A new version of the popular Veeam VHR ISO v2 has recently appeared in the download section. Veeam VHR, which stands for Veeam Hardened Repository, is essentially a lightweight Linux distribution that enables you to set up a ransomware-proof repository for securing your backups, with immutability protection built-in by default.
This v2 release of VHR is available for download and installation. It comes as a pre-configured ISO image running on Rocky Linux x64, provided, maintained, and customized by Veeam. There are some requirements to keep in mind, such as needing at least two volumes—one smaller for the OS and a larger one for the hardened repository. Be sure to review the full list of requirements.
You can get the Veeam VHR v2 ISO here:
Customer Portal or trial downloads on Veeam’s web site. In there, go to Additional Downloads > Extensions and Other > Veeam Hardened Repository ISO
What is new in Veeam VHR ISO v2 ?
Quote from Hannes on Veeam’s forums concerning the new features added:
Repair mode
• Re-installs only the OS while keeping the data partitions intact.
• Please note that repair functionality cannot be used for migrations from Ubuntu or any other Linux distributions. The system will fail to boot and you would need to fix /etc/fstab manually.
Live boot
• Provides a live system for troubleshooting. It’s mainly built for use by Veeam support, however experienced Linux users can also use this for example for performance testing with fio or iperf.
• There are three scripts to mount data disk, operating system disk and collect hardware information in the home directory of vhradmin.
Fully automated installation / Zero-touch installation Veeam VHR ISO v2
• This uses regular kickstart and was designed to allow mass deployments or unattended (lab) installations. Public documentation can be created depending on demand. In general, the kickstart documentation from Red Hat can be used.
• To get “zero touch installations” working, add auto=1 to the kernel parameters in the grub bootloader. In the ks.cfg ensure to set keyboard layout, time zone and disable the cdrom installation source.
The following other changes were implemented in version 2 which are not really “features”
• System requirements change: the operating system disk must be the smallest disk. This is to ensure “repair” deletes the right disk.
• IPv6 DHCP support (UDP port 546 is open now).
• Allow “ping” with rate limit of 5 pings per second for easier troubleshooting.
• Additional warnings before installation / repair formats disks.
• Help text was adjusted.
• Network configuration is now mandatory.
• The “installation destination” button is non-clickable anymore to avoid confusion with that wizard.
• The “pre-release” warning was removed.
• the faillock configuration was changed so that a locked user will get unlocked automatically after 1min
Here is the screenshot showing the storage requirements when running the installer of Veeam VHR ISO v2.
Then the installation is fairly simple. Just adapt to your environment, select time zone, keyboard, configure networking etc….
NOTE:
If you’re testing it in VMware Workstation like me, you might encounter an error during the initial boot saying that the Rocky Linux x64 isn’t using UEFI. But then when you go to the VM > Edit > Options > Advanced, the radio button switch from BIOS to UEFI is grayed out. I was googling it then found that you must add a line to your VMX file. The line is:
firmware = “efi”
That’s it.
After configuring the required sections (System, Time and date, Keyboard, Network and Host name), you can proceed with the installation. It only takes couple of minutes and everything is automated.
The system proceeds with the installation and reboots. After reboot you’ll get this screen.
And that’s it. You can go to the Veeam VBR console and add it as a new hardened repo to your backup infrastructure.
The main reason of doing it is to have a hardened repo where you can activate immutability and stay protected against ransomware.
Final Words
Veeam VHR ISO v2 is a very nice way to create and use hardened repository for your Veeam backup environment. This repository based on Rocky Linux x64 provided and supported by Veeam allows you to be prepared in case something goes wrong and your organization has a ransomware problem. Your backups will stay safe. You’ll need to meet system requirements in order to install it on your hardware, such that your hardware must be on the Red Hat compatibility list or CIQ certified hardware list.
The server must have at least two storage volumes:
- A separate volume for the operating system (minimum 100GB).
- At least one additional volume for data. All additional data volumes must be larger than the operating system volume.
- Internal or direct attached storage volumes must be used.
Check for more details and limitations here. Ah, there are some limitations? Yes, for example no Wifi connections, no multipathing, and no iSCSI or FC LUNs etc…