?
Dynamic
Enthusiast
Posts: 34
Liked: 8 times
Joined: Mar 02, 2017 2:43 pm
Full Name: Markus Hartmann
Contact:

Re: [RELEASE] Managed Hardened Repository ISO by Veeam

Post by Dynamic »

Ah, if this is the case - perfect. Thanks.
Hadn't yet the chance to test it (with additional DAS shelfs), just want to be prepared.
Markus Hartmann | Veeam Vanguard | Veeam Legend 2024 | VMCA 2024 & VMCE 2024 | VMware Certified Implementation Expert - Data Center Virtualization 2024 | https://markushartmann.blog/
Gostev
Chief Product Officer
Posts: 32282
Liked: 7634 times
Joined: Jan 01, 2006 1:01 am
Location: Baar, Switzerland
Contact:

Re: [RELEASE] Managed Hardened Repository ISO by Veeam

Post by Gostev » 1 person likes this post

Let's wait for Hannes to confirm ;)
Hauke
Enthusiast
Posts: 27
Liked: 6 times
Joined: Apr 16, 2015 11:25 am
Full Name: Hauke Ihnen
Contact:

Re: [RELEASE] Managed Hardened Repository ISO by Veeam

Post by Hauke »

Is there any chance to allow the Keyboard from iDRAC to work?
Currently it's blocked, since it connects by USB.

"Device is not authorized for usage" in the console.

https://imgur.com/a/YRA2BFb
Gostev
Chief Product Officer
Posts: 32282
Liked: 7634 times
Joined: Jan 01, 2006 1:01 am
Location: Baar, Switzerland
Contact:

Re: [RELEASE] Managed Hardened Repository ISO by Veeam

Post by Gostev »

Unfortunately not, USBGuard is a DISA STIG requirement.
Hauke
Enthusiast
Posts: 27
Liked: 6 times
Joined: Apr 16, 2015 11:25 am
Full Name: Hauke Ihnen
Contact:

Re: [RELEASE] Managed Hardened Repository ISO by Veeam

Post by Hauke »

I just discovered that connecting another physical keyboard or using a different USB port for it also renders the system inaccessible. Interesting.
mdwophil
Influencer
Posts: 10
Liked: 12 times
Joined: Dec 19, 2023 7:02 pm
Full Name: Phil Brutsche
Contact:

Re: [RELEASE] Managed Hardened Repository ISO by Veeam

Post by mdwophil » 1 person likes this post

Dynamic wrote: Feb 21, 2025 9:31 am Thanks Hannes for your answer regards the Blacksite.

I have another question, in a similar direction like VK-DMX:
A customer has some Windows Repositories with local integrated RAID disks and also some external SAS connected Shelfs (DAS). Currently they are integrated within VBR as SOBR extends.

If this customer is planning to switch from these Windows Repository to the VHR approach, it's not a problem to use the internal Disks for Capacity for sure.
But how we could add the other DAS Shelfs, to also consume them as a SOBR? Is there any option, something on the roadmap or should we go with another Distribution like Ubuntu?

Thanks and Best regards, Markus
What is that external DAS - a JBOD, or an external RAID subsystem like a Dell PowerVault ME5 SAN (or the equivalent from someone else, like an HPE MSA)? And what is the connection from the DAS to the VHR server?

VHR doesn't do software RAID, so a JBOD DAS needs to be connected via a RAID controller somehow - like a Dell PERC RAID controller with external connectors. A RAID subsystem just needs an HBA, but be mindful that VHR also (currently) doesn't do multipath.

Additionally, the VHR ISO doesn't support more than one volume for backup storage: the installation ISO doesn't ask any questions about storage, and the text menu admin interface has no options for that. I believe the installer simply takes all disks (except the smallest, that one becomes the OS disk), bundles them into an LVM volume group, and creates a single logical volume from that. The mount point for that logical volume is /mnt/veeam-repository01.

Caveat: I have done exactly 2 installations of a VHR - a PoC install and a Production install

For your case, I think you'll want to go with something more "generic" like Rocky Linux 9.x, AlmaLinux 9.x, or Ubuntu LTS for your customer. That will give you the option to configure multipath, softraid, or anything else you need. The biggest thing I would suggest is turn of SSH when you don't need it, and turn it on only when you do via the remote KVM feature of your sever (Dell iDRAC, HPE iLO, etc).
Dynamic
Enthusiast
Posts: 34
Liked: 8 times
Joined: Mar 02, 2017 2:43 pm
Full Name: Markus Hartmann
Contact:

Re: [RELEASE] Managed Hardened Repository ISO by Veeam

Post by Dynamic »

@mdwophil:
It's a DELL PowerVault MD1420 series shelf, like mentioned SAS attached, an no SAN Device.
This DAS is managed by RAID Controller (PERC H840P) in the server.

An internal RAID (PERC H730P+) controller manages the internal Disks within the server itself.

The customer would be fine, if the VHR create a logical volume from these two different Arrays - or also if it's create 2 seperate volumes.
Thanks
Markus Hartmann | Veeam Vanguard | Veeam Legend 2024 | VMCA 2024 & VMCE 2024 | VMware Certified Implementation Expert - Data Center Virtualization 2024 | https://markushartmann.blog/
HannesK
Product Manager
Posts: 15222
Liked: 3277 times
Joined: Sep 01, 2014 11:46 am
Full Name: Hannes Kasparick
Location: Austria
Contact:

Re: [RELEASE] Managed Hardened Repository ISO by Veeam

Post by HannesK » 2 people like this post

@Dynamic: yes, external shelves / JBODs are considered as DAS (direct attached storage). It works the same like internal disks where the RAID controller is part of the server and just the disks are external.

@Hauke: all keyboards that were connected during installation should work. Adding new ones afterwards is blocked by USBguard as mentioned before. iDRAC virtual keyboards worked for other customers in the past and I cannot explain why it should not work.
Hauke
Enthusiast
Posts: 27
Liked: 6 times
Joined: Apr 16, 2015 11:25 am
Full Name: Hauke Ihnen
Contact:

Re: [RELEASE] Managed Hardened Repository ISO by Veeam

Post by Hauke » 2 people like this post

Dell iDRAC is connecting its keyboard only during an active session, so looks like to get it running it's needed to install that server by using iDRAC.
There is also an option "Keyboard/Mouse Attach State" in iDRAC, "Attached, Detached, Auto". Switching this from (default) Auto to Attached could also help.

Otherwise I had no issues with VHR ISO on this device, PowerEdge R760xs with BOSS for OS. Installation worked perfectly, all needed drivers included.
HannesK
Product Manager
Posts: 15222
Liked: 3277 times
Joined: Sep 01, 2014 11:46 am
Full Name: Hannes Kasparick
Location: Austria
Contact:

Re: [RELEASE] Managed Hardened Repository ISO by Veeam

Post by HannesK »

yes, the options you mention seem to be a good explanation. thanks for sharing 👍
mattskalecki
Novice
Posts: 3
Liked: 4 times
Joined: Mar 12, 2013 8:53 pm
Full Name: Matt Skalecki
Contact:

Re: [RELEASE] Managed Hardened Repository ISO by Veeam

Post by mattskalecki »

HannesK wrote: Feb 24, 2025 9:30 am @Dynamic: yes, external shelves / JBODs are considered as DAS (direct attached storage). It works the same like internal disks where the RAID controller is part of the server and just the disks are external.

@Hauke: all keyboards that were connected during installation should work. Adding new ones afterwards is blocked by USBguard as mentioned before. iDRAC virtual keyboards worked for other customers in the past and I cannot explain why it should not work.
Is it possible to regain keyboard functionality after disconnecting the keyboard? I missed the note on USBguard and want to login to perform a reboot to complete the linux system updates.
HannesK
Product Manager
Posts: 15222
Liked: 3277 times
Joined: Sep 01, 2014 11:46 am
Full Name: Hannes Kasparick
Location: Austria
Contact:

Re: [RELEASE] Managed Hardened Repository ISO by Veeam

Post by HannesK »

The same keyboard should continue to work. If that's not available anymore, then using repair mode is probably the easiest way if the server does not have a remote console. If you have Linux knowledge, then using "live boot" and configuring USBguard manually could also work (that's an untested scenario)
AlexandreD
Service Provider
Posts: 56
Liked: 3 times
Joined: Jan 22, 2019 4:21 pm
Full Name: ALEXANDRE D
Location: Reims, France
Contact:

Re: [RELEASE] Managed Hardened Repository ISO by Veeam

Post by AlexandreD »

Hello,

Quick question: I don't see an option in the main menu for configuring SNMP.
Is there another way to configure SNMP or is this not allowed?

Thank you

Alexandre
Gostev
Chief Product Officer
Posts: 32282
Liked: 7634 times
Joined: Jan 01, 2006 1:01 am
Location: Baar, Switzerland
Contact:

Re: [RELEASE] Managed Hardened Repository ISO by Veeam

Post by Gostev »

Right, Veeam never offered dedicated SNMP settings on individual backup infrastructure components. Have you considered configuring SNMP in VBR server that uses this hardened repository instead?
fezzebru
Novice
Posts: 7
Liked: 1 time
Joined: Aug 07, 2024 5:55 pm
Contact:

Re: [RELEASE] Managed Hardened Repository ISO by Veeam

Post by fezzebru » 1 person likes this post

We are a service provider and will have multiple PB's in a multiple location, it concerns me that it seems to create a single large LVM, is there a suggested maximum size limit? That's a rather large fault domain and we have had an issue with a superblock in the past.
A hardened repo server is expected to have 3-4x 400TiB luns so want to make sure it scales. I'd love to chat with you all this directly. Ideally his would be done via boot from SAN and the volumes will be presented from a monolithic SAN.
HannesK
Product Manager
Posts: 15222
Liked: 3277 times
Joined: Sep 01, 2014 11:46 am
Full Name: Hannes Kasparick
Location: Austria
Contact:

Re: [RELEASE] Managed Hardened Repository ISO by Veeam

Post by HannesK » 1 person likes this post

Hello,
the suggested side is maximum 1PB which is the RHEL recommended maximum. But there is no hard limit as XFS can be much larger.

What you ask for totally makes sense and I add you +1 for the "manage storage" feature request. As you mention LUNs, I also added you +1 to "support multipathing" request.

"Boot from SAN" would probably need modifications to the installer itself. We have no request for this so far and when I remember troubleshooting boot from SAN back in the time, I'm not convinced that is something Veeam support eventually should troubleshoot.

Best regards
Hannes
bgenner
Novice
Posts: 3
Liked: never
Joined: Dec 30, 2024 5:53 pm
Full Name: Benjamin Genner
Contact:

Re: [RELEASE] Managed Hardened Repository ISO by Veeam

Post by bgenner »

Hi, Where can I download the latest ISO for the LHR? Thanks!
Gostev
Chief Product Officer
Posts: 32282
Liked: 7634 times
Joined: Jan 01, 2006 1:01 am
Location: Baar, Switzerland
Contact:

Re: [RELEASE] Managed Hardened Repository ISO by Veeam

Post by Gostev » 1 person likes this post

The link is actually in the first post of this thread :)
mvalpreda
Enthusiast
Posts: 85
Liked: 3 times
Joined: May 06, 2015 10:57 pm
Full Name: Mark Valpreda
Contact:

Re: [RELEASE] Managed Hardened Repository ISO by Veeam

Post by mvalpreda »

I know everyone is talking about doing this with Dell/HP/etc and their associated RAID cards. Curious if there is a way to set up software RAID with this ISO for a machine that is JBOD.
HannesK
Product Manager
Posts: 15222
Liked: 3277 times
Joined: Sep 01, 2014 11:46 am
Full Name: Hannes Kasparick
Location: Austria
Contact:

Re: [RELEASE] Managed Hardened Repository ISO by Veeam

Post by HannesK »

Hello,
no, hardware RAID is a system requirement. Hardware RAID is proven to be fast (write cache) and stable, which is the reason why it's required.

With a JBOD, the ISO would install the operating system on the smallest disk and create one spanned logical volume with LVM without any redundancy with the other disks.

Best regards
Hannes
Gostev
Chief Product Officer
Posts: 32282
Liked: 7634 times
Joined: Jan 01, 2006 1:01 am
Location: Baar, Switzerland
Contact:

Re: [RELEASE] Managed Hardened Repository ISO by Veeam

Post by Gostev »

mdraid has stability issues with XFS in particular, so it's a no-go
albertwt
Veteran
Posts: 954
Liked: 54 times
Joined: Nov 05, 2009 12:24 pm
Location: Sydney, NSW
Contact:

Re: [RELEASE] Managed Hardened Repository ISO by Veeam

Post by albertwt »

https://helpcenter.veeam.com/docs/backu ... ml?ver=120

This is great news and truly simplifies the Immutable backup deployment.

Thanks, team, for sharing this ISO file.

May I know if we can install some agents in this Linux server like:

1. System monitoring software
2. EDR or AntiVirus team
--
/* Veeam software enthusiast user & supporter ! */
HannesK
Product Manager
Posts: 15222
Liked: 3277 times
Joined: Sep 01, 2014 11:46 am
Full Name: Hannes Kasparick
Location: Austria
Contact:

Re: [RELEASE] Managed Hardened Repository ISO by Veeam

Post by HannesK »

Hello,

Short answer: no.

Longer answer: You should not add any additional (monitoring) software as it increases attack surface and the risk of introducing vulnerabilities. Furthermore, (misconfigured) security software is one of the most popular root causes of support cases around backup reliability.

Better built-in monitoring is something we have in mind to add to this offering in future. Adding 3rd party software is however not supported. Technically "you can" if you have Linux knowledge, but it's impossible to predict what will happen when we post future updates for the ISO. So you're much better off just using a Linux distro of your choice and managing its full lifecycle yourself.

Best regards
Hannes
keksbert
Novice
Posts: 6
Liked: never
Joined: Mar 28, 2014 9:23 am
Contact:

Re: [RELEASE] Managed Hardened Repository ISO by Veeam

Post by keksbert »

Hello Hannes, thank you for this clarification. Could you please mention this statemant explicitly in the beginning of the thread.
Adding 3rd party software is not supported.
HannesK
Product Manager
Posts: 15222
Liked: 3277 times
Joined: Sep 01, 2014 11:46 am
Full Name: Hannes Kasparick
Location: Austria
Contact:

Re: [RELEASE] Managed Hardened Repository ISO by Veeam

Post by HannesK »

Hello Keksbert,
sure. I put it in red in the "support" section.

Best regards
Hannes
fezzebru
Novice
Posts: 7
Liked: 1 time
Joined: Aug 07, 2024 5:55 pm
Contact:

Re: [RELEASE] Managed Hardened Repository ISO by Veeam

Post by fezzebru »

HannesK wrote: Feb 27, 2025 4:22 pm Hello,
the suggested side is maximum 1PB which is the RHEL recommended maximum. But there is no hard limit as XFS can be much larger.

What you ask for totally makes sense and I add you +1 for the "manage storage" feature request. As you mention LUNs, I also added you +1 to "support multipathing" request.

"Boot from SAN" would probably need modifications to the installer itself. We have no request for this so far and when I remember troubleshooting boot from SAN back in the time, I'm not convinced that is something Veeam support eventually should troubleshoot.

Best regards
Hannes
Thank you, this checks out nicely, is it 1PB per LUN or total LVM size?
Gostev
Chief Product Officer
Posts: 32282
Liked: 7634 times
Joined: Jan 01, 2006 1:01 am
Location: Baar, Switzerland
Contact:

Re: [RELEASE] Managed Hardened Repository ISO by Veeam

Post by Gostev » 1 person likes this post

Resulting XFS volume size, no matter of the storage configuration underneath.

Honestly, most likely it is just some random number set decades ago. I wager someone at Red Hat was tasked to put some "definitely safe" number for Technical Support to use. Or they were simply technically unable to test larger volumes back then, plus "no one will ever need more memory anyway (c)" :D

Further, I'm pretty sure I heard that we have some customers with volumes larger than 1PB at this time and that they are not seeing any issues. Which makes sense as 1PB is 3 orders of magnitude below architectural maximum for XFS volumes.
HannesK
Product Manager
Posts: 15222
Liked: 3277 times
Joined: Sep 01, 2014 11:46 am
Full Name: Hannes Kasparick
Location: Austria
Contact:

Re: [RELEASE] Managed Hardened Repository ISO by Veeam

Post by HannesK »

Hello,

I talked to Red Hat and the reason for that 1PB value is "operational reasons".

Yes, one can go higher and there is no technical limit that stops customers at 1PB. We have customers using more than 1PB for XFS (but not many because we also see customer preferring "manageable chunks" as mentioned for example here)

The main challenge would be that there is currently no online repair. Once there is online scrub / repair for XFS, that value would probably be increased for RHEL.

Best regards
Hannes
Post Reply

Who is online

Users browsing this forum: Google [Bot] and 111 guests