Hardened Repository

In this article

    Veeam Backup & Replication allows you to make a hardened repository using a Linux server as a storage. A hardened repository protects your backup files from loss as a result of malware activity or unplanned actions with the help of the following features:

    • Single-use credentials: credentials that are used only once to deploy Veeam Data Mover while adding the Linux server to the backup infrastructure. These credentials are not stored in the backup infrastructure, so that backups files will be safe even if the Veeam Backup & Replication server is compromised.
    • Immutability: when you add a Linux repository, you can select the Make recent backups immutable for check box and specify the time period while backup files must be immutable. During this period, backup files stored in this repository cannot be modified or deleted.

    How Immutability Works

    After you add a hardened repository with immutability:

    1. Veeam Backup & Replication creates a .veeam.N.lock file with the information about immutability time period of each backup file in the active chain. The .veeam.N.lock files are stored on a Linux host.
    2. Backup files become immutable for the configured time period (minimum 7 days, maximum — 9999). The immutability period is extended only for the active backup chain. If there are several chains in the backup, then Veeam Backup & Replication does not extend the immutability for old backups in the chain.
    3. After the time period expiration, Veeam Backup & Replication makes backup files non-immutable again so they can be deleted or modified.

    The count of the immutability period indicated in the backup repository settings starts from the moment the last restore point in the active chain is created. For example:

    • The full backup file of the active backup chain was created on January 12. The first increment was created on January 13. The second and last increment was created on January 14.
    • The immutability period indicated at the backup repository settings is 10 days.
    • The backup files will be immutable until January 24: the date of the last restore point creation (January 14) + 10 days.

    Supported Job Types

    The hardened repository supports backups created with the following types of jobs:

    • VMware, Hyper-V VM backup jobs and backup copy jobs created by Veeam Backup & Replication
    • Backup copy jobs for backups created by Veeam Backup for Azure, Veeam Backup for AWS and Veeam Backup for Google Cloud Platform
    • Physical machines backup jobs created by Veeam Agents (Windows, Linux, MAC, AIX, Solaris)
    • vCD VM backup jobs
    • VeeamZIP backup jobs
    • Nutanix AHV VM backup jobs and backup copy jobs created by Veeam Backup for Nutanix AHV
    • RHV VM backup jobs and backup copy jobs created by Veeam Backup for Red Hat Virtualization


    You can store backup files and backup copy files of NAS backup jobs, transaction log backup jobs, RMAN/SAP HANA/SAP on Oracle backups jobs in a hardened repository with immutability, but these files will not be immutable.

    In This Section