Veeam hardened repository installation Publication date: March Mar 12, 2025 · Veeam Hardened Repository is a WORM storage solution that protects against unwanted changes to the backup files. The Veeam Hardened Repository is delivered as a bootable ISO. It merely means that the backup files cannot be changed or deleted from the Linux server’s storage without having root access. 8) can be found here under Extension and Other. com Firmware updates are mandatory for running a Veeam hardened repository on an HPE Alletra Storage Server 4120 system. Jul 17, 2023 · At VeeamON 2023 Christoph Meyer, Hannes Kasparick and Rick Vanover from Veeam announced a pre-built ISO for the deployment of a Veeam Hardened Repository. 4) base. 1 with Hardened Repo - R&D Forums R&D Forums Sep 12, 2024 · Even if the Veeam Backup & Replication server is compromised, the attacker cannot get the credentials and connect to the hardened repository. g. Sep 1, 2014 · Very likely there is a workaround: if you edit the the "Install Hardened Repository (deletes all data)" boot menu entry and you add "inst. For Veeam, this is the Veeam Hardened Repository (VHR). On the Time and Date screen, set your time zone and specify any NTP or NTS servers you want to use. See full list on veeam. Apr 16, 2025 · SSH connection is necessary only for the deployment and upgrade of Veeam Data Mover and can be disabled after you add the hardened repository to the backup infrastructure. May 29, 2020 · As a Windows admin, having only smelled to Linux, I decided to set up an immutable repository, thinking, how hard can that be? It is, because everywhere (including official guides by Veeam) some knowledge is taken for granted - you just do this and that, often black talk, when you don't even know what distribution to use. This solution provide an easier way to install a Hardened Repository in your backup infrastructure to have immutable backups. I will post a quick guide later but for anyone else who deploys and wonders. Jan 28, 2025 · To install a hardened repository, on the boot screen, select Install Hardened Repository. By supporting generic Linux servers, Veeam ensures that customers always have a choice about their hardware without vendor lock-in. There are several good posts out there on how to do so, including a couple of my favorites from @HannesK and Paolo Valsecchi here and here , respectively. Veeam VHR stands for Veeam Hardened Repository and it is basically a stripped down Linux distro which allows you to install and configure ransomware-proof repository that you can use to secure your backups as those are protected by immutability out of the box. Nov 5, 2009 · The issue shown below complaining about the Storage: The VM above is deployed with the Guest OS Version: CentOS 8 (64-bit) and these: Could you please let me know how to resolve the issue mentioned above? The Veeam Cookbook Series . Feb 18, 2025 · What Is the Veeam Hardened Repository ISO? The Veeam Hardened Repository ISO is a Linux-based solution that secures backup data by making it immutable. Lenovo recommends that you update the entire system to the latest UpdateXpress System Pack (UXSP) level before you deploy the server into a production environment. A re-installation should not be needed. Since we have to wait until an ISO is provided. Note: on 29th January 2025, Veeam has released the new Veeam Hardened Repository ISO 2. Dec 15, 2023 · Instituting immutability with the Veeam Hardened Repository has certainly gained traction, and for good reason. WORM Storage with Veeam Hardened Repository . That makes repository management easier. The idea is to dramatically simplify the provisioning experience while eliminating (or at least reducing) the need for any Linux expertise. Ingredients: This linux script can be used to apply hardening settings based on DISA STIG to Veeam Hardened Linux Repository. Oct 23, 2024 · Installing from Veeam Hardened Repository ISO; Configuring Server as Hardened Repository; Repairing Veeam Hardened Repository ISO; Using Live System; Adding Hardened Repositories. Create the new Hardened Repository using iSCSI in Veeam. For more information, see Post-Installation . Default username: vhradminPassword (changed on first use): vhradmin Jun 6, 2023 · Veeam Hardened Repository (VHR) can be created on Linux and as many IT admins aren't expert in the Linux environment, Veeam has done a heavy job and created an ISO image of Ubuntu with a script inside of that ISO, and this script is an automated script which does the hardening. ) Aug 20, 2024 · This section includes security considerations for installing and configuring the Linux server that will be used as a hardened repository. As the update process can change over time, follow the instructions in the HPE Alletra Storage Server 4120 Setup and Installation Guide. So then if I restart the repository server, which credential is used to start the veeam transport service? thanks Jul 12, 2016 · Even better still, could there be any plans for a custom Veeam linux distro, which you can basically install ONLY for the purposes of a linux hardened repository? (Virtual Appliance could work as well, but then requires the virtual infrastructure abstraction, aka, more attack surface area. That is, a repository that supports Immutability. Step 3: Add the backup repository role to the Linux server and enable the immutability feature. 4. Assigned the correct permissions, it's time to test the Hardened Repository using iSCSI. This allowed the components to install and I then reversed the changes made to the user and ssh. This builds on the existing feature that allows you to store your Veeam backups in our S3 Compatible Object storage using the Object Lock API. The Veeam Cookbook Series . Jan 16, 2024 · Test the Hardened Repository. Yes, this is documented in the first post of this topic: all volumes except the operating system volume are combined to one large logical volume. Nov 3, 2020 · tested this great ISO with a VM, but now I'm having issues when trying to add the new hardened repo to the veeam server: SSH-connection is fine, but then it fails during the installation of the installer service Jan 23, 2023 · The Veeam Hardened Repository is Veeam’s native solution to provide trusted immutability for backups of Veeam Backup & Replication on a Linux server. Latest release notes with installation instructions can be found here. Sep 2, 2021 · I'm just posting the script I use to automate setup of my Ubuntu 20. david, welcome to the forums. A hardened repository protects your backup files from loss as a result of malware activity or unplanned actions with the help of Single-use credentials and Immutability. We do not recommend you to install Veeam Backup & Replication and its components on mission-critical machines in the production environment such as vCenter Server, Domain Controller, Microsoft Exchange Server, Small Business Server/ Windows Server Essentials and so on. Coexistence with Mission-Critical Production Servers. 1 with Hardened Repo of Veeam Backup & Replication Upgrade of VBR to 12. Recipe: Adding Linux Servers to Veeam Infrastructure for a Hardened Repository Expected deliverables: A Linux server added to Veeam Infrastructure and ready to be used as a Hardened Repository. Step 1. This solutions requires that you have some basic Linux skills to configure and administer the Veeam Hardened Repository. Specify Hardened Repository Name and Description; Step 3. You can read more here, and pay attention to the external factors for adequate protection. Download and run it on fresh Ubuntu 20. At the SSH Setup step of the installation wizard, select the Install OpenSSH server check box. Feb 12, 2025 · New release of popular Veeam VHR ISO v2 made its apparition in the download section recently. Nov 19, 2014 · For the hardened linux repository server, it is suggested to delete the single use credentials after the immutable repository is added to the VBR server. Dec 21, 2023 · Open your Veeam console and navigate to Backup infrastructure > Add Repository > Direct Attached storage > Linux > Add New (provide IP) and Add credentials. 04 to use as hardened repository. Veeam Hardened Repository passed an external audit for WORM storage and meets highest compliance standards. nompath" to the boot options, then it should work. Can you provide the official support statement that Veeam Support is making about "Veeam agent for Linux is not supported on Linux servers that hold the hardened repository role. Time to complete: 5 minutes. I then restored the configuration backup and plugged the hardened repository directly into the physical server. Configure Hardened Nov 3, 2022 · Starting in Veeam Backup & Replication 12, the Linux Server associated with a Hardened Repository using Immutability may only be added using single-use credentials. Ingredients: Mar 11, 2025 · The Veeam Hardened Repository is a native solution to Veeam and it provides trusted immutability for backups of Veeam Backup and Replication on a Linux server. We welcome contributions from the community! We Apr 15, 2025 · After you add a hardened repository to the backup infrastructure, you must remove this user account from the sudo group. We will practically describe the deployment of Managed Hardened Repository and its use for storing backups. The ISO is based on Ubuntu 20. Pick the Single-use credentials for the hardened repository. It’s available since version 11. That means you can follow the “Install DISA STIG Red Hat Linux for Veeam Repository” blog post I wrote earlier and skip the license part for successful installation. Oct 29, 2024 · Point Veeam Backup & Replication at the newly added hardened repository with tenant data. Mar 12, 2025 · Hi holland. I will update the thread once we have more information on how to get it working "out of the box" Jun 22, 2020 · I used Windows Server Backup to backup the Veeam server and performed a bare metal restore to a physical server. Configure Hardened Nov 14, 2024 · Select Products – Extensions and Others – Veeam Hardened Repository ISO. Sep 1, 2014 · Just tried the latest ISO of hardened linux Veeam repository in my LAB and worked like a champ. Jan 25, 2022 · In a series of posts, I will discuss one of the new and interesting features of the Veeam Backup and Replication v11 to securely backup and restore data (Hardened Repository). ". Although it’s not recommended, in this example I will use a virtual machine with two disks. Jul 26, 2024 · Moderator split as the topic changed from Hardened Repository ISO to general Rocky / Red Hat Linux installation: the original topic is here My understanding of the purpose of the ISO, is two fold. May 17, 2023 · After selecting the right hardware for the Veeam Backup & Replication Hardened Repository and installing the Ubuntu Linux operating system, the next step is secure the operating system according to the DISA STIG (Defense Information Systems Agency Security Technical Implementation Guides) guidelines. 0. The hardened repository is connected directly to the Veeam Apr 15, 2025 · After you add a hardened repository to the backup infrastructure, you must remove this user account from the sudo group. Note For security reasons, you cannot assign other roles to the hardened repository. As mentioned earlier, Rocky Linux is a Red Hat Enterprise Linux clone. UBTU-20-010047 The Ubuntu operating system must not allow unattended or automatic login through SSH. The next time I upgrade I plan to do this before the install to make the process smoother. I was strugling first to deploy it on ProxMOX lab server but got stucked with Secure boot. Open the Veeam Backup & Replication console and configure the new Hardened Repository (follow this step-by-step procedure). This step differs depending on whether you want to switch a simple backup repository or a performance extent of a scale-out backup repository to a hardened repository. Pre-Hardened OS configurations: Dec 6, 2023 · Hello, you mention the kb 4250 are you running an hardened OS? What about fapolicy? Did you set temporary unsecure umask as 022 as suggested on the kb?. Jun 28, 2024 · Since I wrote my blog post about how to install and harden Ubuntu Linux for Veeam Hardened Repository about a year ago, I get questions on how to do the same with Red Hat Enterprise Linux (RHEL). Recommendations are based on Security Technical Implementation Guides (STIGs) created and maintained by the Defense Information Systems Agency (DISA) for Red Hat Enterprise Linux (RHEL) 9. This ensures that data cannot be modified, deleted, or encrypted by unauthorized parties, even in the event of a ransomware attack. I re-scanned the hardened repository for good measure then attempted a guest file restore. In this blog post, I would like to explain the basic installation of a hardened repository with Rocky-Linux as well as the multihoming of a hardened repository in […] Mar 15, 2025 · Servers qualified to support Veeam deployments using the official Veeam Appliance ISO file, through compatibility testing and documentation of recommended configuration through screenshots . The ISO installs Rocky Jun 22, 2020 · I managed to get it sorted out by logging in locally to the repository, temporarily adding the single use credentials back to the sudo group and enabling ssh. The security of your backup infrastructure should start with and center around Immutable storage. 1 Paolo Valsecchi 04/05/2021 39 Comments Reading Time: 5 minutes The new Veeam Backup & Replication 11 provides the capability to have immutable backups leveraging Linux with the Hardened Repository. Oct 1, 2024 · The Managed Hardened Repository ISO is an installation ISO to correctly install a Veeam Hardened Repository with Veeam’s best practices and a full hardening. On the Network & Host Name screen, specify a hostname or leave it empty. Select Veeam Data Platform – Extensions and Others – Veeam Hardened Repository ISO. May 4, 2021 · Veeam v11: Hardened Repository (Immutability) installation - pt. Veeam also allows customers to use their trusted Linux Dec 8, 2024 · First: Veeam Hardened repository. 04 LTS, and will automatically harden the server so that it's compliant to DISA STIG. As it, it can process only 1 disk. I have deployed this on Hyperv 2025 evaluation as a VM and works as expected. For the setup and the configuration see: Veeam Managed Hardened Repository installation and configuration. The repository allows organizations to set a retention period Sep 12, 2024 · This section includes security considerations for installing and configuring the Linux server that will be used as a hardened repository. Jan 1, 2006 · For networking: bonding can also be configured in the advanced networking section in the Hardened Repository Configurator. Additional resources: Selecting Hardware and Setting Up Environment for Veeam Hardened Repository Oct 29, 2024 · Hello, An option in the Hardened Repository Configurator to add more disks is planned. Paolo Valsecchi 05/02/2022 You can replace a "regular" repository with a Hardened Repository or you can have an additional repository to store for example backup copies of your existing Nov 3, 2024 · This article is about Veeam Hardened Repository. This tool is community supported and not an officially supported Veeam product. Nicely done. Note For security reasons, you cannot assign other roles to the hardened repository except for the VMware backup proxy working in the Network mode. Article ID: N/A : Veeam product(s): Veeam Backup & Replication 12 . Jan 19, 2021 · Veeam hardened Linux repository in v11 provides immutability. 04 installation. It is built on a server with a Linux operating system and storage space. Then, do the following: On the Keyboard screen, add your preferred keyboard layouts. Don't hesitate to say me if something is wrong or can be optimized May 6, 2021 · During the day, I run a Veeam second copy job that backs up the most important backups from the normal Veeam repository to a hardened Linux NFS NAS with XFS. The Veeam Hardened Repository ISO (v2. Recommendations are based on Security Technical Implementation Guides (STIGs) created and maintained by the Defense Information Systems Agency (DISA) for Ubuntu 20. Mar 9, 2025 · The purpose of this blog post is to provide the guidance, and the steps needed to install the Veeam Hardened Repository using the ISO provided by Veeam. 1. The script will ask you what is the disk you want to format as XFS file system and the password for the account to create. Jan 13, 2025 · Even if the ready-to-use “Veeam Hardened Repository Installer ISO” is now available from Veeam, in some cases it still makes sense to install the hardened repository manually. To make the setup / installation easier, and to secure the Linux OS. Jun 7, 2023 · Installing Ubuntu Linux for Veeam Hardened Repository; Securing Veeam Hardened Repository Against Remote Time Attacks; Ubuntu Linux Essentials: Booting Into Single User Mode and Protecting Against Unauthorized Access; Securing Veeam Hardened Repository; You can also check out or new hardening script, which applies additional Linux OS hardening Feb 3, 2022 · What is a Hardened Repository? From v11, Veeam provides the capability to have immutable backups locally with its new Hardened Repository. Mar 4, 2025 · The Veeam Hardened Repository ISO is an excellent solution that simplifies the installation of a Hardened Repository by leveraging the hardening configuration provided by the ISO, securing the operating system in accordance with the DISA STIG. Dec 5, 2023 · Veeam Community discussions and solutions for: Upgrade of VBR to 12. Specify Linux Server; Step 4. The thinking is the following: if a customer starts in 2024 with let's say 12 disks, then he will hopefully have enough disk space for the next 12 months before he adds 12 more disks. Inside the installer you have to specify some settings, but everything else is predefined, so that after the guide guided installation you have a DISA STIG hardened repository. 04 LTS. This ISO is a pre-hardened Rocky-based Linux image that is built to comply with DISA… Feb 14, 2023 · We are experiencing the same issue "Failed to save Backup Repository: VAL components are installed on the target machine". Dec 11, 2024 · Just click Additional Downloads > Extensions and Other > Veeam Hardened Repository ISO. Limitations and Recommendations. Feb 25, 2025 · Veeam Hardened Repository ISO is a Rocky-based Linux managed Hardened Repository delivered as bootable ISO which is already pre-hardened to comply with DISA STIG requirements. Recipe: Add a Hardened Repository Expected deliverables: A Veeam Backup & Replication Hardened Repository with Immutability where Veeam keeps backup files, VM copies and metadata for replicated VMs. For simplicity (this is for testing) we Nov 25, 2024 · This is a quick post on how to setup the newly published Veeam Hardened Repository (Rocky Linux 9. Sep 30, 2024 · How to Set up Rocky Linux 9 with a DISA STIG Security Profile for Veeam Hardened Repository in 10 Minutes. The hardened repository in Veeam Backup & Replication V11 provides the air-gap or immutability we need. During the upgrade to Veeam Backup & Replication 12, any Linux server associated with a Hardened Repository with Immutability will have its credentials switched to single-use. First, biggest question is "will the Hardened Repository be backed by an XFS filesystem?" Main reason for this is that XFS supports fast clone, so if the ReFS repository was also using fast clone, targeting an XFS file system will allow us to use fast clone and preserve the space savings. Veeam VHR, which stands for Veeam Hardened Repository, is essentially a lightweight Linux distribution that enables you to set up a ransomware-proof repository for securing your backups, with immutability protection built-in by default. For general information on the Hardened Apr 6, 2023 · Whether you are a growing startup or a large enterprise, Veeam’s Linux Hardened Repository can provide you with the peace of mind you need to ensure that your data is always protected and reliably recoverable when disaster strikes. Features and attributes: Hardened repository : Immutability . This includes system firmware, all adapter and hard-drive firmware, and the corresponding device drivers in the operating system. Installation and initial configuration. Feb 18, 2025 · A new version of the popular Veeam VHR ISO v2 has recently appeared in the download section. Option 2 – Using trial download. This means that we will use Veeam Hardened Repository ISO for installation. It allows you to create a highly secure and immutable backup repository. Launch New Backup Repository Wizard; Step 2. The reason why this blog post took so long to write is that Veeam Backup & Replication fully supports DISA STIG hardened RHEL systems only with the Sep 12, 2024 · Even if the Veeam Backup & Replication server is compromised, the attacker cannot get the credentials and connect to the hardened repository. Jan 6, 2025 · The Veeam Hardened Repository ISO (VHRISO) is a Managed Hardened Repository delivered as bootable ISO with a Rocky Linux distribution preconfigured by Veeam. Veeam Hardened Repository is a WORM storage solution that protects against unwanted changes to the backup files. A simple step by step no frills approach to achieving your goal. dmcauntzbwovtgkzajocsjfwmljamutsnhyjvlwznbabtwkalfzcdyrthprlsstohfxarfbsvpqgcsxifc