Securing DD repositories from file interaction

[mrholm]

Hi
We have Data Domain as storage for our secondary/longterm backups. This is a good solution and good also since you need DD-boost API to talk to the storage. We use Network based DD-boost but I wonder if it's possible to stop Veeam from being able to access the filesystem of the DD? I can from Veeam console > Files > EMC Data Domain gain access to the file system and I guess that is done through NFS interaction form Veeam?
Is it possible to stop that intercation and not let the filesystem be shown this way within Veeam. We want to secure our secondary copies as much as possible but gaining access to Veeam console today mean that you can delete both backup (Windows Repos) and backup copies (DD repos).
Any ideas on this?
//Mats

[PetrM]

Hi Mats,

There is no possibility to disable file system browser in Veeam console, moreover NFS services must be enabled on Data Domain so that Veeam Backup & Replication server can access the storage system. I would recommend to follow the best practices for infrastructure hardening in order to protect all components of backup environment. Basically, console should be placed in DMZ but should not be installed on the local workstations of backup administrators.

Thanks!