Comprehensive data protection for all workloads
Post Reply
tinto1970
Veeam Legend
Posts: 143
Liked: 41 times
Joined: Sep 26, 2013 8:40 am
Full Name: Alessandro T.
Location: Bologna, Italy
Contact:

using one server for many Linux Hardened repos: makes sense?

Post by tinto1970 »

One of the limitations with Linux Hardened Repositories is that the hardened repo can only be connected to a single Veeam server.

This morning, while I was in the shower, I thought of a workaround for this. Here’s my idea:
  • Use hardware such as an HPE Apollo.
  • Install a hypervisor like ESXi (make sure to check the compatibility matrices!).
  • Optionally, set up a vCenter (I would recommend it).
  • Create N virtual machines, each with an appropriate disk quota, which will become Linux hardened repositories. You would create as many VMs as there are Veeam servers that need to use them.
  • As per best practices, physical interfaces and virtual switches, etc., should be separated between the VMs' uplink and the ESXi/vCenter Management.
  • The Management physical interfaces and those of the ILO or iDRAC should be connected to a small, dedicated switch, isolated from the rest of the network.
  • For management, you could connect a fully dedicated NUC/miniPC, isolated from the network and only connected to the small switch (alternatively, you could connect to the switch with your laptop).

Does this make sense, or is it a bad idea? What do you think? Any comments and corrections are appreciated

https://blog.tinivelli.com/one-veeam-ha ... 749d5c4ffe
Alessandro aka Tinto | VMCE 2024 | Veeam Legend | VCP-DCV 2023 | vExpert 2025
blog.tinivelli.com
HannesK
Product Manager
Posts: 15320
Liked: 3317 times
Joined: Sep 01, 2014 11:46 am
Full Name: Hannes Kasparick
Location: Austria
Contact:

Re: using one server for many Linux Hardened repos: makes sense?

Post by HannesK »

Hello,
did you think about using cloud connect or does that lead to any incompatibilities?

Besides of that: using VMs is a valid workaround, yes. If you can ensure that the hypervisor is not hacked, then the design looks okay for me. Instead of a separate PC, I would probably just use firewall rules, but that is minor.

Best regards,
Hannes
Post Reply

Who is online

Users browsing this forum: Amazon [Bot] and 38 guests