New in Veeam v11: Hardened Repository – Immutable backups [Part 2]
This post is about a new feature in Veeam Backup&Replication v11: Hardened Repository. This means immutable backups. It will massively increase security on repositories. Read here how it behaves.
This post is very detailed. Therefore I split it into two part:
- Part 1 concerned with these topics:
- Part 2 (this post) is about
This section give answers to the following questions:
What happens, when…
… removing immutable restore points?
Task starts and ends up with errors. No restore point is removed.
… hacker changes date/time on Veeam server to remove files with next backup run?
Excellent question! But it will not work! Configured period of time is checked at Linux server, not at Veeam B&R Server!
[little detail: system time, not hwclock]
So a job running one year in the future will create new files, it cannot delete old ones.
… enabling feature at existing repository, not compatible with hardened repository?
Veeam checks if there are backup jobs configured with an incompatible backup chain. If found, error is shown:
… changing a backup job writing to immutable repository?
When backup chain is changed to an incompatible one, error is shown:
[Immutability repository requires configured forward
incremental with periodic full backups job settings and
… days for immutability is higher than the number of restore points?
Restore points are kept to the end of the period, defined for immutability. Notice that there is an information message in job log:
… immutability turned on on repository containing restore points?
In this case immutable flag is set on all files, according immutability period.
… immutability turned off on repository containing immutable backups?
In this case, immutable flags are kept. That makes perfect sense. Otherwise a hacker with backup administrator permissions could disable hardened repository to delete backup files. Notice: new backups are not immutable after disabling the feature.
… trying to remove restore points in GUI on files with immutable flag manually removed?
Interestingly files will not be deleted! Probably because Veeam knows, files should be protected. There will be more details on that after the release of v11.
… use immutable repository as target for copy job without GFS?
Backup copy jobs requires GFS when copied to immutable repository. If no GFS is set up, error appears.
Immutability repository requires configured GFS for]
backup copy job.
… trying to add a non-immutable repository on a Linux server hosting a immutable repository?
Currently mixing immutable with non-immutable repositories on the same Linux server is not supported. So you get an error:
There is at least one another repository with enabled immutability on server. Concurrent using Linux server as immutable and mutable repository is not allowed.]
… deploy proxy role on a Linux server with hardened repository?
Does not work in v11. When hardened repository is enabled, server cannot be backup proxy. You get an error when trying:
Specified Linux server is already used by immutable]
- If you want to know the behavior of some other situations, leave a message I will try to test it.