Discussions specific to the VMware vSphere hypervisor
Post Reply
brighton0725
Influencer
Posts: 14
Liked: 1 time
Joined: Aug 13, 2020 2:24 am
Full Name: Takashi Kobayashi
Contact:

about OS on proxy server when using Hardened Repository

Post by brighton0725 »

Hello

I have planned Hardened Repository because I want to use immutability.

In this case, which Linux or Windows should I select as Proxy Server's OS?
Is it ok I select Windows OS?

Andreas Neufert
VP, Product Management
Posts: 6146
Liked: 1278 times
Joined: May 04, 2011 8:36 am
Full Name: Andreas Neufert
Location: Germany
Contact:

Re: about OS on proxy server when using Hardened Repository

Post by Andreas Neufert » 1 person likes this post

Hello Takashi,

the Proxy operating system and other roles do not really matter if you want to use the Hardened Repository

brighton0725
Influencer
Posts: 14
Liked: 1 time
Joined: Aug 13, 2020 2:24 am
Full Name: Takashi Kobayashi
Contact:

Re: about OS on proxy server when using Hardened Repository

Post by brighton0725 »

Thank you for your reply, Andreas.

When it is used non-root user account for connecting to the Hardened Repository from Proxy Server, should I select Windows OS for Proxy Server?

I guess it is not good security because proxy server uses root account when proxy server is Linux OS.

Is my understanding correct?

Regards,

Andreas Neufert
VP, Product Management
Posts: 6146
Liked: 1278 times
Joined: May 04, 2011 8:36 am
Full Name: Andreas Neufert
Location: Germany
Contact:

Re: about OS on proxy server when using Hardened Repository

Post by Andreas Neufert »

The Hardened Repository can not host any other Veeam role for security reasons.
The Hardened Repository work with a one time password that is not stored to rollout the software and then there is no username/password used from there on.

All other roles need Administrator or Root user access. Same on the Backup & Replication Server.

So you need a Backup & Replication Server (win physical server or VM) and a Proxy (Win/Linux). Proxy can be as well the Veeam Server.
The main point is that you securely store the backups on the hardened repository, and no one can delete the data even if they got Administrator access within Veeam.

The Hardened Repository Server need to be a physical server that is only connected on the data side. Do not connect ILO or management interfaces. Basically that only the physical server access can destroy raid or manipulate hardware.

mriesenbeck
Enthusiast
Posts: 30
Liked: 3 times
Joined: Apr 07, 2021 10:07 am
Full Name: Michael Riesenbeck
Contact:

Re: about OS on proxy server when using Hardened Repository

Post by mriesenbeck » 1 person likes this post

brighton0725 wrote: Sep 28, 2021 10:41 am Thank you for your reply, Andreas.

When it is used non-root user account for connecting to the Hardened Repository from Proxy Server, should I select Windows OS for Proxy Server?

I guess it is not good security because proxy server uses root account when proxy server is Linux OS.

Is my understanding correct?

Regards,
If you mean that you want to use a hardened repo for immu which can only be done on Linux and the use a linux or windows proxy in conjunction, that is possible. If you use a Linux for proxy, you don't need root permissions once the configuration is done. I use the veeamhubrepo tool to secure the proxy (even though it's mainly meant for hardened immu repo), so even SSH is off and only the veeam processes are listening on ports. The only thing you need to do when doing Veeam upgrades is temporarily open ssh and after the upgrade stop it again.

Post Reply

Who is online

Users browsing this forum: No registered users and 10 guests