Limitations and Considerations
All requirements and limitations for a Linux backup repository apply to a hardened repository. In addition, mind the following limitations and considerations.
Hosts and File Systems Requirements
- Due to Veeam Data Mover requirements, the Linux host version must be 64-bit.
- Linux host file system must support extended attributes modified by the chattr and setfattr commands. For more information, see these Linux articles: lsattr, xattr.
Common Linux file systems support these attributes (XFS, EXT3 / 4, BTRFS). We recommend XFS for the hardened repository for performance and space efficiency reasons (block cloning support). Thanks to fast cloning, synthetic full backups take no physical disk space (except for metadata).
- ReiserFS, NFS and SMB file systems do not support immutable files. You cannot select a Linux server running on this file systems as a hardened repository with immutability.
- To support Linux server with the NIST 800-171 security profile, make sure the requirements listed in this Veeam KB article are met.
Limitations for Repositories
- The hardened repository cannot be shared between different Veeam Backup & Replication servers.
- If you want to store backup files in a repository with immutability, you cannot select a reverse or a forever forward incremental backup mode. Once a backup file becomes immutable, it can be merged or deleted only when the immutability time period expires. For this reason, you must enable active full backup or synthetic full backup in the backup job settings.
- NFS does not accept immutability commands from Linux. Due to this, mind the following:
- You cannot use an NFS Share as a repository with the immutability.
- You cannot use an NFS volume mounted on a Linux server as a hardened repository with immutability (needs to be Local or DAS). You can use an NFS volume mounted on a Linux server as a hardened repository without immutability.
Do not assign other roles to the hardened repository. Also, do not install any additional software including Veeam Agent for Linux. If the Veeam Backup & Replication server is compromised, an attacker might use the agent functionality to bypass protection mechanisms of the hardened repository.
- For backup copy jobs, enable the GFS retention policy. Otherwise, you will not be able to use the immutability feature. For more information, see Long-Term Retention Policy (GFS).
- The immutability feature is supported for image-level backups only. You can use a hardened repository to store NAS backups, transaction backups, RMAN, SAP HANA, SAP on Oracle backups, but you cannot use the immutability feature to protect these backups.