In part one we gave some background of the Veeam VHR history and it’s transition from utilizing Ubuntu Linux Server LTS to Rocky Linux, as well as the hardware that we’ll be utilizing to support our VHR, and then deployed the VHR ISO to our PowerEdge server. Part two of this series consisted of deploying the VHR ISO to our server. Now in our third and final part, we’re going to add the new VHR to Veeam Backup & Replication as an immutable hardened repository and begin running backups that are protected against ransomware.
First things first, we need to log back into our freshly created VHR. Once logged in, we need to start the SSH services. The beauty of the VHR ISO is that it creates a single-use SSH password. After selecting the “Start SSH” option, you will be presented with the SSH credentials randomly generated.
Now we go to the Veeam Console > Backup Infrastructure > Backup Repositories and click the “Add Repository” button and select “Direct attached storage”. On the next window, we’ll of course select the “Linux (Hardened Repository)”
You’ll now be prompted through the regular New Backup Repository wizard. First supply a repository name and select Next. Now we’ll need to attach to our new VHR server, so select “Add New…” and supply the DNS name or IP address of where the server can be found.
Next up, it’s time to input those single-use SSH credentials that the VHR generated. Click the “Add…” button and supply the credentials provided and click OK and then select Next.
After verifying that the SSH key fingerprint matches that provided by the VHR and click Yes and then Apply. Veeam will SSH into the server and deploy the required Installer and Transport services. Once the installation is complete, click Next and Finish.
Now that the Veeam services are installed on the server and it is managed by Veeam, it’s time to deploy the VHR. Ensure that the VHR server is selected from the Repository server drop-down menu and click Next.
Select the Browse button. You’ll find a folder pre-created at /mnt/veeam-repository01. Browse to it, select it and click OK. Back at the New Backup Repository window, you’ll find the path to folder is now filled out. Also on this window you’ll want to ensure that Fast Cloning on XFS volumes is selected and set the immutability period you prefer. In most cases I set immutability for 30 days or sometimes 90 days, but in this case I left the default of 7 days. You can also adjust the your max number of concurrent tasks, etc. Then click Next. Veeam will validate that the requirements are met for a hardened XFS repository.
Next you’ll be prompted to select a mount server and then click Next. Note that this needs to be a different server, be it the backup server itself or a proxy server, etc. Review the settings and click Apply to continue. Wait for the configuration to be applied, then click Next and Finish.
With that said, I’d now recommend disabling SSH. It has been said that at some point, the plan is that SSH will be able to be disabled permanently after the initial setup, but at this time, you still have the option to go back into the server and re-enable SSH if necessary. Log back into the VHR server, and on the Main Menu, select “Stop SSH”, confirm by selecting “Yes” and validate that the service was stopped successfully and log out of the server.
Congratulations on your newly deployed Veeam Hardened Repository. You can now setup a Backup or Backup Copy job to start utilizing this new immutable space. I think we’ll all agree that this particular setup is MUCH faster and easier a manual VHR setup. I’m looking forward to the VHR ISO moving out of Experimental Support and moving to full production support as, out of abundance of caution, I’m still a bit hesitant to put this into full production. That said, I’ve had the VHR ISO in production-style use for over a week and I’ve found it to be a solid configuration.
Pingback: Deploying Data Immutability with the Veeam Hardened Repository ISO (Part 2 of 3) - Tech Notes & Dad Jokes