Requirements and Limitations
Important |
Veeam offers experimental support for the Veeam Hardened Repository ISO. For more information, see this Knowledge Base article. To be eligible for support, you must use an unmodified version of the Veeam Hardened Repository ISO on a machine that meets all the system requirements. |
In addition to the general backup repository and hardened repository system requirements, the Veeam Hardened Repository ISO has specific requirements and limitations.
Requirements
The following requirements must be met:
- The Veeam Backup & Replication version must be 12.2 or later.
- All hardware must be on the Red Hat compatibility list or CIQ certified hardware list.
- UEFI secure boot must be enabled.
- Third-party security software must not be installed on the server.
- Any USB devices you intend to use must be connected before you start the installation. After the installation finishes, any new USB devices will be blocked by USBGuard. For more information about other limitations related to USB devices, see Limitations.
- Only hardware RAID controllers must be used. Software RAID, Intel VMD VROC, and FakeRAID controllers are not supported.
- RAID controllers must have write-back cache enabled.
- The server must have at least two storage volumes:
- A separate volume for the operating system (minimum 100GB).
- At least one additional volume for data. All additional data volumes must be larger than the operating system volume.
- All data volumes must have the same sector size.
Tip |
It is strongly recommended that you use at least a dual parity RAID configuration. |
- Internal or direct attached storage volumes must be used.
- For installations that use a remote console, the network connection must be at least 4Mbit/s.
Note |
With a 4Mbit/s connection, the graphical installer will take approximately 10 minutes to load. |
- In addition to the standard set of ports that must be opened for a backup repository, an outgoing direct or HTTP proxy connection to repository.veeam.com on port 443 is also required for security and operating system updates. Without this connection, the GNU Privacy Guard (GPG) keys will eventually expire. Once these keys have expired, no further updates will be possible and a full re-installation of the operating system will be required.
- To prevent unauthorized access or deletion of the hardened repository, the BMC (base management controller) port on your server hardware must be secured using appropriate measures such as firewalls and strong passwords.
The solution has the following limitations:
- Multipathing for storage volumes is not supported.
- A USB storage volume cannot be used either as the operating system volume or a data volume.
- Updates to the server occur automatically on Mondays at 8:00 AM of the configured time zone. However, the server will not automatically reboot. Additionally, there are no notifications about required reboots. To make sure that all updates are installed and applied properly, reboot the hardened repository regularly.
- iSCSI or Fibre Channel LUNs provisioned to the server are not supported.
- Wireless network connections are not supported.
- The Use Text Mode option is not supported.
- If the bandwidth between the server and installation media is less than 4 MBit/s, the graphical installer will not start. To load the graphical installer to RAM, add the rd.live.ram=1 option to GRUB.
- Port 546 cannot be closed on hardened repositories created using the Veeam Hardened Repository ISO. This port is required for connections to DHCPv6 servers.