Hi everyone,
I'm trying to better understand how Veeam Agent for Windows handles deletion of files from object storage. I have started by reading the below KB.
https://helpcenter.veeam.com/docs/agent ... tml?ver=60
From what I can tell, it's not possible to do this via the GUI without directly accessing the object storage and deleting the files manually.
It seems like it is possible to do this with the command line tools, however I haven't got a way to test this currently.
A few things I'd like to clarify if possible please:
If I issue a delete command via command line, will this prompt me to delete object storage, and if so, will this allow deletion of the chain from object storage?
Does this only work from elevated command prompt (admin rights required)?
If the Veeam agent is managed by VSPC and is 'locked' (read-only UI) to prevent change, does the command line deletion still work?
TLDR: I am looking to prevent deletion of object storage from the veeam agent endpoint completely and only allow direct deletion from the object storage directly, to protect from malicious or accidental actions, without going as far as making backups immutable. I am concerned it may still be possible to delete offsite backups via the command line tool and am looking for any ways to stop this.
Thanks!
-
- Service Provider
- Posts: 50
- Liked: 8 times
- Joined: Jan 02, 2024 9:13 am
- Full Name: Pat
- Contact:
-
- Service Provider
- Posts: 50
- Liked: 8 times
- Joined: Jan 02, 2024 9:13 am
- Full Name: Pat
- Contact:
Re: Deleting backups from object storage
Anyone know how this works?
-
- Product Manager
- Posts: 9525
- Liked: 2524 times
- Joined: May 13, 2017 4:51 pm
- Full Name: Fabian K.
- Location: Switzerland
- Contact:
Re: Deleting backups from object storage
Hello Pat
The command is also available when you set the agent UI to read only. But only a user with local admin permission can run the command (requires elevated command line session to access the information in the windows registry).
Running it will delete backups from object storage as well from cloud connect repositories. With non-object storage cloud connect repositories, you would have the recycle bin (must be activated by the cloud connect provider for your tenant). But object storage requires immutability to protect yourself against unwanted deletion.
Best,
Fabian
PS:
Please register yourself in our service provider user group if you are a service provider. This gives you access to our hidden service provider sub forums where service provider products are discussed: Apply for the Cloud and Service Providers user group
The command is also available when you set the agent UI to read only. But only a user with local admin permission can run the command (requires elevated command line session to access the information in the windows registry).
Running it will delete backups from object storage as well from cloud connect repositories. With non-object storage cloud connect repositories, you would have the recycle bin (must be activated by the cloud connect provider for your tenant). But object storage requires immutability to protect yourself against unwanted deletion.
Just to note, "Undeletable" backups can only be achieved by immutability. May I ask why immutable object storage (or hardened repository) is no option for you?and only allow direct deletion from the object storage directly, to protect from malicious or accidental actions, without going as far as making backups immutable.
Best,
Fabian
PS:
Please register yourself in our service provider user group if you are a service provider. This gives you access to our hidden service provider sub forums where service provider products are discussed: Apply for the Cloud and Service Providers user group
Product Management Analyst @ Veeam Software
-
- Service Provider
- Posts: 50
- Liked: 8 times
- Joined: Jan 02, 2024 9:13 am
- Full Name: Pat
- Contact:
Re: Deleting backups from object storage
Thank you for confirming, I was hoping there might be some way to prevent the command line deletion. I am trying to avoid the scenario where we have immutable data in object storage which we no longer require, yet are unable to delete. This can arise somewhat frequently with immutable Veeam agent backups and 12 months of GFS retention, we have some additional tools like '4 eyes' authentication, or governance mode immutability with VBR but I don't believe there's any similar options for Veeam agent yet.
PS I have signed up as a service provider now, thanks for the tip.
PS I have signed up as a service provider now, thanks for the tip.
-
- Service Provider
- Posts: 50
- Liked: 8 times
- Joined: Jan 02, 2024 9:13 am
- Full Name: Pat
- Contact:
Re: Deleting backups from object storage
This is kind of a related question, don't want to make a new thread for it.
Can someone please confirm if immutability periods + GFS retention works the same way in Veeam agent as it does in VBR?
https://helpcenter.veeam.com/docs/agent ... tml?ver=60
https://helpcenter.veeam.com/docs/backu ... ml?ver=120
In the VBR documentation it is made clear that a GFS restore point is immutable for the entire duration of the GFS policy, plus the immutability period defined in Veeam. It used to also say this in VBR v12 but that was changed in v12.1 (don't know why).
In the Veeam agent documentation, this is not defined anywhere, the immutable duration is defined as the immutability period + 10 days block generation, with no mention of any additional retention for GFS policies. It doesn't mention this currently within the client in v6.1 but may be similar to VBR v12.1 where the wording was removed for some reason?
Clarification on this would be appreciated, thank you.
Can someone please confirm if immutability periods + GFS retention works the same way in Veeam agent as it does in VBR?
https://helpcenter.veeam.com/docs/agent ... tml?ver=60
https://helpcenter.veeam.com/docs/backu ... ml?ver=120
In the VBR documentation it is made clear that a GFS restore point is immutable for the entire duration of the GFS policy, plus the immutability period defined in Veeam. It used to also say this in VBR v12 but that was changed in v12.1 (don't know why).
In the Veeam agent documentation, this is not defined anywhere, the immutable duration is defined as the immutability period + 10 days block generation, with no mention of any additional retention for GFS policies. It doesn't mention this currently within the client in v6.1 but may be similar to VBR v12.1 where the wording was removed for some reason?
Clarification on this would be appreciated, thank you.
Who is online
Users browsing this forum: Bing [Bot], Yuya and 11 guests