Worker Instances configuration to suite Infosys GCP organization policies

[pawan.k@infosys.com]

Hi Team,
We have certain Organization policies in place for Creating VMs on GCP
1.VMs can only use Trusted images- Infosys Hardened Images- Any VMs created on should use images from the trusted images (infosys hardened images) only.
2. VMs should have shielded VM option enabled- GCP best practices.

So when worker instance are created without these 2 above mentioned policies, there will be a non compliance which will be triggered in our security dashboard.

So we would like you to give provision to edit worker instance configuration according to our organization best practices.

[Gostev]

Hi, Pawan. GCP PM will answer your main question but after reading your post I got curious myself: what Linux distribution do you use as the base for these images?

[Alec King]

Hello Pawan,

The question regarding using your infosys hardened image would be the need to deploy and run the Veeam APIs and other tools required for backup, restore, FLR inside that VM. Without knowing the exact configuration of your hardened image we would not be able to QA test against it, and we could not be sure that our toolkit will work.
On security in general, we do use the LTS build 22.04 of Ubuntu so we have the latest updates and security patches, and we do already have Secure Boot and Block Project-wide SSH Keys enabled by default.

Regarding Shielded VM, it may be possible to deploy our Worker VMs using that option. We will do some investigation and post results here soon.

Thank you for the feedback!

[pawan.k@infosys.com]

Hi Alec,
Thank you for writing back.

I will get back to you with the hardened images configuration in a while.

Regarding Shielded Vms, can I know by when can we expect an update on this?

[Alec King]

Hi Pawan,
Please feel free to email me directly concerning the hardened images, rather than publish details here in the forum. Just reach out to your local Veeam representative if you don't already have my contact details.
Regarding Shielded VM, we are investigating, and hope to have an update sometime over the next few weeks.
Thanks!

[pawan.k@infosys.com]

Hi Alec,
Regarding Hardened Images, i spoke to my manager and he was like it can be passed.

Any updated regarding Shielded VMs?.

Thank you.

[Alec King]

Hi Pawan, OK thank you for the update! Regarding Shielded VMs, we continue to research whether this can be included to a future version. Will update here ASAP.
Thanks!

[pawan.k@infosys.com]

HI Alec,
Any updates on this?? and can you keep Prasanna (Prasanna.Keshava@veeam.com) in loop for this issue.
And can we get a fast update on this cause our security posture is not looking good as there are a lot of triggers regarding Shielded VMs.

Regards,
Pawan Kumar K

[Alec King]

Hello Pawan, We are currently testing all Shielded VM options for Veeam Workers. If the testing does not reveal any issues then I hope we will include this in the next version.