Requirements and Limitations

For the hardened repository, consider the following requirements and limitations.

Linux Server

The role of the hardened repository can be assigned to a Linux machine with local or remotely attached block storage. The machine must meet system requirements for backup repository servers. The Linux distribution must be 64-bit due to Veeam Data Mover requirements.

Note

To reduce the attack surface, use a physical machine with local storage. For RAID configuration, recommendations are the following:

[For the operating system] RAID 1 on SSDs with at least 100 GB disk space should be used.
[For backup data] RAID 6/60 with write-back cache should be used. At least one disk must be configured for the drive roaming.
Internal disk cache must be disabled.
RAID stripe size should be 128 or 256 KB.

The Linux machine file system must support immutable files and extended attributes modified by the chattr and setxattr commands. We recommend using XFS for performance and space efficiency reasons (block cloning support).

You must add the Linux machine to the Veeam Backup & Replication console as a managed server. The hardened repository cannot be shared between different Veeam Backup & Replication servers.
The Linux machine must have redundant network connection.

Repository

To store backup files in a repository, use only a forward incremental backup method with enabled active full backup or synthetic full backup. Once a backup file becomes immutable, it can be merged or deleted only when the immutability time period expires. For this reason, you cannot select a reverse or a forever forward incremental backup method.

For importing a backup, use VBK backup files. Metadata files of a backup chain (.VBM) cannot be immutable because they are updated on every job pass.
Hardened repositories do not support rotated drives. For more information about rotated drives, see this section.

Immutability Feature

To use the immutability feature for backup copy jobs, enable the GFS retention policy. For more information, see Long-Term Retention Policy (GFS).

Do not use the immutability feature for a Nutanix Mine infrastructure. As Mine repositories contain thin-provisioned disks, there may be the case when Veeam Backup & Replication uses full storage capacity of a repository and cannot delete backup files from the file system.