Considerations and Limitations
Before you install Veeam Software Appliance, consider the following:
- Install Veeam Software Appliance on a dedicated empty machine that meets the system requirements. For more information, see System Requirements.
- Review the Known Issues section of the Veeam Backup & Replication Release Notes.Backup infrastructure components communicate over specific network ports. These ports must be open. For more information, see Ports.
- When you install Veeam Software Appliance, the Rocky Linux operating system, Veeam Backup & Replication and other Veeam Software Appliance components are installed with predefined settings, including volume partitioning and user account creation. After installation is complete, you need to proceed with the initial configuration of Veeam Software Appliance, which includes setting up host users, and configuring server time and network settings.
- Before you install Veeam Software Appliance, define where the Veeam Backup & Replication server will be located. Depending on what kind of protection are you planning to use, the Veeam Backup & Replication server should be located on the source site or the Disaster Recovery site.
- When replication or CDP is used: If you plan to use replication or Continuous Data Protection (CDP), the Veeam Backup & Replication server should be deployed in the disaster recovery site. In this case, if the production host crashes, Veeam Backup & Replication will automatically fail over to the replica without any manual operations. The source backup infrastructure still can be managed with the same Veeam Backup & Replication server with the help of backup proxies deployed in the source site.
- When only backup features are used: If you plan to use Veeam Backup & Replication for backup jobs only, the backup server should be placed in the production site.
- Veeam Software Appliance uses DISA and FIPS-compliant Linux policies. These policies cannot be changed.
- Veeam Software Appliance is compliant with most DISA STIG requirements except for the following ones:
- V-270180 — The RHEL 9 fapolicy module must be configured to employ a deny-all, permit-by-exception policy to allow the execution of authorized software programs.
- V-258042 — RHEL 9 user account passwords must have a 60-day maximum password lifetime restriction.
- V-258054 — RHEL 9 must automatically lock an account when 3 unsuccessful logon attempts occur.
- V-257832 — RHEL 9 must not have the gssproxy package installed.
- V-257819 — RHEL 9 must ensure cryptographic verification of vendor software packages.
- V-257928 — All RHEL 9 world-writable directories must be owned by root, sys, bin, or an application user.
- V-257929 — A sticky bit must be set on all RHEL 9 public directories.
- V-257828 — RHEL 9 must not have the nfs-utils package installed.