-
- Service Provider
- Posts: 43
- Liked: 13 times
- Joined: Jan 26, 2018 2:27 pm
- Contact:
Re: [RELEASE] Managed Hardened Repository ISO by Veeam
Installation also works on Dell R760 < PERC H965i Front for DATA / BOSS-N1 for OS, Broadcom Adv. Dual 25Gb.
[HannesK]: thanks, I added the server to the list
[HannesK]: thanks, I added the server to the list
-
- Lurker
- Posts: 1
- Liked: 1 time
- Joined: Mar 12, 2013 8:53 pm
- Full Name: Matt Skalecki
- Contact:
Re: [RELEASE] Managed Hardened Repository ISO by Veeam
Am I interpreting this correctly?We're excited to move our managed Hardened Repository project to the next step and upgrade its status from Community Preview to experimentally supported. This means hardened repositories provisioned from this ISO build are now officially supported for use in production environments, and you can open support cases normally in case of any issues (experimental support SLA disclaimer applies only to issues with the ISO Installer and the Configurator Tool specifically).
[*] Support cases involving issues with backup/restore/etc jobs targeting a repository built from the "Managed Hardened Repository ISO" are given full support as if the target was any other supported repository.
[*] Support cases involving issues with installing or configuring the repository with the "Managed Hardened Repository ISO" are given the lower "experimental support SLA".
If that is correct, I'm very excited to give this a try with our next repo server. Manually hardening these servers is not trivial.
-
- Product Manager
- Posts: 6551
- Liked: 765 times
- Joined: May 19, 2015 1:46 pm
- Contact:
Re: [RELEASE] Managed Hardened Repository ISO by Veeam
Hi,
Yes, that's correct.
The Veeam bits running inside the Hardened Repo are the same regardless of the nature of the repository, hence all issues related to the actual usage of the repo are treated with the same level of dilligence.
At the same time, issues related to installation/configuration process of the ISO-based Hardened Repo will have lower priority due to the novelty of the deployment method.
Thanks!
Yes, that's correct.
The Veeam bits running inside the Hardened Repo are the same regardless of the nature of the repository, hence all issues related to the actual usage of the repo are treated with the same level of dilligence.
At the same time, issues related to installation/configuration process of the ISO-based Hardened Repo will have lower priority due to the novelty of the deployment method.
Thanks!
-
- Influencer
- Posts: 18
- Liked: 5 times
- Joined: Jan 24, 2015 7:26 am
- Full Name: Morten Boegeskov
- Contact:
Re: [RELEASE] Managed Hardened Repository ISO by Veeam
when the repair option arrives , will it be able to upgrader/replace VHR that is installed following the blog posts of Hannesk from 2023 or will i need to start over ?
-
- Product Manager
- Posts: 14830
- Liked: 3079 times
- Joined: Sep 01, 2014 11:46 am
- Full Name: Hannes Kasparick
- Location: Austria
- Contact:
Re: [RELEASE] Managed Hardened Repository ISO by Veeam
Hello,
"repair" as it was developed today (internal builds) only works for systems installed with a Hardened Repository ISO. But we are evaluating alternative options that require manual user interaction to allow migrations.
Best regards
Hannes
"repair" as it was developed today (internal builds) only works for systems installed with a Hardened Repository ISO. But we are evaluating alternative options that require manual user interaction to allow migrations.
Best regards
Hannes
-
- Enthusiast
- Posts: 30
- Liked: 1 time
- Joined: Jan 24, 2011 12:20 pm
- Contact:
Re: [RELEASE] Managed Hardened Repository ISO by Veeam
Hello everyone,
I have a question about the VHR image published by Veeam.
In the event that a client saturates its VHR repository, what are the possibilities of being able to remove the flags and delete files to free up space? Do we have to go through veeam support?
I'll admit I've tested it, and the solution is functional and hardening .
Have a nice day,
Julian,
I have a question about the VHR image published by Veeam.
In the event that a client saturates its VHR repository, what are the possibilities of being able to remove the flags and delete files to free up space? Do we have to go through veeam support?
I'll admit I've tested it, and the solution is functional and hardening .
Have a nice day,
Julian,
-
- Chief Product Officer
- Posts: 31789
- Liked: 7294 times
- Joined: Jan 01, 2006 1:01 am
- Location: Baar, Switzerland
- Contact:
Re: [RELEASE] Managed Hardened Repository ISO by Veeam
Yes, you can always remove flags yourself under root, after which backup files can be deleted... no need to go through support.
-
- Enthusiast
- Posts: 30
- Liked: 4 times
- Joined: Mar 28, 2018 9:22 am
- Contact:
Re: [RELEASE] Managed Hardened Repository ISO by Veeam
Hello
Perhaps the answer "NO" was too veiled. Somewhere I heard about a practice that you can't say no, it's bad for karma
P.S. I'll wait until there are more such requests from clients
-
- Enthusiast
- Posts: 30
- Liked: 1 time
- Joined: Jan 24, 2011 12:20 pm
- Contact:
Re: [RELEASE] Managed Hardened Repository ISO by Veeam
Hello Gostev,
Unless I'm mistaken, we don't have root access with this VHR Veeam ISO deployment. If I take a note from the community:
“Advantages of VHR VEEAM ISO
The biggest advantage of ISO is that there's no need for further customization or scripting (the system is already hardened by the custom installer).
There is no root user.
Using Rocky Linux as a base, you benefit from 10 years of support.
After the official release, you'll also benefit from Veeam support.”
Julian,
-
- Chief Product Officer
- Posts: 31789
- Liked: 7294 times
- Joined: Jan 01, 2006 1:01 am
- Location: Baar, Switzerland
- Contact:
Re: [RELEASE] Managed Hardened Repository ISO by Veeam
As long as you are able to boot a VHR server from external media, then you can always get yourself root access by modifying relevant OS security files directly from within another OS you booted. The only thing that can potentially stop you are locked BIOS settings to make the machine boot from external media, however assuming your an admin of said server you'd know its BIOS password.
P.S. Note that physical access to actual server's enclosure gives you a number of ways to bypass even said BIOS lock. You could reflash the BIOS to reset its password, or remove hard drives and connect them to another server to edit those OS files, etc.
P.S. Note that physical access to actual server's enclosure gives you a number of ways to bypass even said BIOS lock. You could reflash the BIOS to reset its password, or remove hard drives and connect them to another server to edit those OS files, etc.
-
- Enthusiast
- Posts: 30
- Liked: 1 time
- Joined: Jan 24, 2011 12:20 pm
- Contact:
Re: [RELEASE] Managed Hardened Repository ISO by Veeam
Thank you Gostev,
We agree, access with an external media will allow to modify the accesses. You've answered my question.
Have a nice day,
Julian,
We agree, access with an external media will allow to modify the accesses. You've answered my question.
Have a nice day,
Julian,
-
- Influencer
- Posts: 13
- Liked: 4 times
- Joined: Jun 26, 2013 8:12 am
- Full Name: Chris
- Contact:
Re: [RELEASE] Managed Hardened Repository ISO by Veeam
Im just missing some Userguide/Documentation to this release.
E.g. Users automatically created, default Logins, is SSH allowed, permissions on default created users, terminal login, etc.
E.g. Users automatically created, default Logins, is SSH allowed, permissions on default created users, terminal login, etc.
-
- Product Manager
- Posts: 14830
- Liked: 3079 times
- Joined: Sep 01, 2014 11:46 am
- Full Name: Hannes Kasparick
- Location: Austria
- Contact:
Re: [RELEASE] Managed Hardened Repository ISO by Veeam
Hello,
@chris_lalala: documentation is available in the user guide
@chris.childerhose: I deleted your answer to avoid confusion and split the other question as it describes a technical issue.
Best regards
Hannes
PS: sorry for the delay, I did not get email notifications for unknown reasons
@chris_lalala: documentation is available in the user guide
@chris.childerhose: I deleted your answer to avoid confusion and split the other question as it describes a technical issue.
Best regards
Hannes
PS: sorry for the delay, I did not get email notifications for unknown reasons
-
- Lurker
- Posts: 2
- Liked: never
- Joined: Sep 19, 2018 8:25 am
- Full Name: itNGO
- Contact:
Re: [RELEASE] Managed Hardened Repository ISO by Veeam
Hi,
I know this is primary for Bare-Metal-Servers but we have some Servers in Datacenter which present VMs for customers as Remote-Backup-Storage. Will there be an option to extend existing volumes when the VM Disk is resized in the Hypervisor?
Regards
I know this is primary for Bare-Metal-Servers but we have some Servers in Datacenter which present VMs for customers as Remote-Backup-Storage. Will there be an option to extend existing volumes when the VM Disk is resized in the Hypervisor?
Regards
-
- Product Manager
- Posts: 14830
- Liked: 3079 times
- Joined: Sep 01, 2014 11:46 am
- Full Name: Hannes Kasparick
- Location: Austria
- Contact:
Re: [RELEASE] Managed Hardened Repository ISO by Veeam
Hello,
the "resizing" and "add storage" request also exists for physical servers more or less the same. There are ideas on that topic, but no timeline.
For physical servers, one would usually add new disks / RAID-sets and then add that to LVM and extend the file system. Some RAID controllers might even allow extending RAID-sets. Extending the disk size also works with LVM (pvresize). Then the file system also needs to be extended. I won't describe here how to do that, because if done wrong, data loss can happen.
Best regards
Hannes
the "resizing" and "add storage" request also exists for physical servers more or less the same. There are ideas on that topic, but no timeline.
For physical servers, one would usually add new disks / RAID-sets and then add that to LVM and extend the file system. Some RAID controllers might even allow extending RAID-sets. Extending the disk size also works with LVM (pvresize). Then the file system also needs to be extended. I won't describe here how to do that, because if done wrong, data loss can happen.
Best regards
Hannes
-
- Service Provider
- Posts: 182
- Liked: 48 times
- Joined: Sep 03, 2012 5:28 am
- Full Name: Yizhar Hurwitz
- Contact:
Re: [RELEASE] Managed Hardened Repository ISO by Veeam
Hello
Just installed veeam hardened repository iso 0.1.17
Hardware = HPE ProLiant DL360 Gen10
RAID controller = HPE Smart Array P408i-a SR Gen10
Problem and notes:
1. ping
There is no built in option to troubleshoot networking
Please add such feature (similar to esxi console) to troubleshoot ip and dns.
for example ping the following:
default gateway
configured dns servers
dns resolve update repository (using dig/nslookup)
ping (or test http) to updated repository
I also recommend to add option for enabling incoming PING, at least temporary, similar to SSH option.
2. screen resolution
I've used ILO console while a 23 inch screen was also attached. this caused the screen resolution to be very high, and was no easy way to change it.
Especialy while trying to read the terrible onetime ssh credentials.
I ended up disconnnecting the physical screen, and reinstall from scratch.
This time screen resolution was 1024*768 which is ok and readable.
Please add option to change screen resolution or other display settings after install, or option to reset to reasonable default such as 1024*768.
Yizhar
Just installed veeam hardened repository iso 0.1.17
Hardware = HPE ProLiant DL360 Gen10
RAID controller = HPE Smart Array P408i-a SR Gen10
Problem and notes:
1. ping
There is no built in option to troubleshoot networking
Please add such feature (similar to esxi console) to troubleshoot ip and dns.
for example ping the following:
default gateway
configured dns servers
dns resolve update repository (using dig/nslookup)
ping (or test http) to updated repository
I also recommend to add option for enabling incoming PING, at least temporary, similar to SSH option.
2. screen resolution
I've used ILO console while a 23 inch screen was also attached. this caused the screen resolution to be very high, and was no easy way to change it.
Especialy while trying to read the terrible onetime ssh credentials.
I ended up disconnnecting the physical screen, and reinstall from scratch.
This time screen resolution was 1024*768 which is ok and readable.
Please add option to change screen resolution or other display settings after install, or option to reset to reasonable default such as 1024*768.
Yizhar
-
- Product Manager
- Posts: 14830
- Liked: 3079 times
- Joined: Sep 01, 2014 11:46 am
- Full Name: Hannes Kasparick
- Location: Austria
- Contact:
Re: [RELEASE] Managed Hardened Repository ISO by Veeam
Hello,
thanks for reporting that the DL360 works, I added it to the list in the initial post.
1) yes, that is something I have on my list and I added you +1. Incoming ping will be allowed in version 2.
2) hmm, I installed it on different machines with different remote consoles, but never had a resolution issue. Just to be clear: the resolution problem is after the system was installed and not during the installation, right?
Best regards
Hannes
thanks for reporting that the DL360 works, I added it to the list in the initial post.
1) yes, that is something I have on my list and I added you +1. Incoming ping will be allowed in version 2.
2) hmm, I installed it on different machines with different remote consoles, but never had a resolution issue. Just to be clear: the resolution problem is after the system was installed and not during the installation, right?
Best regards
Hannes
-
- Influencer
- Posts: 13
- Liked: 4 times
- Joined: Jun 26, 2013 8:12 am
- Full Name: Chris
- Contact:
Re: [RELEASE] Managed Hardened Repository ISO by Veeam
Sorry, but this is not a Userguide for the Linux OS. This one is missing E.g. Users automatically created, default Logins, is SSH allowed, permissions on default created users, terminal login, etc.HannesK wrote: ↑Dec 05, 2024 7:36 am Hello,
@chris_lalala: documentation is available in the user guide
@chris.childerhose: I deleted your answer to avoid confusion and split the other question as it describes a technical issue.
Best regards
Hannes
PS: sorry for the delay, I did not get email notifications for unknown reasons
-
- Product Manager
- Posts: 14830
- Liked: 3079 times
- Joined: Sep 01, 2014 11:46 am
- Full Name: Hannes Kasparick
- Location: Austria
- Contact:
Re: [RELEASE] Managed Hardened Repository ISO by Veeam
Hello,
The passwords are documented here
Does that solve everything?
We don't document the Linux OS details because the customer is not supposed to touch it.
If you wish to configure Linux OS yourself, you can build hardened repository on any supported Linux distribution on your own.
Best regards
Hannes
The passwords are documented here
Does that solve everything?
We don't document the Linux OS details because the customer is not supposed to touch it.
If you wish to configure Linux OS yourself, you can build hardened repository on any supported Linux distribution on your own.
Best regards
Hannes
-
- Novice
- Posts: 7
- Liked: 4 times
- Joined: Oct 03, 2024 6:37 pm
- Full Name: Paul Adair
- Contact:
Re: [RELEASE] Managed Hardened Repository ISO by Veeam
I've had 0.1.17 up and running on a new Dell R760xs for a few weeks now. Install and setup to backup data went without issue.
Server has PERC H755 controller with 6 x 12TB SATA drives. (setup Raid6)
Server also has the BOSS-N1 with 2 x 480GB SSD drives. (setup Raid1)
All is well so far....
EDIT - This now includes upgrading V B&R server to 12.3 and any updates it need to apply to the VHR as well. All working good.
Server has PERC H755 controller with 6 x 12TB SATA drives. (setup Raid6)
Server also has the BOSS-N1 with 2 x 480GB SSD drives. (setup Raid1)
All is well so far....
EDIT - This now includes upgrading V B&R server to 12.3 and any updates it need to apply to the VHR as well. All working good.
Who is online
Users browsing this forum: Baidu [Spider], Bing [Bot], Semrush [Bot] and 97 guests