Comprehensive data protection for all workloads
Post Reply
DaStivi
Service Provider
Posts: 312
Liked: 49 times
Joined: Jun 30, 2015 9:13 am
Full Name: Stephan Lang
Location: Austria
Contact:

re-enable the usage of immutable option for non-hardened linux repos

Post by DaStivi »

hi, this is kinda ah feature request or better said ah step backwards-request...

in V11 it was possible to have immutable option enabled on ah repository even when the linux host wasn't added with "single-use" credentials...
there where ah warning/information popup that its highly recommended to have the linux repo added with single-use credentials but you could just still use it with normal credentials too!!

with V12 this "hole" has been fixed as you can only enable immutable when you've added as hardened linux repositorys, that in turn only allows single-used linux hosts.

i understand that enabling immuteable with non single-use credentials in use isn't as secure as it might can be with ah correctly hardened linux implementation BUT now its even worse, let me explain:

as if for some reason its simply not possible to have ah single-use linux server, as for example these servers are also used as directSAN Backup Proxy that its impossible
not if you've an Enterprise Manager, with restore operator roles, the restore operators could un-intentionally delete backups? sure they should know what they are dooing but with the V11 configuration this was somewhat ah safenet you still had in place for human error...

i feel that this configuration has still its justification and in V12 this has been taken away.


btw. i didn't tested what happens with such configuration while V12 update... might do this in ah few days but i expect some issues, V12 Update block propably?
Gostev
Chief Product Officer
Posts: 31969
Liked: 7439 times
Joined: Jan 01, 2006 1:01 am
Location: Baar, Switzerland
Contact:

Re: re-enable the usage of immutable option for non-hardened linux repos

Post by Gostev » 1 person likes this post

In general I agree with you, however I would not call such configuration with the word "immutable" and rather something along "protect against accidental deletion" lines. @Egor Yakovlev could we look at enabling this back?
DaStivi
Service Provider
Posts: 312
Liked: 49 times
Joined: Jun 30, 2015 9:13 am
Full Name: Stephan Lang
Location: Austria
Contact:

Re: re-enable the usage of immutable option for non-hardened linux repos

Post by DaStivi »

Gladly this can be renamed!
And thx for seeing the need for this too, it's just ah missed opportunity now to can have this enabled, as it might just be another small block for security and governance. ..

I did some tests btw, having "immutable" files on the not immutable repo, in the VM-Backup points window it still recognize them as immutable! So file Attribute is read correctly, i even thought of having ah manual script but honestly this should be necessary even more if there is ah missconfig between the "retention" times it just is ah potential issue again someone might run into ....
Egor Yakovlev
Product Manager
Posts: 2589
Liked: 712 times
Joined: Jun 14, 2013 9:30 am
Full Name: Egor Yakovlev
Location: Prague, Czech Republic
Contact:

Re: re-enable the usage of immutable option for non-hardened linux repos

Post by Egor Yakovlev »

I will have a discussion with the teams.
/Thanks!
HannesK
Product Manager
Posts: 14968
Liked: 3159 times
Joined: Sep 01, 2014 11:46 am
Full Name: Hannes Kasparick
Location: Austria
Contact:

Re: re-enable the usage of immutable option for non-hardened linux repos

Post by HannesK »

Hello,
the restore operators could un-intentionally delete backups?
did you see that or is it a question? restore operators can restore. not delete. As far as I see, you might not need Hardened Repository for your use-case
also used as directSAN Backup Proxy
Additional to normal credentials, this also requires root. Root is impossible for V12 Hardened Repository and the upgrade is blocked, yes. https://www.veeam.com/kb4348 has details.

Having a direct SAN proxy or tape server on a Hardened Repository is a valid feature request. Both roles require root permissions to run (NBD proxy not, that's why we allow it in V12).

Best regards,
Hannes
DaStivi
Service Provider
Posts: 312
Liked: 49 times
Joined: Jun 30, 2015 9:13 am
Full Name: Stephan Lang
Location: Austria
Contact:

Re: re-enable the usage of immutable option for non-hardened linux repos

Post by DaStivi »

hi,
i'm testing the update procedure right now, setup has ah check nice!
Image

also the KB is nice...
https://www.veeam.com/kb4348

with my "insecure" configration there could still be ah problem now... when veeam changes this to single-use it might break configuration where the customers uses exactly what i described above (directsan, etc..)
HannesK
Product Manager
Posts: 14968
Liked: 3159 times
Joined: Sep 01, 2014 11:46 am
Full Name: Hannes Kasparick
Location: Austria
Contact:

Re: re-enable the usage of immutable option for non-hardened linux repos

Post by HannesK »

it will break when you apply KB4348, because direct SAN proxy does not work with reduced permissions.

That design is not upgradeable and need to be fixed before upgrade.
FreddyN
Influencer
Posts: 15
Liked: 1 time
Joined: Jul 28, 2020 11:35 am
Full Name: Freddy Neuhaus
Contact:

Re: re-enable the usage of immutable option for non-hardened linux repos

Post by FreddyN »

Hi

Any news regarding SANDirect-Proxy and TapeServer on hardened Repo

Best regards
Freddy
HannesK
Product Manager
Posts: 14968
Liked: 3159 times
Joined: Sep 01, 2014 11:46 am
Full Name: Hannes Kasparick
Location: Austria
Contact:

Re: re-enable the usage of immutable option for non-hardened linux repos

Post by HannesK »

Hello,
Any news regarding SANDirect-Proxy and TapeServer on hardened Repo
not in foreseeable future because of the root permissions required for that. We want to make (keep) it as secure as possible.

Best regards,
Hannes
Gostev
Chief Product Officer
Posts: 31969
Liked: 7439 times
Joined: Jan 01, 2006 1:01 am
Location: Baar, Switzerland
Contact:

Re: re-enable the usage of immutable option for non-hardened linux repos

Post by Gostev »

Any service running under root dramatically increases attack surface...
DaStivi
Service Provider
Posts: 312
Liked: 49 times
Joined: Jun 30, 2015 9:13 am
Full Name: Stephan Lang
Location: Austria
Contact:

Re: re-enable the usage of immutable option for non-hardened linux repos

Post by DaStivi »

HannesK wrote: Jul 20, 2023 11:58 am Hello,
not in foreseeable future because of the root permissions required for that. We want to make (keep) it as secure as possible.
Best regards,
Hannes
@Gostev

Was there any recent change to this behavior?
Gostev
Chief Product Officer
Posts: 31969
Liked: 7439 times
Joined: Jan 01, 2006 1:01 am
Location: Baar, Switzerland
Contact:

Re: re-enable the usage of immutable option for non-hardened linux repos

Post by Gostev »

No, except for support for VMware Backup proxy in NBD transport mode, which is the only transport mode that does not require root privileges to function.
Hirosh
Enthusiast
Posts: 90
Liked: 3 times
Joined: Dec 24, 2022 5:19 am
Full Name: Hirosh Arya
Contact:

Re: re-enable the usage of immutable option for non-hardened linux repos

Post by Hirosh »

@Gostev @HannesK

were there any update regarding this issue, so we can utilize Hardened repository & direct SAN Proxy mode without compromising Security?

regards,
Ledwan.
Mildur
Product Manager
Posts: 10100
Liked: 2696 times
Joined: May 13, 2017 4:51 pm
Full Name: Fabian K.
Location: Switzerland
Contact:

Re: re-enable the usage of immutable option for non-hardened linux repos

Post by Mildur »

Hi Ledwan

No.
Please see the answer from Gostev 3 days ago.

Best,
Fabian
Product Management Analyst @ Veeam Software
arno
Influencer
Posts: 13
Liked: 1 time
Joined: Jun 18, 2009 9:21 am
Contact:

Re: re-enable the usage of immutable option for non-hardened linux repos

Post by arno »

Hello,
How can I use both tape server and repository role on a unique Linux server while maintaining security against accidental deletion ?
I am working for a customer with limited ressources and I can't move tape role to an additional server.

For what I understand, it was possible in v11 (Doc) but not anymore in v12 (Doc). I understand that hardened repository is not compatible with tape role, but is this possible to use the v11 implementation (Make recent backups immutable for ...) ?
Thanks in advance !
Gostev
Chief Product Officer
Posts: 31969
Liked: 7439 times
Joined: Jan 01, 2006 1:01 am
Location: Baar, Switzerland
Contact:

Re: re-enable the usage of immutable option for non-hardened linux repos

Post by Gostev » 1 person likes this post

Hello, this is not currently possible however we're planning to add an option to make backups "indelible" on regular (non-hardened) Linux-based repository in a future release. So we will no longer guarantee their immutability against hackers due to vastly expanded attack surface, however it will provide protection against accidental deletion. @HannesK is leading this effort. Thanks
Hirosh
Enthusiast
Posts: 90
Liked: 3 times
Joined: Dec 24, 2022 5:19 am
Full Name: Hirosh Arya
Contact:

Re: re-enable the usage of immutable option for non-hardened linux repos

Post by Hirosh »

Gostev wrote: Mar 07, 2024 10:55 am No, except for support for VMware Backup proxy in NBD transport mode, which is the only transport mode that does not require root privileges to function.
Hi Gostev

is there any change or update regarding this limitation? can we use hardened repository with direct san support or still only NBD mode is possible?
Gostev
Chief Product Officer
Posts: 31969
Liked: 7439 times
Joined: Jan 01, 2006 1:01 am
Location: Baar, Switzerland
Contact:

Re: re-enable the usage of immutable option for non-hardened linux repos

Post by Gostev »

This will not change for hardened repositories because other transport modes require running VDDK with root privileges, which means a repository can no longer be considered "hardened". But you can use these transport modes on regular (non-hardened) Linux repositories.
Hirosh
Enthusiast
Posts: 90
Liked: 3 times
Joined: Dec 24, 2022 5:19 am
Full Name: Hirosh Arya
Contact:

Re: re-enable the usage of immutable option for non-hardened linux repos

Post by Hirosh »

Hi Gostev,

we would like to make the repository hardened & use direct SAN support Mode(performane benefits, thats why we are hoping for an update. other transport modes might cause network bottlenecks for our scenario, thats why we are avoiding them.

regards,
hirosh.
DaStivi
Service Provider
Posts: 312
Liked: 49 times
Joined: Jun 30, 2015 9:13 am
Full Name: Stephan Lang
Location: Austria
Contact:

Re: re-enable the usage of immutable option for non-hardened linux repos

Post by DaStivi »

Hi,
Is there any progress in the "indelible" backups effort?
Best regards
Steve
HannesK
Product Manager
Posts: 14968
Liked: 3159 times
Joined: Sep 01, 2014 11:46 am
Full Name: Hannes Kasparick
Location: Austria
Contact:

Re: re-enable the usage of immutable option for non-hardened linux repos

Post by HannesK »

Hello,
we are making progress in the discussions how it should look like (e.g. adding four-eyes authorization). But no timeline yet.

Best regards,
Hannes
Hirosh
Enthusiast
Posts: 90
Liked: 3 times
Joined: Dec 24, 2022 5:19 am
Full Name: Hirosh Arya
Contact:

Re: re-enable the usage of immutable option for non-hardened linux repos

Post by Hirosh »

DaStivi wrote: Sep 05, 2024 7:23 pm Hi,
Is there any progress in the "indelible" backups effort?
Best regards
Steve
is indelible backup effort, the same immutable backup?
Gostev
Chief Product Officer
Posts: 31969
Liked: 7439 times
Joined: Jan 01, 2006 1:01 am
Location: Baar, Switzerland
Contact:

Re: re-enable the usage of immutable option for non-hardened linux repos

Post by Gostev »

Yes, except on a regular Linux-based repository (not hardened).
Hirosh
Enthusiast
Posts: 90
Liked: 3 times
Joined: Dec 24, 2022 5:19 am
Full Name: Hirosh Arya
Contact:

Re: re-enable the usage of immutable option for non-hardened linux repos

Post by Hirosh »

Hi gostev,

i didnt understand your reply compeletly. is "indelible backups effort" exactly same as immutability feature on linux repository(hardened repository), just a different name?
or it is a different feature?
Gostev
Chief Product Officer
Posts: 31969
Liked: 7439 times
Joined: Jan 01, 2006 1:01 am
Location: Baar, Switzerland
Contact:

Re: re-enable the usage of immutable option for non-hardened linux repos

Post by Gostev »

Either way this feature doesn't exist so you can ignore this completely for now. We were just discussing future plans/ideas here, but there are currently no specific timelines where this can become available. And until it's available, we can only theorize how it may look like.
Post Reply

Who is online

Users browsing this forum: Ahrefs [Bot], Unimatrix0 and 68 guests