Feature Request TAPE: 4-eye principle for tape erasure

[kvogt]

In the context of ransomware attacks, the first attacks on tape backup also exist. Is there a possibility of optionally (but not to be revised) setting up a four-eyes principle for tape erasure?
Alternatively, as a weaker version, at least an alarm should be sent to the admin so that he sees directly when something starts that should not.

From the customer's point of view, this would greatly simplify handling with tape.

Thanks a lot

[Dima P.]

Hello Karsten,

Interesting idea, thank you! Currently we do not send email reports when tape media is erased but I'll note your post as an improvement request. The best solution for now would be to eject the tape media and keep it offline, while that adds extra tape management routine such solution is bulletproof against any ransomware.

[vmtech123]

I'd also vote for this. I rarely delete tapes from my pools. They expire and get reused.

Being able to set up alerts when someone tries to erase things, modify a job, delete a job or disable a job would be a great feature. Also putting Veeam in Maintenance mode to stop all alerting while doing this (perhaps password protected) would be a great feature that complements it.

[Regnor]

Please don't forget that someone accessing your backup/tape server can erase the tapes without accessing Veeam. So such a feature would only bring an advantage if your server isn't accessible at all, despite remote via the Veeam Console.

[soncscy]

While you have a point Max, I think that there still is value for this for partial visibility, but it'd need to be some independent appliance that stays off the main veeam server itself else it's just too convenient to shut down the tool that should be monitoring the veeam server from the veeam server itself.

Actually, this would be an incredibly easy script to throw together that just check every few minutes for those types of sessions, with the benefit of checking even for the vendor native tools. You could spin it up to run on a few random servers with the VBR console installed and it'll spam out emails on these unexpected changes.