Is this a hard "won't fix" or could there be more of a "are you sure you know what you do" toggle?
Background:
Because of our infrastructure and some policies/decisions/events in the past we tend to try to keep backup traffic away from "the network" as good as possible.
But with using VHR I now have to make the decision to either use VHR and have network communication between my VMware proxies, which use our FC SAN, and the VHR or go to the windows route with repository and proxy role on the same server.
As much as I like the new appliance based model (I really really like it) this is kind of disappointing.
So coming back to my question, will there in the future be a possibility to use both on one appliance?
Not on "hardened repository", no. Not even in future, because it really makes it no-longer-hardened with those 3rd party VDDK components running on it with root privileges, providing perfect attack surface for privilege escalation vulnerabilities.
The direction we're going is, we instead plan to offer the immutability feature also for regular Linux-based repositories, which as you know CAN be proxies today. So you will be able to have everything on a single box, this repository just won't be considered to be "hardened" for all intents and purposes, specifically because you will have a ton of other high-privileged code running on it.
Gostev wrote: ↑Oct 27, 2025 2:37 pm
The direction we're going is, we instead plan to offer the immutability feature also for regular Linux-based repositories, which as you know CAN be proxies today. So you will be able to have everything on a single box, this repository just won't be considered to be "hardened" for all intents and purposes, specifically because you will have a ton of other high-privileged code running on it.
Just a final question - is there a slight hint regarding when this will be released?
Probably not next month with the GA release, but will this be like H1 26/H2 26 or more like „we have it on our roadmap but it won’t come 2026“?
