using one server for many Linux Hardened repos: makes sense?

[tinto1970]

One of the limitations with Linux Hardened Repositories is that the hardened repo can only be connected to a single Veeam server.

This morning, while I was in the shower, I thought of a workaround for this. Here’s my idea:

• Use hardware such as an HPE Apollo.

• Install a hypervisor like ESXi (make sure to check the compatibility matrices!).

• Optionally, set up a vCenter (I would recommend it).

• Create N virtual machines, each with an appropriate disk quota, which will become Linux hardened repositories. You would create as many VMs as there are Veeam servers that need to use them.

• As per best practices, physical interfaces and virtual switches, etc., should be separated between the VMs' uplink and the ESXi/vCenter Management.

• The Management physical interfaces and those of the ILO or iDRAC should be connected to a small, dedicated switch, isolated from the rest of the network.

• For management, you could connect a fully dedicated NUC/miniPC, isolated from the network and only connected to the small switch (alternatively, you could connect to the switch with your laptop).

Does this make sense, or is it a bad idea? What do you think? Any comments and corrections are appreciated

https://blog.tinivelli.com/one-veeam-ha ... 749d5c4ffe

[HannesK]

Hello,
did you think about using cloud connect or does that lead to any incompatibilities?

Besides of that: using VMs is a valid workaround, yes. If you can ensure that the hypervisor is not hacked, then the design looks okay for me. Instead of a separate PC, I would probably just use firewall rules, but that is minor.

Best regards,
Hannes