This guide will show you, step by step, how to create and implement a disk-based immutable Veeam backup repository from scratch. In this part: Prepare the install of Linux.
You are a Windows administrator running Veeam Backup & Replication and wish to raise protection against malware attacks and hackers without reverting to shuffle or rotate physical media.
This you can accomplish by immutable backups stored on a physical server running Linux. However, you have no Linux servers running and don't want to.
But, like it or not, that is your only option, as the XFS file system is the only one capable of immutability, and XFS only runs under Linux.
Thus, a Linux server is a must. When you have accepted this fact, then what? Where to start?
Like me, you have about zero experience with Linux and, therefore, hesitate to set up a Linux server, indeed in a production environment.
If so, this guide is for you. Here, nothing about Linux is taken for granted.
The guide has been split in eight parts. This allows you to skip parts you are either familiar with or wish to implement later if at all.
- Prepare the install of Linux
- Install Linux on the server
- Prepare the Linux server for Veeam
- Create the immutable Veeam backup repository
- Prepare for backup of the Linux server itself
- Backup of the Linux server itself
- Bare Metal Recovery of the Linux server
- Tighten security on the Linux server (MFA/2FA)
- Maintenance and deactivation/reactivation of MFA/2FA
You are familiar with:
- the usual tasks administering at least a small network with one Windows Server
- Veeam Backup & Replication and have it installed and running
- the command line - from PowerShell, Command Prompt, or even DOS
Veeam Backup & Replication is assumed to be of version 11 or later. It can be a licensed trial or paid version or even the free Community Edition.
The XFS file system was introduced by SGI in 1993 for its IRIX 5.0 operation system which was based on UNIX System V Release 4.
XFS was ported to Linux in 2001. As SGI ceased operations in 2009, Linux is today the only operating system supporting XFS.
Why is this important? Because XFS is the only file system offering immutability:
Once the file is set immutable, this file is impervious to change for any user. Even the root cannot modify, remove, overwrite, move or rename the file. You will need to unset the immutable attribute before you can tamper with the file again.
For the details about handling this, study Dan Nanni's blog on Xmodulo: How to make a file immutable on Linux.
Applying immutability to your backup files hosted on a physical server introduces a virtual air gap in your backup chain, protecting the backup files from anything else than direct physical access. This way, the backup files will be protected from any attack caused by advanced malware or possible hackers.
The effect is the same as if you back up to tape or DVD and, when done, remove the media from its drive.
As XFS does not exist in the Windows world, implementing this feature requires a physical Linux server.
The PDF folder contains the article sections as simple PDF files.
If you wish to support my work or need extended support or advice, feel free to: