Bringing this up again after Gostev's weekly post. I think the big barriers are how does Veeam handle a repository that is offline some of the time, and that you really want a pull model for the airgapped backup, preferably only done once it's confirmed the backup is recoverable (ie not encrypted by a cryptolocker), not an automatic push. It needs to be pull so that only the airgapped machine has the credentials to write to itself, otherwise again an attacker who gains control of Veeam can just wait for it to come online again and overwrite it. And it also allows for the user to just power it on manually when they want to make an offline copy, if they don't have a BIOS with power-on controls (although they are fairly common in my experience).jandrewartha wrote: ↑Feb 07, 2018 5:48 amIt'd be nice to having something that pulls the image, we're pondering ways to get an offline copy of our long-term (12mo+, 26TB atm) backup copy repository that's updated once a week, both for cryptolocker recovery and in case the whole server dies in a fire for some reason, we don't lose that backup history.
Right now I'm thinking a two stage backup, Veeam agent backup to our old netapp, then a small server that boots up automatically (BIOS/UEFI control?), copies the image over, emails success then shuts down again, but I'm sure this could be simplified.
And finally the specific question from that thread, how do I get a duplicate copy of an ReFS repository will all the history in it without reinflating everything?