Link Menu Expand (external link) Document Search Copy Copied
Veeam

Repository Specifics

Whatever the choice you make regarding your repository, you should apply maximum care to its hardening.

Having an immutable filesystem is useless if you system can be wiped at a lower level.

Take care to restrict or simply remove - when possible - any possibility to access low-level configuration systems such as hardware management (IPMI etc) for your Linux or Windows servers, SAN, NAS, Object Storage, deduplication appliances etc, and apply relevant restrictions regarding access to administration interfaces, including Multiple Factor Authentifaction (AKA MFA) and Multiple People Authorization (4-Eyes and more) where available.

Finally, any hardening concept that is applicable to the Veeam Backup and Replication Server should also be enforced at the repositories level. Keep in mind that in many cases the repository server acts as a mount server and may hold unencrypted data in memory during recovery operations, making it a potential target for data exfiltration.

Additional information can be found in (helpcenter) [ https://helpcenter.veeam.com/docs/backup/vsphere/securing_backup_infrastructure.html]

Back to top

Copyright © 2019 - 2025 Solutions Architects, Veeam Software.
Please note that information provided in this guide is not produced or verified by Veeam R&D but is a result of community effort based on the field observations.