v11 For Service Providers – Protecting the Landing Zone with Linux Immutability

v11 For Service Providers – Protecting the Landing Zone with Linux Immutability

When Veeam Backup & Replication v11 went Generally Available on the 24th of February I posted the What’s in it for Service Providers blog. In that post I briefly outlined all the new features and enhancements in v11 as it related to our Veeam Cloud and Service Provider Partners. As mentioned each new major feature and enhancement listed below deserves its own seperate post. While these posts are targeted at Service Providers, the majority of these features can be levered by all types of organizations. In this post I am looking at the new Hardened Linux Repository which allows setting immutability against backups on primary landing zones. This now offers end to end immutability options when used with Capacity and Archive Tier immutability features.

As a reminder here are the top new features and enhancements in Backup & Replication v11 for VCSPs (with links as created)

Locking up Linux Repositories for Landing Zone Protection

Previously, we have only been able to take advantage of immutability in the Capacity Tier of the Scale Out Backup Repository… this left a data exposed on the primary landing zone and sceptical to attacks and other events. Those include data corruption or data compromisation, accidental deletion of data and the more sinister insider threat that is of malicious intent. The Hardened Linux Repository enables primary backups to be immutable, this is done by giving you the ability to achieve local immutable backup storage by using supported Linux x64 distributions that provides this functionality natively.  This protects data from loss because of malware activity or other failure scenarios mentioned above by blocking the deletion and modification of data.

v11 For Service Providers – Protecting the Landing Zone with Linux Immutability

The other component of this solution is that we suggest further hardening of the Linux system but restricting SSH access to the server. When adding the Linux server, we use temporary credentials. To do that, you Add and select Single-use credentials for hardened repository when configuring the SSH Connection during he New Linux Server wizard.

There are a number of great walkthroughs on setting this up and rather than me repeating that here, i’ve linked to them in the More Content section at the end of this post. One that I will highlight here is the work done by Timothy Dewin and Preben Berg who put together a great project that does all the config and hardening for you by way of a VeeamHubRepo Debian package built to quickly configure a hardened Linux repository on Ubuntu. This is great for labs and testing out this feature before putting into production and is a brilliant release from the guys.

v11 Immutability Linux

Once you have configured the new Linux Repository and configured the Immutability settings, the backup repo can be used standalone or in a Scale Out Backup Repository. The count of the immutability period indicated in the backup repository settings starts from the moment the last restore point in the active chain is created. The immutability period is extended only for the active backup chain. More information about how this works can be found here. Finally from the UI you can now see the Immutability period of a perticular backup from the properties section.

v11 Immutability Linux

Benefit to Service Providers

Building on the existing Immutability support with Object Storage, the addition of the Immutable Hardened Linux Repository allows Service Providers to secure their primary landing zones for their BaaS or IaaS Backups. As with the Capacity and Archive Tiers, I have been preaching to VCSPs since we released 9.5 Update 4 about how leveraging these new features reduces the size of the primary landing zone and now, with Linux Immutability landing zone can be secure as well. With the Capacity Tier, the Archive Tier together with the Move, Copy functions as well as the Immutability options all along the way, VCSPs can create multiple levels of Backup Storage Classes at graduating prices which gives their customers more choice and also more potential revenue.

Content and Materials

https://bp.veeam.com/vbr/VBP/Security/hardening_backup_repository_linux.html

https://helpcenter.veeam.com/docs/backup/hyperv/immutability_for_linux_hiw.html?ver=110

The post v11 For Service Providers – Protecting the Landing Zone with Linux Immutability appeared first on VIRTUALIZATION IS LIFE!.


Go to Source of this post
Author Of this post: Anthony Spiteri
Title Of post: v11 For Service Providers – Protecting the Landing Zone with Linux Immutability
Author Link: {authorlink}