-
- Service Provider
- Posts: 312
- Liked: 49 times
- Joined: Jun 30, 2015 9:13 am
- Full Name: Stephan Lang
- Location: Austria
- Contact:
re-enable the usage of immutable option for non-hardened linux repos
hi, this is kinda ah feature request or better said ah step backwards-request...
in V11 it was possible to have immutable option enabled on ah repository even when the linux host wasn't added with "single-use" credentials...
there where ah warning/information popup that its highly recommended to have the linux repo added with single-use credentials but you could just still use it with normal credentials too!!
with V12 this "hole" has been fixed as you can only enable immutable when you've added as hardened linux repositorys, that in turn only allows single-used linux hosts.
i understand that enabling immuteable with non single-use credentials in use isn't as secure as it might can be with ah correctly hardened linux implementation BUT now its even worse, let me explain:
as if for some reason its simply not possible to have ah single-use linux server, as for example these servers are also used as directSAN Backup Proxy that its impossible
not if you've an Enterprise Manager, with restore operator roles, the restore operators could un-intentionally delete backups? sure they should know what they are dooing but with the V11 configuration this was somewhat ah safenet you still had in place for human error...
i feel that this configuration has still its justification and in V12 this has been taken away.
btw. i didn't tested what happens with such configuration while V12 update... might do this in ah few days but i expect some issues, V12 Update block propably?
in V11 it was possible to have immutable option enabled on ah repository even when the linux host wasn't added with "single-use" credentials...
there where ah warning/information popup that its highly recommended to have the linux repo added with single-use credentials but you could just still use it with normal credentials too!!
with V12 this "hole" has been fixed as you can only enable immutable when you've added as hardened linux repositorys, that in turn only allows single-used linux hosts.
i understand that enabling immuteable with non single-use credentials in use isn't as secure as it might can be with ah correctly hardened linux implementation BUT now its even worse, let me explain:
as if for some reason its simply not possible to have ah single-use linux server, as for example these servers are also used as directSAN Backup Proxy that its impossible
not if you've an Enterprise Manager, with restore operator roles, the restore operators could un-intentionally delete backups? sure they should know what they are dooing but with the V11 configuration this was somewhat ah safenet you still had in place for human error...
i feel that this configuration has still its justification and in V12 this has been taken away.
btw. i didn't tested what happens with such configuration while V12 update... might do this in ah few days but i expect some issues, V12 Update block propably?
-
- Chief Product Officer
- Posts: 31969
- Liked: 7439 times
- Joined: Jan 01, 2006 1:01 am
- Location: Baar, Switzerland
- Contact:
Re: re-enable the usage of immutable option for non-hardened linux repos
In general I agree with you, however I would not call such configuration with the word "immutable" and rather something along "protect against accidental deletion" lines. @Egor Yakovlev could we look at enabling this back?
-
- Service Provider
- Posts: 312
- Liked: 49 times
- Joined: Jun 30, 2015 9:13 am
- Full Name: Stephan Lang
- Location: Austria
- Contact:
Re: re-enable the usage of immutable option for non-hardened linux repos
Gladly this can be renamed!
And thx for seeing the need for this too, it's just ah missed opportunity now to can have this enabled, as it might just be another small block for security and governance. ..
I did some tests btw, having "immutable" files on the not immutable repo, in the VM-Backup points window it still recognize them as immutable! So file Attribute is read correctly, i even thought of having ah manual script but honestly this should be necessary even more if there is ah missconfig between the "retention" times it just is ah potential issue again someone might run into ....
And thx for seeing the need for this too, it's just ah missed opportunity now to can have this enabled, as it might just be another small block for security and governance. ..
I did some tests btw, having "immutable" files on the not immutable repo, in the VM-Backup points window it still recognize them as immutable! So file Attribute is read correctly, i even thought of having ah manual script but honestly this should be necessary even more if there is ah missconfig between the "retention" times it just is ah potential issue again someone might run into ....
-
- Product Manager
- Posts: 2589
- Liked: 712 times
- Joined: Jun 14, 2013 9:30 am
- Full Name: Egor Yakovlev
- Location: Prague, Czech Republic
- Contact:
Re: re-enable the usage of immutable option for non-hardened linux repos
I will have a discussion with the teams.
/Thanks!
/Thanks!
-
- Product Manager
- Posts: 14968
- Liked: 3159 times
- Joined: Sep 01, 2014 11:46 am
- Full Name: Hannes Kasparick
- Location: Austria
- Contact:
Re: re-enable the usage of immutable option for non-hardened linux repos
Hello,
Having a direct SAN proxy or tape server on a Hardened Repository is a valid feature request. Both roles require root permissions to run (NBD proxy not, that's why we allow it in V12).
Best regards,
Hannes
did you see that or is it a question? restore operators can restore. not delete. As far as I see, you might not need Hardened Repository for your use-casethe restore operators could un-intentionally delete backups?
Additional to normal credentials, this also requires root. Root is impossible for V12 Hardened Repository and the upgrade is blocked, yes. https://www.veeam.com/kb4348 has details.also used as directSAN Backup Proxy
Having a direct SAN proxy or tape server on a Hardened Repository is a valid feature request. Both roles require root permissions to run (NBD proxy not, that's why we allow it in V12).
Best regards,
Hannes
-
- Service Provider
- Posts: 312
- Liked: 49 times
- Joined: Jun 30, 2015 9:13 am
- Full Name: Stephan Lang
- Location: Austria
- Contact:
Re: re-enable the usage of immutable option for non-hardened linux repos
hi,
i'm testing the update procedure right now, setup has ah check nice!

also the KB is nice...
https://www.veeam.com/kb4348
with my "insecure" configration there could still be ah problem now... when veeam changes this to single-use it might break configuration where the customers uses exactly what i described above (directsan, etc..)
i'm testing the update procedure right now, setup has ah check nice!

also the KB is nice...
https://www.veeam.com/kb4348
with my "insecure" configration there could still be ah problem now... when veeam changes this to single-use it might break configuration where the customers uses exactly what i described above (directsan, etc..)
-
- Product Manager
- Posts: 14968
- Liked: 3159 times
- Joined: Sep 01, 2014 11:46 am
- Full Name: Hannes Kasparick
- Location: Austria
- Contact:
Re: re-enable the usage of immutable option for non-hardened linux repos
it will break when you apply KB4348, because direct SAN proxy does not work with reduced permissions.
That design is not upgradeable and need to be fixed before upgrade.
That design is not upgradeable and need to be fixed before upgrade.
-
- Influencer
- Posts: 15
- Liked: 1 time
- Joined: Jul 28, 2020 11:35 am
- Full Name: Freddy Neuhaus
- Contact:
Re: re-enable the usage of immutable option for non-hardened linux repos
Hi
Any news regarding SANDirect-Proxy and TapeServer on hardened Repo
Best regards
Freddy
Any news regarding SANDirect-Proxy and TapeServer on hardened Repo
Best regards
Freddy
-
- Product Manager
- Posts: 14968
- Liked: 3159 times
- Joined: Sep 01, 2014 11:46 am
- Full Name: Hannes Kasparick
- Location: Austria
- Contact:
Re: re-enable the usage of immutable option for non-hardened linux repos
Hello,
Best regards,
Hannes
not in foreseeable future because of the root permissions required for that. We want to make (keep) it as secure as possible.Any news regarding SANDirect-Proxy and TapeServer on hardened Repo
Best regards,
Hannes
-
- Chief Product Officer
- Posts: 31969
- Liked: 7439 times
- Joined: Jan 01, 2006 1:01 am
- Location: Baar, Switzerland
- Contact:
Re: re-enable the usage of immutable option for non-hardened linux repos
Any service running under root dramatically increases attack surface...
-
- Service Provider
- Posts: 312
- Liked: 49 times
- Joined: Jun 30, 2015 9:13 am
- Full Name: Stephan Lang
- Location: Austria
- Contact:
-
- Chief Product Officer
- Posts: 31969
- Liked: 7439 times
- Joined: Jan 01, 2006 1:01 am
- Location: Baar, Switzerland
- Contact:
Re: re-enable the usage of immutable option for non-hardened linux repos
No, except for support for VMware Backup proxy in NBD transport mode, which is the only transport mode that does not require root privileges to function.
-
- Enthusiast
- Posts: 90
- Liked: 3 times
- Joined: Dec 24, 2022 5:19 am
- Full Name: Hirosh Arya
- Contact:
Re: re-enable the usage of immutable option for non-hardened linux repos
@Gostev @HannesK
were there any update regarding this issue, so we can utilize Hardened repository & direct SAN Proxy mode without compromising Security?
regards,
Ledwan.
were there any update regarding this issue, so we can utilize Hardened repository & direct SAN Proxy mode without compromising Security?
regards,
Ledwan.
-
- Product Manager
- Posts: 10100
- Liked: 2696 times
- Joined: May 13, 2017 4:51 pm
- Full Name: Fabian K.
- Location: Switzerland
- Contact:
Re: re-enable the usage of immutable option for non-hardened linux repos
Hi Ledwan
No.
Please see the answer from Gostev 3 days ago.
Best,
Fabian
No.
Please see the answer from Gostev 3 days ago.
Best,
Fabian
Product Management Analyst @ Veeam Software
-
- Influencer
- Posts: 13
- Liked: 1 time
- Joined: Jun 18, 2009 9:21 am
- Contact:
Re: re-enable the usage of immutable option for non-hardened linux repos
Hello,
How can I use both tape server and repository role on a unique Linux server while maintaining security against accidental deletion ?
I am working for a customer with limited ressources and I can't move tape role to an additional server.
For what I understand, it was possible in v11 (Doc) but not anymore in v12 (Doc). I understand that hardened repository is not compatible with tape role, but is this possible to use the v11 implementation (Make recent backups immutable for ...) ?
Thanks in advance !
How can I use both tape server and repository role on a unique Linux server while maintaining security against accidental deletion ?
I am working for a customer with limited ressources and I can't move tape role to an additional server.
For what I understand, it was possible in v11 (Doc) but not anymore in v12 (Doc). I understand that hardened repository is not compatible with tape role, but is this possible to use the v11 implementation (Make recent backups immutable for ...) ?
Thanks in advance !
-
- Chief Product Officer
- Posts: 31969
- Liked: 7439 times
- Joined: Jan 01, 2006 1:01 am
- Location: Baar, Switzerland
- Contact:
Re: re-enable the usage of immutable option for non-hardened linux repos
Hello, this is not currently possible however we're planning to add an option to make backups "indelible" on regular (non-hardened) Linux-based repository in a future release. So we will no longer guarantee their immutability against hackers due to vastly expanded attack surface, however it will provide protection against accidental deletion. @HannesK is leading this effort. Thanks
-
- Enthusiast
- Posts: 90
- Liked: 3 times
- Joined: Dec 24, 2022 5:19 am
- Full Name: Hirosh Arya
- Contact:
Re: re-enable the usage of immutable option for non-hardened linux repos
Hi Gostev
is there any change or update regarding this limitation? can we use hardened repository with direct san support or still only NBD mode is possible?
-
- Chief Product Officer
- Posts: 31969
- Liked: 7439 times
- Joined: Jan 01, 2006 1:01 am
- Location: Baar, Switzerland
- Contact:
Re: re-enable the usage of immutable option for non-hardened linux repos
This will not change for hardened repositories because other transport modes require running VDDK with root privileges, which means a repository can no longer be considered "hardened". But you can use these transport modes on regular (non-hardened) Linux repositories.
-
- Enthusiast
- Posts: 90
- Liked: 3 times
- Joined: Dec 24, 2022 5:19 am
- Full Name: Hirosh Arya
- Contact:
Re: re-enable the usage of immutable option for non-hardened linux repos
Hi Gostev,
we would like to make the repository hardened & use direct SAN support Mode(performane benefits, thats why we are hoping for an update. other transport modes might cause network bottlenecks for our scenario, thats why we are avoiding them.
regards,
hirosh.
we would like to make the repository hardened & use direct SAN support Mode(performane benefits, thats why we are hoping for an update. other transport modes might cause network bottlenecks for our scenario, thats why we are avoiding them.
regards,
hirosh.
-
- Service Provider
- Posts: 312
- Liked: 49 times
- Joined: Jun 30, 2015 9:13 am
- Full Name: Stephan Lang
- Location: Austria
- Contact:
Re: re-enable the usage of immutable option for non-hardened linux repos
Hi,
Is there any progress in the "indelible" backups effort?
Best regards
Steve
Is there any progress in the "indelible" backups effort?
Best regards
Steve
-
- Product Manager
- Posts: 14968
- Liked: 3159 times
- Joined: Sep 01, 2014 11:46 am
- Full Name: Hannes Kasparick
- Location: Austria
- Contact:
Re: re-enable the usage of immutable option for non-hardened linux repos
Hello,
we are making progress in the discussions how it should look like (e.g. adding four-eyes authorization). But no timeline yet.
Best regards,
Hannes
we are making progress in the discussions how it should look like (e.g. adding four-eyes authorization). But no timeline yet.
Best regards,
Hannes
-
- Enthusiast
- Posts: 90
- Liked: 3 times
- Joined: Dec 24, 2022 5:19 am
- Full Name: Hirosh Arya
- Contact:
-
- Chief Product Officer
- Posts: 31969
- Liked: 7439 times
- Joined: Jan 01, 2006 1:01 am
- Location: Baar, Switzerland
- Contact:
Re: re-enable the usage of immutable option for non-hardened linux repos
Yes, except on a regular Linux-based repository (not hardened).
-
- Enthusiast
- Posts: 90
- Liked: 3 times
- Joined: Dec 24, 2022 5:19 am
- Full Name: Hirosh Arya
- Contact:
Re: re-enable the usage of immutable option for non-hardened linux repos
Hi gostev,
i didnt understand your reply compeletly. is "indelible backups effort" exactly same as immutability feature on linux repository(hardened repository), just a different name?
or it is a different feature?
i didnt understand your reply compeletly. is "indelible backups effort" exactly same as immutability feature on linux repository(hardened repository), just a different name?
or it is a different feature?
-
- Chief Product Officer
- Posts: 31969
- Liked: 7439 times
- Joined: Jan 01, 2006 1:01 am
- Location: Baar, Switzerland
- Contact:
Re: re-enable the usage of immutable option for non-hardened linux repos
Either way this feature doesn't exist so you can ignore this completely for now. We were just discussing future plans/ideas here, but there are currently no specific timelines where this can become available. And until it's available, we can only theorize how it may look like.
Who is online
Users browsing this forum: Ahrefs [Bot], Unimatrix0 and 68 guests