Standalone backup agent for Microsoft Windows servers and workstations (formerly Veeam Endpoint Backup FREE)
Post Reply
jfreeman
Lurker
Posts: 1
Liked: never
Joined: Jun 25, 2020 11:37 pm
Full Name: Jason
Contact:

Write backup jobs without modify permissions?

Post by jfreeman »

To protect against ransomware, can Veeam write to a fileshare without modify permissions?

This way, the receiving server (the one hosting the fileshare) can periodically delete older Veeam backups without the sending client doing it. This would effectively protect against ransomware.

We have other apps that can deal with this permissions config, so I was wondering if Veeam can, too.

Egor Yakovlev
Veeam Software
Posts: 1407
Liked: 323 times
Joined: Jun 14, 2013 9:30 am
Full Name: Egor Yakovlev
Contact:

Re: Write backup jobs without modify permissions?

Post by Egor Yakovlev »

Hi Jason, interesting request - noted for discussion.

Currently Veeam(and only Veeam) handles chain retention and keeps restore-point-related information in a database to show you relevant data, so if retention is done outside our product we must think of some sort "rescan" interval to periodically queue backup location(because you never know when target side will have "cleanup"). Much bigger problem is that we will have to expose Veeam backup structure, because retention is not just about deleting older files, but in many cases it requires a "merge" operation to move Full backup up the grid - which of course will be a tough task to perform from outside our data movers.

We do have Rotated media support, so for example you can have 1 week of backups on USB-HDD-01, and if by the time of Backup Job start on week 2 we detect repository is empty(you took out original disk with all Week 1 backups and plugged in a new one USB-HDD-02) we will start a new chain on it without problems. Week 3, when you plug USB-HDD-01 back, we will detect it, cleanup retention on it and continue backups without errors. That way you can have previous week of backups always be offline, 100% resilient to Ransomware.

/Hope that helps!

Post Reply

Who is online

Users browsing this forum: Bing [Bot] and 4 guests