Veeam Hardened Repository (VHR) is an option for secure, immutable backup storage and is a popular choice among Veeam enterprise customers. However, IT security and Linux expertise are required to deploy and manage VHR properly over time, and as such, it is not a suitable option for environments lacking in-house IT security skills. This blog post series is intended to provide an overview of the pros and cons as well as technical and operational considerations while choosing VHR for your environment.   

Ransomware has changed the game of Data Protection. It is no longer sufficient to simply backup your data. Instead, you must also secure your entire backup environment from attack. The explanation for this change is simple: Criminals and hackers realized that they had to remove their target’s ability to restore backed up data for their extortion attempts to succeed. It is not farfetched to assume that these bad actors even went so far as to become certified in different backup solutions to enhance their expertise at compromising these systems. 

Veeam developed a solution to help counter this growing threat. The Veeam Hardened Repository can raise defenses against ransomware by effectively securing backup data while not compromising performance. The solution leverages the Linux XFS file system, which supports data cloning to achieve space savings similar to Windows REFS file systems. 
The Veeam Hardened Repository is based on two solid security principles: single-use credentials and immutability. The credentials to deploy Veeam software are used only once during the installation of the Veeam components, after which they are discarded and are not stored in Veeam’s credential database. Immutability means that files are written and marked immutable and cannot be changed or deleted until the immutability lock has been removed [ so long as the server root access is not compromised]. Immutability is achieved by leveraging the XFS file system immutability bit in the file. This is not a new technology but has gained much more importance since the emergence of ransomware. It is important to remember that anyone with root privileges on the server can change/remove the immutability setting and then delete or modify the data.  This makes hardening and restricting root and physical server access a critical priority in the environment’s design. Any break-in to the administrator’s access renders the solution vulnerable to data destruction.  It is important to mention as well that virtual VHR setups are insecure. While they can create immutable backups inside the repositories, they also open a large attack surface at the hypervisor and storage access levels. When it comes to hardware, most server configurations, including Dell, HPE, and Cisco, are all fine solutions for a VHR - just remember to fully secure the console and firmware access.  Pay close attention to add-on management or monitoring software as these further expand the security attack surface.

The Veeam Hardened Repository can be an excellent solution, but installing and maintaining it properly requires  Linux and security expertise. Veeam provides detailed setup instructions to get the VHR up and running. Still, one must further harden the operating system, physical access, and console access through tools like IPMI and ILO/IDRAC and continually monitor for software updates, vulnerabilities, and exploits.  As software changes are made to the VHR environment, these must be tested to ensure the continued proper operation of VHR and its security.  The Backup administrators should, therefore, work hand in hand with your in-house security team to ensure the deployment is kept secure, continuously monitored, and functioning well for backup operations.

For many large enterprises with the necessary IT security personnel, the VHR-required procedures can be performed continually; however, for other environments, the Veeam Hardened Repository will become an operational and security challenge. In such cases, vendor solutions like Object First’s Ootbi (which stands for “Out-of-the-box immutability”) are better suited because the responsibility of maintaining and ensuring the security of the backup repository is shifted mostly to the vendor and not solely to the backup administrators. Ootbi is secure, simple, and powerful, providing a hardened object storage target with optimal performance purpose-built for Veeam. Administrators cannot delete or modify immutable data, nor can cybercriminals if they gain access to the administrator’s credentials. Out-of-the-box immutability can be achieved in 15 minutes for your Veeam Data Protection environments with much less effort and responsibility required from your IT team.

In this series, I will describe a detailed procedure for setting up a Veeam-hardened repository and suggest ways to harden the Operating system and hardware. I will also provide links to other instruction sets and official Veeam documentation so that these can be compared and the best approach can be chosen. No two networks are completely alike, and when building your backup repository, you need to ensure that your chosen deployment of the Veeam Hardened repository fits your environment and that you follow all compliance regulations.

In the last blog of the series, I will detail an Ootbi installation and explain the questions and problems it solves in relation to the challenges present in the VHR.

3 Reasons Object First Is Best For Veeam