Skip to main content

How do you monitor Hardened Repository hardware?

  • December 13, 2021
  • 11 comments
  • 489 views
vNote42
Forum|alt.badge.img+12
  • vNote42
  • On the path to Greatness
  • 1246 comments

When it comes to Veeam Hardened Repository Server, we hopefully talk about a dedicated hardware server. Because of the high secure implementation of this feature it makes perfect sense to disable any additional attack surface. So it is highly recommended to disable platforms like HPE ilO and Dell iDRAC.

On the other side, it is essential to monitor this piece of hardware. IMHO it is important not to open any incoming network ports for monitoring. Means, monitoring (agent, script, deamon, ...) should open a port from within the host to in external instance like mail-server, SNMP-host, syslog-server, … and closes it afterwards. Otherwise a service - most probably with root-permissions - is running and open for external access.

So how did you implement hardware monitoring?

Wolfgang | vnote42.net | @vNote42

11 comments

Chris.Childerhose
Forum|alt.badge.img+21
  • Chris.Childerhose
  • Veeam Legend, Veeam Vanguard
  • 9587 comments
  • December 13, 2021

Most of our hardened repository servers are VMs and we use Zabbix for monitoring on those.  If there is physical we still use Zabbix but also iLO or iDRAC.

Chris Childerhose - VMCA2024 | VMCE2023 | VMCE-SP2024 | Veeam Vanguard 8* | Veeam Legend 5* | VUG Canada Leader | vExpert 6* | Toronto VMUG Leader | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
vNote42
Forum|alt.badge.img+12
  • vNote42
  • Author
  • On the path to Greatness
  • 1246 comments
  • December 13, 2021

Most of our hardened repository servers are VMs and we use Zabbix for monitoring on those.  If there is physical we still use Zabbix but also iLO or iDRAC.

Thanks for your answer! How do you query iLO/iDRAC with Zabbix - with SNMP?

Wolfgang | vnote42.net | @vNote42
Chris.Childerhose
Forum|alt.badge.img+21
  • Chris.Childerhose
  • Veeam Legend, Veeam Vanguard
  • 9587 comments
  • December 13, 2021

Most of our hardened repository servers are VMs and we use Zabbix for monitoring on those.  If there is physical we still use Zabbix but also iLO or iDRAC.

Thanks for your answer! How do you query iLO/iDRAC with Zabbix - with SNMP?

Yeah typically that is what we use.

Chris Childerhose - VMCA2024 | VMCE2023 | VMCE-SP2024 | Veeam Vanguard 8* | Veeam Legend 5* | VUG Canada Leader | vExpert 6* | Toronto VMUG Leader | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
vNote42
Forum|alt.badge.img+12
  • vNote42
  • Author
  • On the path to Greatness
  • 1246 comments
  • December 13, 2021

Most of our hardened repository servers are VMs and we use Zabbix for monitoring on those.  If there is physical we still use Zabbix but also iLO or iDRAC.

Thanks for your answer! How do you query iLO/iDRAC with Zabbix - with SNMP?

Yeah typically that is what we use.

Are you able to get disk and array controller failures this way?

Wolfgang | vnote42.net | @vNote42
randyweis
Forum|alt.badge.img+4
  • randyweis
  • Experienced User
  • 71 comments
  • December 13, 2021

Most of our hardened repository servers are VMs and we use Zabbix for monitoring on those.  If there is physical we still use Zabbix but also iLO or iDRAC.

What about the risk of a takeover of vCenter, where the bad actor can just delete the datastore containing the repository? Gostev wrote about this in this morning’s Word from Gostev.

The monitoring tool suggestion is good thought!

Randy Weis, VMCE, VMCA
Chris.Childerhose
Forum|alt.badge.img+21
  • Chris.Childerhose
  • Veeam Legend, Veeam Vanguard
  • 9587 comments
  • December 13, 2021

Most of our hardened repository servers are VMs and we use Zabbix for monitoring on those.  If there is physical we still use Zabbix but also iLO or iDRAC.

Thanks for your answer! How do you query iLO/iDRAC with Zabbix - with SNMP?

Yeah typically that is what we use.

Are you able to get disk and array controller failures this way?

I am not sure to be honest as that is not my department but I know they do see failed hard drives somehow via this method.

Chris Childerhose - VMCA2024 | VMCE2023 | VMCE-SP2024 | Veeam Vanguard 8* | Veeam Legend 5* | VUG Canada Leader | vExpert 6* | Toronto VMUG Leader | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
BertrandFR
Forum|alt.badge.img+7
  • BertrandFR
  • Influencer
  • 528 comments
  • December 13, 2021

Well, it will depends of your monitoring tools. We use Centreon for HP servers.

We use snmp (read) or XMLapi(Read Only - restrict to the monitoring poller). It could be different if you’re using OneView

https://docs.centreon.com/docs/plugins-packs/fr/latest/catalog.html#hardware-server

Example for XMLApi (not backup repo):

It’s an interresting topic, I hadn't thought of the hardened case.

Well from my pov it will depends of your security policy about it. Snmp could be “hardened”, v3 only read from a restricted @ip. XMLapi with a restricted configuration could be good too.

I’m not a huge fan of snmp traps but could be an idea (push model) or email alert :grimacing:

geschnei
Forum|alt.badge.img
  • geschnei
  • Not a newbie anymore
  • 5 comments
  • September 11, 2025

Three years later, is there still no proper way to monitor a hardened repo in terms of disk and RAID status?

As far as I see I may be able to install an RPM of a monitoring agent, but I don’t see how I could configure it since I can’t edit the configuration files or restart it with the veeamsvc user. Also I would to have to update the packages manually, since I can’t install it via the repository of the monitoring system.

Has anybody found a solution for this by now?

VMCE 2023 | Mastodon: https://social.tchncs.de/@schneidr | Blog: https://schneidr.de
Chris.Childerhose
Forum|alt.badge.img+21
  • Chris.Childerhose
  • Veeam Legend, Veeam Vanguard
  • 9587 comments
  • September 11, 2025

Nothing more than what is in this thread but over on the forums might be more information now with the release of v13.  I would check there to be honest.

Chris Childerhose - VMCA2024 | VMCE2023 | VMCE-SP2024 | Veeam Vanguard 8* | Veeam Legend 5* | VUG Canada Leader | vExpert 6* | Toronto VMUG Leader | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
geschnei
Forum|alt.badge.img
  • geschnei
  • Not a newbie anymore
  • 5 comments
  • September 11, 2025

Nothing more than what is in this thread but over on the forums might be more information now with the release of v13.  I would check there to be honest.

Sadly, there is only a single thread about that topic that I can find: https://forums.veeam.com/veeam-backup-replication-f2/how-do-you-monitor-your-hardened-repo-t78904.html

VMCE 2023 | Mastodon: https://social.tchncs.de/@schneidr | Blog: https://schneidr.de
Chris.Childerhose
Forum|alt.badge.img+21
  • Chris.Childerhose
  • Veeam Legend, Veeam Vanguard
  • 9587 comments
  • September 11, 2025

Nothing more than what is in this thread but over on the forums might be more information now with the release of v13.  I would check there to be honest.

Sadly, there is only a single thread about that topic that I can find: https://forums.veeam.com/veeam-backup-replication-f2/how-do-you-monitor-your-hardened-repo-t78904.html

Well I would post in there to add to this issue and even start a new thread if needed specific to the topic.

Chris Childerhose - VMCA2024 | VMCE2023 | VMCE-SP2024 | Veeam Vanguard 8* | Veeam Legend 5* | VUG Canada Leader | vExpert 6* | Toronto VMUG Leader | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech


Terms & ConditionsAccessibility statement