[VHRISO] on-prem Linux repositories instead of repository.veeam.com

[Tachi]

Moderator split from veeam-backup-replication-f2/managed-har ... 96192.html

First of all, thank you so much for this incredible work !
I was wondering if we could have an option to change the official repository (https://repository.veeam.com) to a mirror of our own in order to keep the system up to date ? Our company is planning to deploy many hardened repositories for different sites, but we have limited internet access. Using the proxy setting already available could work, but we would prefer to have a local mirror to save bandwidth.

[Gostev]

Yes, we plan to make the repository address configurable centrally on all managed hardened repositories in VBR V13. Along with automatic update settings etc.

[HannesK]

@Tachi: If you can do things manually, then it's possible already today and there are different options to do it:

In both cases you need to mirror repository.veeam.com via HTTP / HTTPS to your local datacenter(s)

Option 1) Edit /etc/yum.repos.d/*.repo files and change them to your mirror.

Option 2) Edit /etc/yum.repos.d/*.repo files and switch to HTTP (that has no security impact because all packages are signed anyway). Switching to HTTP allows you to do split-DNS and you can just create an entry for repository.veeam.com in your DNS that points to your mirror


both options are manual which brings us to Anton's answer for V13

@mecki : thanks I added that system to the list above

[mc1903]

@HannesK

Do you have an details or blog post on setting up a mirror repo of repository.veeam.com in a true air gapped environment, for use with the Veeam Hardened Repository ISO v2 in VBR v12.3?

Was considering deploying it, but am blocked because of this requirement (which is mentioned in the vSphere user guide, but is missing from the Hyper-V user guide)

In addition to the standard set of ports that must be opened for a backup/hardened repository, a direct or HTTP proxy connection to repository.veeam.com on port 443 is also required for security and operating system updates. Without this connection, the GNU Privacy Guard (GPG) keys will eventually expire. Once these keys have expired, no further updates will be possible and a full re-installation of the operating system will be required.

Thanks
M

[HannesK]

no, I don't have a blog, but I would assume depending on the platform you use (Windows, Linux) there are various tools that could mirror https://repository.veeam.com/hardened-repository/ (I remember I used wget on Linux some time ago). Then point a web server (I used nginx, but any web server should do) to that folder.

I just checked the Hyper-V guide and I find the same sentence there.