Comprehensive data protection for all workloads
gmajestix
Service Provider
Posts: 43
Liked: 13 times
Joined: Jan 26, 2018 2:27 pm
Contact:

Re: [RELEASE] Managed Hardened Repository ISO by Veeam

Post by gmajestix » 1 person likes this post

Installation also works on Dell R760 < PERC H965i Front for DATA / BOSS-N1 for OS, Broadcom Adv. Dual 25Gb.

[HannesK]: thanks, I added the server to the list
mattskalecki
Lurker
Posts: 1
Liked: 1 time
Joined: Mar 12, 2013 8:53 pm
Full Name: Matt Skalecki
Contact:

Re: [RELEASE] Managed Hardened Repository ISO by Veeam

Post by mattskalecki » 1 person likes this post

We're excited to move our managed Hardened Repository project to the next step and upgrade its status from Community Preview to experimentally supported. This means hardened repositories provisioned from this ISO build are now officially supported for use in production environments, and you can open support cases normally in case of any issues (experimental support SLA disclaimer applies only to issues with the ISO Installer and the Configurator Tool specifically).
Am I interpreting this correctly?
[*] Support cases involving issues with backup/restore/etc jobs targeting a repository built from the "Managed Hardened Repository ISO" are given full support as if the target was any other supported repository.
[*] Support cases involving issues with installing or configuring the repository with the "Managed Hardened Repository ISO" are given the lower "experimental support SLA".

If that is correct, I'm very excited to give this a try with our next repo server. Manually hardening these servers is not trivial.
PTide
Product Manager
Posts: 6551
Liked: 765 times
Joined: May 19, 2015 1:46 pm
Contact:

Re: [RELEASE] Managed Hardened Repository ISO by Veeam

Post by PTide » 2 people like this post

Hi,

Yes, that's correct.

The Veeam bits running inside the Hardened Repo are the same regardless of the nature of the repository, hence all issues related to the actual usage of the repo are treated with the same level of dilligence.

At the same time, issues related to installation/configuration process of the ISO-based Hardened Repo will have lower priority due to the novelty of the deployment method.

Thanks!
MOBO
Influencer
Posts: 18
Liked: 5 times
Joined: Jan 24, 2015 7:26 am
Full Name: Morten Boegeskov
Contact:

Re: [RELEASE] Managed Hardened Repository ISO by Veeam

Post by MOBO »

when the repair option arrives , will it be able to upgrader/replace VHR that is installed following the blog posts of Hannesk from 2023 or will i need to start over ?
HannesK
Product Manager
Posts: 14830
Liked: 3079 times
Joined: Sep 01, 2014 11:46 am
Full Name: Hannes Kasparick
Location: Austria
Contact:

Re: [RELEASE] Managed Hardened Repository ISO by Veeam

Post by HannesK »

Hello,
"repair" as it was developed today (internal builds) only works for systems installed with a Hardened Repository ISO. But we are evaluating alternative options that require manual user interaction to allow migrations.

Best regards
Hannes
Jneau
Enthusiast
Posts: 30
Liked: 1 time
Joined: Jan 24, 2011 12:20 pm
Contact:

Re: [RELEASE] Managed Hardened Repository ISO by Veeam

Post by Jneau »

Hello everyone,

I have a question about the VHR image published by Veeam.

In the event that a client saturates its VHR repository, what are the possibilities of being able to remove the flags and delete files to free up space? Do we have to go through veeam support?

I'll admit I've tested it, and the solution is functional and hardening :-).

Have a nice day,
Julian,
Gostev
Chief Product Officer
Posts: 31789
Liked: 7294 times
Joined: Jan 01, 2006 1:01 am
Location: Baar, Switzerland
Contact:

Re: [RELEASE] Managed Hardened Repository ISO by Veeam

Post by Gostev »

Yes, you can always remove flags yourself under root, after which backup files can be deleted... no need to go through support.
Outlaw
Enthusiast
Posts: 30
Liked: 4 times
Joined: Mar 28, 2018 9:22 am
Contact:

Re: [RELEASE] Managed Hardened Repository ISO by Veeam

Post by Outlaw »

HannesK wrote: Nov 25, 2024 8:40 am the answer was / is "no".

I just try to understand why customers ask such things, because we try to build things customers ask for :-)
Hello

Perhaps the answer "NO" was too veiled. Somewhere I heard about a practice that you can't say no, it's bad for karma :)

P.S. I'll wait until there are more such requests from clients :wink:
Jneau
Enthusiast
Posts: 30
Liked: 1 time
Joined: Jan 24, 2011 12:20 pm
Contact:

Re: [RELEASE] Managed Hardened Repository ISO by Veeam

Post by Jneau »

Gostev wrote: Nov 28, 2024 12:52 pm Yes, you can always remove flags yourself under root, after which backup files can be deleted... no need to go through support.
Hello Gostev,

Unless I'm mistaken, we don't have root access with this VHR Veeam ISO deployment. If I take a note from the community:

“Advantages of VHR VEEAM ISO

The biggest advantage of ISO is that there's no need for further customization or scripting (the system is already hardened by the custom installer).
There is no root user.
Using Rocky Linux as a base, you benefit from 10 years of support.
After the official release, you'll also benefit from Veeam support.”

Julian,
Gostev
Chief Product Officer
Posts: 31789
Liked: 7294 times
Joined: Jan 01, 2006 1:01 am
Location: Baar, Switzerland
Contact:

Re: [RELEASE] Managed Hardened Repository ISO by Veeam

Post by Gostev »

As long as you are able to boot a VHR server from external media, then you can always get yourself root access by modifying relevant OS security files directly from within another OS you booted. The only thing that can potentially stop you are locked BIOS settings to make the machine boot from external media, however assuming your an admin of said server you'd know its BIOS password.

P.S. Note that physical access to actual server's enclosure gives you a number of ways to bypass even said BIOS lock. You could reflash the BIOS to reset its password, or remove hard drives and connect them to another server to edit those OS files, etc.
Jneau
Enthusiast
Posts: 30
Liked: 1 time
Joined: Jan 24, 2011 12:20 pm
Contact:

Re: [RELEASE] Managed Hardened Repository ISO by Veeam

Post by Jneau »

Thank you Gostev,
We agree, access with an external media will allow to modify the accesses. You've answered my question.

Have a nice day,

Julian,
chris_lalala
Influencer
Posts: 13
Liked: 4 times
Joined: Jun 26, 2013 8:12 am
Full Name: Chris
Contact:

Re: [RELEASE] Managed Hardened Repository ISO by Veeam

Post by chris_lalala »

Im just missing some Userguide/Documentation to this release.

E.g. Users automatically created, default Logins, is SSH allowed, permissions on default created users, terminal login, etc.
HannesK
Product Manager
Posts: 14830
Liked: 3079 times
Joined: Sep 01, 2014 11:46 am
Full Name: Hannes Kasparick
Location: Austria
Contact:

Re: [RELEASE] Managed Hardened Repository ISO by Veeam

Post by HannesK »

Hello,
@chris_lalala: documentation is available in the user guide

@chris.childerhose: I deleted your answer to avoid confusion and split the other question as it describes a technical issue.

Best regards
Hannes
PS: sorry for the delay, I did not get email notifications for unknown reasons
j.suenram@it-ngo.com
Lurker
Posts: 2
Liked: never
Joined: Sep 19, 2018 8:25 am
Full Name: itNGO
Contact:

Re: [RELEASE] Managed Hardened Repository ISO by Veeam

Post by j.suenram@it-ngo.com »

Hi,
I know this is primary for Bare-Metal-Servers but we have some Servers in Datacenter which present VMs for customers as Remote-Backup-Storage. Will there be an option to extend existing volumes when the VM Disk is resized in the Hypervisor?

Regards
HannesK
Product Manager
Posts: 14830
Liked: 3079 times
Joined: Sep 01, 2014 11:46 am
Full Name: Hannes Kasparick
Location: Austria
Contact:

Re: [RELEASE] Managed Hardened Repository ISO by Veeam

Post by HannesK »

Hello,
the "resizing" and "add storage" request also exists for physical servers more or less the same. There are ideas on that topic, but no timeline.

For physical servers, one would usually add new disks / RAID-sets and then add that to LVM and extend the file system. Some RAID controllers might even allow extending RAID-sets. Extending the disk size also works with LVM (pvresize). Then the file system also needs to be extended. I won't describe here how to do that, because if done wrong, data loss can happen.

Best regards
Hannes
yizhar
Service Provider
Posts: 182
Liked: 48 times
Joined: Sep 03, 2012 5:28 am
Full Name: Yizhar Hurwitz
Contact:

Re: [RELEASE] Managed Hardened Repository ISO by Veeam

Post by yizhar »

Hello

Just installed veeam hardened repository iso 0.1.17
Hardware = HPE ProLiant DL360 Gen10
RAID controller = HPE Smart Array P408i-a SR Gen10

Problem and notes:

1. ping
There is no built in option to troubleshoot networking
Please add such feature (similar to esxi console) to troubleshoot ip and dns.
for example ping the following:
default gateway
configured dns servers
dns resolve update repository (using dig/nslookup)
ping (or test http) to updated repository

I also recommend to add option for enabling incoming PING, at least temporary, similar to SSH option.


2. screen resolution

I've used ILO console while a 23 inch screen was also attached. this caused the screen resolution to be very high, and was no easy way to change it.
Especialy while trying to read the terrible onetime ssh credentials.
I ended up disconnnecting the physical screen, and reinstall from scratch.
This time screen resolution was 1024*768 which is ok and readable.

Please add option to change screen resolution or other display settings after install, or option to reset to reasonable default such as 1024*768.

Yizhar
HannesK
Product Manager
Posts: 14830
Liked: 3079 times
Joined: Sep 01, 2014 11:46 am
Full Name: Hannes Kasparick
Location: Austria
Contact:

Re: [RELEASE] Managed Hardened Repository ISO by Veeam

Post by HannesK »

Hello,
thanks for reporting that the DL360 works, I added it to the list in the initial post.

1) yes, that is something I have on my list and I added you +1. Incoming ping will be allowed in version 2.

2) hmm, I installed it on different machines with different remote consoles, but never had a resolution issue. Just to be clear: the resolution problem is after the system was installed and not during the installation, right?

Best regards
Hannes
chris_lalala
Influencer
Posts: 13
Liked: 4 times
Joined: Jun 26, 2013 8:12 am
Full Name: Chris
Contact:

Re: [RELEASE] Managed Hardened Repository ISO by Veeam

Post by chris_lalala »

HannesK wrote: Dec 05, 2024 7:36 am Hello,
@chris_lalala: documentation is available in the user guide

@chris.childerhose: I deleted your answer to avoid confusion and split the other question as it describes a technical issue.

Best regards
Hannes
PS: sorry for the delay, I did not get email notifications for unknown reasons
Sorry, but this is not a Userguide for the Linux OS. This one is missing E.g. Users automatically created, default Logins, is SSH allowed, permissions on default created users, terminal login, etc.
HannesK
Product Manager
Posts: 14830
Liked: 3079 times
Joined: Sep 01, 2014 11:46 am
Full Name: Hannes Kasparick
Location: Austria
Contact:

Re: [RELEASE] Managed Hardened Repository ISO by Veeam

Post by HannesK » 1 person likes this post

Hello,
The passwords are documented here

Does that solve everything?

We don't document the Linux OS details because the customer is not supposed to touch it.

If you wish to configure Linux OS yourself, you can build hardened repository on any supported Linux distribution on your own.

Best regards
Hannes
padair
Novice
Posts: 7
Liked: 4 times
Joined: Oct 03, 2024 6:37 pm
Full Name: Paul Adair
Contact:

Re: [RELEASE] Managed Hardened Repository ISO by Veeam

Post by padair » 2 people like this post

I've had 0.1.17 up and running on a new Dell R760xs for a few weeks now. Install and setup to backup data went without issue.
Server has PERC H755 controller with 6 x 12TB SATA drives. (setup Raid6)
Server also has the BOSS-N1 with 2 x 480GB SSD drives. (setup Raid1)
All is well so far.... :)

EDIT - This now includes upgrading V B&R server to 12.3 and any updates it need to apply to the VHR as well. All working good.
Post Reply

Who is online

Users browsing this forum: Baidu [Spider], Bing [Bot], Semrush [Bot] and 97 guests