Requirements and Limitations

For the hardened repository, consider the following requirements and limitations.

Linux Server

Note

To reduce the attack surface, use a physical machine with local storage. For RAID configuration, recommendations are the following:

  • [For the operating system] RAID 1 on SSDs with at least 100 GB disk space should be used.
  • [For backup data] RAID 6/60 with write-back cache should be used. At least one disk must be configured for the drive roaming.
  • Internal disk cache must be disabled.
  • RAID stripe size should be 128 or 256 KB.

 

  • The Linux distribution must be 64-bit due to Veeam Data Mover requirements. If you use the following Linux distributions, you also need to upgrade Veeam Backup & Replication to version 12.1.2 (build 12.1.2.172):
    • RHEL 8 and 9 with DISA STIG profile enabled.
    • Rocky Linux 8 and 9 with DISA STIG profile enabled.
  • The Linux machine file system must support immutable files and extended attributes modified by the chattr and setxattr commands. We recommend using XFS for performance and space efficiency reasons (block cloning support).
  • As the hardened repository requires the block storage, you cannot use the following storage types:
    • NFS share or a Linux machine with the mounted NFS volume.
    • ⁠A Linux machine with the mounted SMB (CIFS) volume.
  • Depending on the Linux distribution, Veeam services use one of the following Linux firewall managers to operate correctly:
    • firewalld
    • ufw
    • iptables
    • [For IPv6] ip6tables

If none of these firewall managers are installed, make sure that you open all required ports manually. For more information, see Ports.

  • You must add the Linux machine to the Veeam Backup & Replication console as a managed server. The hardened repository cannot be shared between different Veeam Backup & Replication servers.
  • The Linux machine should have redundant network connection.

Repository

  • To store backup files in a repository, use only a forward incremental backup method with enabled active full backup or synthetic full backup. Once a backup file becomes immutable, it can be merged or deleted only when the immutability time period expires. For this reason, you cannot select a reverse or a forever forward incremental backup method.
  • For importing a backup, use VBK backup files. Metadata files of a backup chain (.VBM) cannot be immutable because they are updated on every job pass.
  • For security reasons, you cannot assign the role of the gateway server to the hardened repository. If you use backup copy and file copy jobs, the role of the gateway server must be assigned to the mount server associated with the hardened repository. For more information, see Gateway Selection.
  • Starting from version 12.1 (build 12.1.0.2131), Veeam Backup & Replication does not support symlinks in the path to the hardened repository.

Immutability Feature

  • Do not use the immutability feature for a Nutanix Mine infrastructure. As Mine repositories contain thin-provisioned disks, there may be the case when Veeam Backup & Replication uses full storage capacity of a repository and cannot delete backup files from the file system.

Page updated 5/27/2024

Page content applies to build 12.1.2.172