What specifically do you want recommendations on?  I use Synology NAS devices for my homelab and have them configured as iSCSI targets for my VMs and also use Synology replication as well.  Little more details on what you want to know will be helpful.

Hey Chris,

Would like to know are there any best recommendations currently for the propper `Backup Infrastructure`. Since in the previous period I got some comments that is not recommended to use iscsi with LUN. `Do not use ReFS with iSCSI or FC SANs unless explicitly supported by the hardware vendor.`https://www.veeam.com/kb2792

Hi NemanjaJanicic,

Disks are configured as ReFS with 64KB block sizes - this windows filesystem - so your repository is windows VM for main and secondary site? 

for immutable backup - worm? have you set 9999 days of immutability? so you are using refs for immutability? i would recommend xfs

i am using ISCSI protocol for proxy, which is acting as gateway, because application backup cannot reach repository themself. advantage is that AAP is working - so you can restore database and if something will happen with gateway VM, you can reattach fs on new VM.

Seems pretty solid so far.

Currently, our (Veeam’s) preference / recommendation is a Linux repository w/ XFS instead of ReFS which as I get it your immutable repository is following.

Similarly, there are some concerns security-wise about presenting the storage for hardened repo over iscsi like this since it means the source storage host is a potential threat vector, but as long as you’re aware of it and securing the source storage server / monitoring all access, probably it’s alright.

I would advise that probably you're fine for now, but moving forward if there’s a situation where you will be refreshing the repositories, go with XFS for hardened repository when possible -- cannot sing XFS praises enough, it’s proven to be exceptional for backup repository purposes

Hello,

Yes. I’m using Windows VMs (Hyper-V) for main and secondary site.
For Immutable backups I’m using Veeam VHR, or Veeam Hardened Repository. 
For Immutable I’m doing a Backup Copy Job of Main to VHR.
And VHR is a VM inside Synology NAS.

Also regarding this, main issue is that ReFS doesn't support trim / unmap (except for Windows Server 2025), so it can make storage management a bit of a pain.

That + what I mentioned before, the source storage server is a threat vector to your backups as if that source storage server gets punked by an attacker, they can delete your backups with a single click

Your setup is ok as long as you are monitoring it but as mentioned XFS is better than ReFS even on Windows 2025 which I have found to still be problematic.  As long as you have things in place for failures you will be good.  Never had any issues with Synology and iSCSI other than the odd one with power outages.

​@NemanjaJanicic - I lean towards David’s recommendation of using Linux XFS for Block Cloning and immutability..instead of Windows & ReFS. Other than that..to me...your env looks fairly solid.

Hi, 

I would advise moving VHR to a physical machine, whenever possible

VHR oh a physical box for your copy jobs will always be the best option.  I’ll also add that having a NAS device depending on size you should make sure physical security is up to par as well as it’s easy to pick it up and walk away with it. You could have the most locked down system in the world but if someone could take it, that’s not going to be hardened or immutable. 

In addition to this, I would recommend taking a look at this blog post and this for some Cybersecurity Tips to Secure Synology NAS against Ransomware.  Do not forget to take Physical Security seriously as well.

Just move this to a physical device, as the VM can be deleted and then all your efforts are gone.

Thank you guys,

I got some great recommendations. Will refresh it a bit, move from Windows VMs to Linux in order to use XFS. For main and secondary will use Linux VMs on Hyper-V hosts, then connect the storage via iSCSI. And for VHR will check what I can do. Currently VHR is the only VM on that Synology NAS. So the main purpose of that NAS is to host VHR, nothing else. Access to network is denied

One more question to everybody:

• Is it possible for VHR to use a physical workstation and also add storage via iSCSI?

There is no hardware requirement necessarily to prohibit using a workstation vs a server. But generally, you can’t populate a workstation with the same compute power and storage you can a server. You don’t need a massive server if your environment is small.

VHR is Linux, so if the hardware supports it sure. 

That said, workstations usually have 1 PSU, and less error checking and redundancy. the cost savings could be due to the fact you have added many single points of failure. 

If you are ok with this, and are comfortable with Linux, add the disks and configure.