Hardened Repo VM v Phy

pamiller3 · Post by **pamiller3** » Nov 22, 2023 2:08 am this post

I am looking into implementing a hardened repo for immutable backups, but I am not sold on whether it must be a physical server or can I use a VM that is encrypted.

Post by **Origin 2000** » Nov 22, 2023 4:59 am this post

vCenter and ESXi are a easy target..... dont store your VM Backups within a VM on that plattform. We have VBR "management" as a VM but our data is stored outside and the linux based VMware hardenet Repository is always a phys. Server in our infrastructure.

Regards,
Joerg

d.artzen · Post by **d.artzen** » Nov 22, 2023 6:54 am this post

The problem with having the repo on a VM is, anyone with access to the hypervisor or the storage where the VM resides (either viable admins or successful attackers) could just delete the files from the datastore or the whole datastore itself and that would leave you without backups. Encrypting the VM can not prevent that. So if you really want those backups to be immutable, a physical server with either internal disks or DAS is the way to go.

Best regards
Daniel

R&D Forums

Hardened Repo VM v Phy

Re: Hardened Repo VM v Phy

Re: Hardened Repo VM v Phy

Who is online