Protecting your Veeam Data Platform Audit Logs is another way keep your security sensitive logs safe. Using NetApp ONTAP SnapLock Write One Read Many (WORM) technology can protect you from bad actors attempting to delete your audit logs. Please make sure the NetApp ONTAP controller has a SnapLock license. The first thing you have to do is create a NetApp FlexVol (volume). I logged into NetApp ONTAP System Manager and from the main menu navigated to “Storage=>Volumes=>+Add” to get to the volume screen below (Figure 1). I filled in the fields and clicked on “More Options”(Figure 2) to display more volume options. If you enable the SnapLock option for the first time, you will be instructed to “Initialize the SnapLock compliance clock” which is required (Figure 3). Click on “Enable SnapLock” select type “Compliance” and whatever retention period is needed for your companies compliance standards for audit logs. **** Caution if you select 14 years you will not be able to delete contents for 14 years. Please test on an NetApp ONTAP Simulator if you needed hands on practice *** This type of SnapLock is strict versus selecting type “Enterprise” this allows for a trusted administrator to modify contents on this volume (Figure 4). Remember to click “Save” when you are done with your volume options. Since I clicked on “Shared via SMB/CIFS” (Figure 2) you should have an SMB share that we will add to change the storage location of the Veeam Data Platform “Audit logs location” (Figure 5) below. I created a NAS backup job then I performed a “File and Folders” restore from the NAS backup file. This will create some audit logs files in the shared location identified in (Figure 2). I attempted to delete the existing audit log files from share (Figure 6) and it failed. I also attempted a “Files and Folder” restore and it also failed (Figure 7). Since Lenovo ThinkSystem Storage is also powered by ONTAP you can perform this on ThinkSystem Storage Manager for DM Series. For more information on NetApp ONTAP Snaplock, Veeam Audit Logs, NetApp ONTAP System Manager and Lenovo ThinkServer Storage Manager see documentation links below .

Figure 1

Figure 2

Figure 3

Figure 4

Figure 5

Figure 6

Figure 7

Veeam Documentation - Audit Logs Location

https://helpcenter.veeam.com/docs/backup/vsphere/audit_logs_location.html?ver=120

What SnapLock is

https://docs.netapp.com/us-en/ontap/snaplock/

Administration overview with System Manager

concept_administration_overview.html

Understanding ThinkSystem Storage Manager for DM Series

https://thinksystem.lenovofiles.com/storage/help/index.jsp?topic=%2Fsystem_administration_guide%2F3B6E7BDA-9F1B-4F8C-8FC2-8B28A2C3FCD7_.html

Page 1 / 1

Hi @Pybarra nice idea!

What fits perfectly with this is that all customers with a valid maintenance contract and the former Premium License Bundle, which should be most Netapp customers, receive a free update to Ontap One. This includes the SnapLock license.

Matze

Hi @Pybarra nice idea!

Matze

Thanks @MatzeB yes it is covered in this NetApp blog - https://www.netapp.com/blog/ontap-one/😀.

Note: Please read warnings in Veeam Audit Logs documentation below and do not select compress option checkbox on WORM volumes “Figure 5”.

IMPORTANT

Storing audit logs on WORM tapes is not supported. Storing audit logs on WORM storages is supported without log compression. This type of storage prevents the data from being deleted or modified. Thus, raw audit logs cannot be deleted after creating compressed files.

This a very interesting concept. Thanks for sharing.

Your very welcome, @Chris.Childerhose

Hmm...I need to check if a newer NOS version of Nimble supports similar technology…