Hardened repository immutability backup copy + Infinidat Snaprotator Locked Volume


Userlevel 7
Badge +4

 

Hi everyone I'm sharing this kind of configuration aimed to strengthen the security of immutable data backup against ransomeware attacks or possible 0 day \vul of the O.S. Linux used to deploy a Hardened Repository.

Thanks to Veeam, it is now possible to perform immutable backups via Hardened Repository.
This technique aims to safeguard the databackups saved on Raw LUN Volumes of a storage in “Locked Volume” mode on Hardenend Linux based repositories.

The combo is to use the Hardened Repository to which present a RAW LUN Volume formatted in XFS to support block cloning, in this case Infinidat + the functionality/utility Snaprotator, allows to schedule a snapshot of one or more Volumes in "Locked Volume" mode.

Tested also the restore, re-presented the Snapshot Volume on the Hardened Repository, the only trick is to force the change of the UUID of the Raw Lun, if not it is not mountable by the O.S. because of duplicate UUID.

InfiniBox SnapRotator User Guide – INFINIDAT Support

 

Find out if your storage has this type of functionality to implement it.
Enjoy


2 comments

Userlevel 7
Badge +6

This is definitely an interesting topic and something to look in to.  Thanks for sharing.

Userlevel 7
Badge +5

Interesting topic.

Some storage vendors offer a similar feature. You can never have too much security lanes to defend against ransomware and other threats...

Comment