Veeam 100 Summit 2025 – Prague: Trust, Resilience, and Community in Action

Posted on by
Reply

Introduction to the Veeam 100 Summit 2025

On November 3rd to 6th, 2025, I attended the Veeam 100 Summit in Prague. That summit is not just another IT conference. It is a global gathering of an innovative company, Veeam, expert practitioners, and community leaders. Next to the organizing Veeam employees (R&D, product strategy, community managers), there are three “profiles” invited to attend the Veeam 100 Summit.

  • Veeam MVPs are top Veeam employees with a customer-facing technical role who share and engage above and beyond the call of duty, i.e., when it is not part of their job.
  • Veeam Legends, who are top engagers on Veeam properties, like the R&D Forums, the Veeam Community Hub, and Veeam User Groups.
  • Veeam Vanguards, like myself, who are top influencers in their own external identities and properties. I am an inaugural Veeam Vanguard since the program was established in 2015.

What makes Veeam and the community special?

Veeam stands out because it puts its money where its mouth is. They not only talk the talk, but they also walk the walk. While it sounds a bit like the Microsoft MVP summit, which is also a conference you can attend only by invitation, it is much smaller, more direct, and more inclusive by design.

For one, very unlike the Microsoft MVP Summit, Veeam still believes in enabling any member of their community to attend the Veeam 100 Summit by providing travel and accommodation to the invited Veeam 100 members. That means that others and I can attend when our employers have no appetite and budget for such advanced skills development or community efforts. In a world where trillion-dollar companies save dollars on the backs of the very communities that support them, Veeam still very much believes in sponsoring the global community that helps them, their partners, and customers excel. For that alone, Veeam should get some recognition!

Secondly, it is much smaller, which means more direct opportunities for extended discussion, interaction, and networking. That also means you get to interact with people from very different walks of life, very different roles and backgrounds from all over the globe. That is where a better understanding happens, where different opinions and tales merge and lead to a better understanding of why we have different opinions. It makes for very lively, passionate discussions at the dinner table.

In the end, we are all united by the common goal we all share. We have to strengthen our customers and businesses’ resilience in the face of evolving digital threats. This year’s summit blended deep technical sessions, cultural immersion, and authentic collaboration, creating an atmosphere that was both professional and personal.

Prague as the Perfect Backdrop for the summit

Prague has become a recurring host city for the summit, and for good reason. It’s a beautiful city, Veeam has an office there, and most people like to visit it. The town provides a welcoming environment where conversations flow as easily in the conference halls as at dinners around town.

I could describe the event as part training, countless discussions, part reunion.

  • Face‑to‑face collaboration: Meeting peers in person reinforced bonds that go beyond online forums.
  • Shared learning: Technical sessions were enriched by practitioners’ real‑world experiences.
  • Friendships and trust: Informal conversations and social events created lasting connections.

It is a summit where we can discuss the good, the bad, and the ugly. We all know how bad the IT security landscape has gotten. The proof of that is in zero-trust environments, where everything and everyone is a risk that needs mitigating. It wreaks havoc op speed, agility, and the ability to get things done, and, last but not least, on the work joy of employees and colleagues.

You will not find me calling a company or an employer family. Family is not a business. But the Veeam 100 community does care for one another. We have seen that in words and in deeds. Sometimes words and small gestures are all that is left when we comfort each other while remembering our deceased fellow Vanguard. It also shows in deeds, when the community helps its members find great new opportunities when others end.

.

We remembered our friend Brad Jervis, a valued member of the community, who we lost this year. In his honor, the Brad Jervis Memorial Award, for outstanding community spirit, was awarded for the very first time to Jim Jones. A moment where a lot of us shed a tear. It was a moment to remember our absent friend and appreciate his contributions to our community.

Trust or zero trust as the Central Theme

Trust, or rather the lack of it in zero-trust environments, emerged as a defining theme of the summit. In an era where ransomware and cyber threats dominate headlines, trust in your tools, your processes, and your peers is critical. The summit emphasized that resilience requires more than backups; it requires confidence in the systems and communities that support them. We will need a lot more automation to protect ourselves, as we need constant monitoring and early detection of anything amiss.

The content

There was a lot of content. The pace at which new capabilities arrive and existing ones improve is mind-boggling. Especially as data resilience is only one part of the puzzle for IT professionals.

Content is color-coded (red = NDA, yellow = OK after a given date or go ahead, green = free to talk about), so I will not be sharing much to stay on the safe side. Also, in reality, it is way too much.

We discussed the GA of Veeam Data Platform v13: Yes, v13 was presented as a significant leap forward in data protection, with an emphasis on resilience, automation, and monitoring, early detection, and cyber‑recovery.

As the tidal wave of information to analyze to make it all happen keeps growing, Veeam also turns to AI to stay ahead. New AI-driven capabilities include the Deep Data Analysis Agent for conversational reporting, anomaly detection to flag unusual backup patterns, and interactive dashboards surfacing health, performance, and risk metrics.

The enhanced security posture in VDP v13 integrates stronger ransomware defense, hardened repositories, and orchestration improvements to ensure faster, more reliable recovery. And on top of it, it becomes easier to achieve for all types of partners and clients. We all need help staying ahead in this threat landscape.

We also discussed additional strategic matters, such as Veeam’s acquisition of Securiti AI. This should allow Veeam to combine resilience with data security posture management, privacy, and zero trust principles, giving enterprises a single command center for governance and recovery. AI will be a big part of making all that feasible.

And last but not least, the Veeam Cloud Platform enables unified resilience across hybrid and SaaS workloads.

  • Unified experience: The Cloud Platform is designed to provide a single pane of glass for managing workloads across on‑premises, hybrid, and multi‑cloud environments.
  • Integration with VDP v13: The new features in Veeam Data Platform v13 — such as AI‑driven anomaly detection, guided reporting, and interactive dashboards — are surfaced through the Cloud Platform, making them accessible across distributed infrastructures.
  • SaaS and IaaS coverage: The Cloud Platform extends protection to Microsoft 365, Salesforce, Kubernetes, and public cloud workloads, ensuring that resilience isn’t limited to traditional VMs.
  • Security posture management: With the acquisition of Securiti AI, the Cloud Platform gains DSPM (Data Security Posture Management) capabilities, allowing enterprises to understand, secure, recover, and govern data across all environments.
  • Cloud‑native orchestration: Automated recovery workflows and orchestration are embedded, reducing manual intervention and accelerating time‑to‑restore.
  • Scalability and flexibility: Enterprises can scale protection seamlessly as workloads grow, without needing separate tools for each environment.
  • The Veeam Cloud Platform represents Veeam’s evolution from a backup vendor into a comprehensive resilience and security platform. By combining VDP v13’s AI‑driven intelligence with cloud‑native orchestration and Securiti AI’s governance capabilities, Veeam is delivering a solution that:
  • Protects any workload, anywhere.
  • Provides real‑time visibility into health, performance, and risk.
  • Ensures compliance and trust across hybrid and multi‑cloud infrastructures.

An overview

That was already a lot. And I have not gone into any single detail yet! Here is my attempt to provide an overview of the 3 significant endeavors Veeam is engaged in.

PillarCore FocusKey FeaturesStrategic Value
Veeam Data Platform v13Operational resilience– AI‑powered help/search for guided troubleshooting
– Anomaly detection for backup patterns
– Interactive dashboards for health, performance, and risk
– Hardened repositories & orchestration		Smarter day‑to‑day operations, faster recovery, proactive defense against ransomware
Veeam Cloud PlatformUnified management– Single pane of glass for hybrid/multi‑cloud
– SaaS/IaaS protection (Microsoft 365, Salesforce, Kubernetes, public cloud)
– Cloud‑native orchestration
– Scalable workload protection		Extends resilience across any workload, anywhere, ensuring visibility and control in distributed infrastructures
Securiti AI acquisitionSecurity & governance– Data Security Posture Management (DSPM)
– Privacy & compliance frameworks
– AI trust integration
– Leadership expansion with Rehan Jalil		Embeds security and governance into resilience, unifying protection with compliance and proactive risk management

I hope that helps a bit to put it all together.

Roasting leadership

The summit always concludes with an infamous “Ask Me Anything” session with the Veeam leadership. That’s when we all line them up on stage and take turns roasting them over a slow fire by asking our most direct questions on complex topics.

You know what’s great about it? You get honest answers, most of the time, but there are limits to what they can talk about and say. But it is not the pre-canned, HR-, marketing-, and CFO-approved answers you usually get from leadership. Hence, I cannot share anything here, but it sure was interesting!

Why the Summit Matters

The Veeam 100 Summit is unique because it acts as a feedback loop. Anyone who is invited and wants to come can come. Veeam makes sure of that! Attendees gain early visibility into product roadmaps, while Veeam benefits from authentic insights provided by practitioners. This dynamic ensures that future releases are shaped by real‑world needs rather than theoretical design.

Looking Ahead

As the summit wrapped up, one theme stood out: protecting data isn’t just about stronger locks anymore; it’s about more innovative ways to guard environments and data protection fabrics, so we can rely on our recovery capabilities when we need them. The digital landscape we operate in has grown tangled, and success now depends on how quickly we adapt. True resilience goes beyond hardware and software. It comes from the trust we build and maintain in a zero-trust world, the collaborations we deliver, and the people who make it all happen. The Veeam 100 Summit in 2025 drove home the message that we don’t just have to keep pace with change, but also build infrastructures ready to adapt and survive in the face of whatever comes next. And like it or not, at this break neck pace we will need AI to stay on top of things. With change, we build infrastructures ready to adapt and survive whatever comes next. And like it or not, at this breakneck pace, we will need AI to stay on top of things.

Configure custom settings on the Veeam Software Appliance like you used to do in the Windows Registry

Posted on by
Reply

Introduction

In previous versions of the Veeam Backup & Replication server (before version 13), we did not have a Rocky Linux-based Veeam Software appliance. We can configure a multitude of settings in the Windows Registry to fine-tune and perfect the VBR server to our needs and environment. But as we all know, there is no such thing as a registry on Linux. However, as the saying goes, everything on Linux is a file, and that applies to the Veeam Appliance as well.

In this article, I will demonstrate with a simple example how to edit these configuration files to achieve the same functionality. As some settings are Windows-specific and are not needed on the appliance, nor would they do anything useful.

How to apply custom settings to Veeam Software Appliance

On the Veeam Software Appliance, you will find configuration files that allow you to configure custom settings, just as you can in the registry of a Windows host running in Veeam Backup & Replication.

You manage these configuration files via the Veeam Host Management Console. Also see https://helpcenter.veeam.com/docs/vbr/userguide/hmc_perform_maintenance_tasks.html?ver=13#managing-configuration-files for more inf0

  1. Access the Veeam Host Management Console Web UI (username/password + MFA)
  2. Select Logs and Services in the left-side Navigation panel.
  3. Select Host Configuration within the Logs and Services view.
  4. From here, you can search for a specific configuration file.

The config files can be exported and imported via the Web GUI. Import required Veeam security officer approval if that is configured.

Below, you will find a selection of registry paths and their corresponding configuration files on the Veeam Software Appliance.

Registry KeyVSA Config File
HKLM\SOFTWARE\Veeam\Veeam Mount Service/etc/veeam/veeam_mount_service.conf
HKLM\SOFTWARE\Veeam\Veeam Backup Catalog/etc/veeam/veeam_backup_catalog.conf
HKLM\SOFTWARE\Veeam\Veeam Backup and Replication/etc/veeam/veeam_backup_and_replication.conf
HKLM\SOFTWARE\Veeam\Veeam Threat Hunter/etc/veeam/veeam_threat_hunter.conf

The names of the settings remain the same as before, making it easy for those already familiar with the customization settings from previous deployments. If anything, it is a bit more forgiving, as you cannot select an incorrect value type for the value, unlike in the registry.

Configuration File Sections

The configuration files consist of different sections in square brackets (e.g., [root]). Where [root] is the equivalent of the root of the listed key. Below, I list some examples that you will find in the /etc/veeam/veeam_backup_and_replication.conf file.

  • [root] = HKLM\SOFTWARE\Veeam\Veeam Backup and Replication\
  • [API] = HKLM\SOFTWARE\Veeam\Veeam Backup and Replication\API\
  • [API\DbProvider] = HKLM\SOFTWARE\Veeam\Veeam Backup and Replication\API\DbProvider\
  • [DatabaseConfigurations\PostgreSql] = HKLM\SOFTWARE\Veeam\Veeam Backup and Replication\DatabaseConfigurations\PostgreSql\

As you can see, these represent the registry key paths that can be found on a Windows-based Veeam Backup & Replication installation.

Step-by-step walkthrough

Export and import the files via the Web GUI. There is no need to start SSH and access the appliance. The web GUI has everything you need.

Existing files can be exported for editing and then saved and uploaded to the Veeam Software Appliance.

You can also create new files if needed and upload those. For these to be functional, they must adhere to the conventions of the config files in terms of headers and values.

Be careful editing or creating a configuration file on Windows. Some text editors can mess up the file’s line endings and other settings. Windows has typically CRLF line endings, while Unix/Linux/macOS uses LF. Just make sure whatever text editor you use doesn’t change the line ending type, or things will break. Notepad++ will serve you well.

When the Security Officer role is enabled, importing an updated or new configuration file requires approval from a Security Officer.

I will demonstrate this with a handy but benign setting (in case you make a mistake). We will display a banner in the console GUI. Veeam introduced this years ago, but it makes for a nice, GUI-visible lab demonstration.

In the Windows registry, you configure this as follows:

Registry PathHKLM\SOFTWARE\Veeam\Veeam Backup and Replication
UIClassifiedModeDWORD = 1 to enable the banner
UIClassifiedStripeTextREG_SZ = Your custom message
UIClassifiedStripeColor (optional)REG_SZ = Hex color code (e.g., #FF0000 for red)

We will configure the same on the Veeam Software Appliance.

Select the correct file and click “Export”

Open the downloaded file in Notepad++ and add these three lines under [root, which is the correct path/location for these settings.

UIClassifiedMode=1

UIClassifiedStripeText=This is WorkingHardInIT’s VBR 13 Lab Server

UIClassifiedStripeColor=FF0000

Save your changes. Now, import the edited file into the Veeam Software Appliance.

As I have set up the Veeam security officer, I will need approval for this. For lab setups, you can choose not to leverage the security officer capability, but I prefer my labs to mimic real-life scenarios. It helps to evaluate the product more honestly.

Now the Veeam security officer has to log on to the appliance web console and approve my request

Some settings will require a restart of the Veeam services; others do not. However, if needed, you can perform this action from the web GUI.

When the Veeam Backup & Replication services have restarted and you log on to the console again, you will see the banner displayed just like on Windows.

Armed with this knowledge, you can now fine-tune your configuration settings to perfection for your Veeam Backup fabric environment when leveraging the Veeam Software Appliance.

References

See https://www.veeam.com/kb4779

Conclusion

There you have it. I have shown you how to configure custom settings on the Veeam Software Appliance, just as you would in the Windows Registry. I was wondering about this myself, as I knew Veeam would not leave us with a lesser product or, at the very least, fewer configuration options than on a self-hosted server installation.

The one thing that hits home is that zero trust impacts the comfort and speed of the honest, hardworking IT professional, who, apart from dealing with all the external threats, also has to guard against insider threats, i.e., himself. If you think about it, the level of security small and medium-sized businesses now have to deal with is mind-blowing compared to what it was in the past.

Happy testing, and may your production deployments and operations go smoothly!

The VeeamVanguard and Microsoft MVP Community is about more than the vendor programs

Posted on by
Reply

Introduction

I have been a Microsoft MVP and a Veeam Vanguard for quite some time now, which suggests that I share experiences, insights, knowledge, and feedback with the global IT community at large.

Community activities are as diverse as their members and their personalities. But in most cases, these activities involve adding something to the community they are part of. It is, or should not be, about what’s in it for me, even when that community will rise to help you should the need arise, but about us all. We all trip and fall at certain moments in our lives, both personally and professionally, meaning we all need help at times.

Helping those who need some assistance

One of the things I do is help where and when I can to ensure that the senior citizens I know or am aware of have their connectivity needs met as well as possible. That is particularly important for them if they rely on personal care and alarm systems, as well as some basic home automation, which makes living at home not only easier but also possible.

I don’t do such things through a non-profit organization; it’s simply a matter of rising to the occasion when the need and opportunity present themselves. Recently, a little “project” presented itself that required some network gear to complete.

Anyway, there was a need for excellent connectivity and a decent backup of any critical system(s). So, I offer my skills and time. I have some spare lab parts, but not all the items I need. This project required some wireless access points that can be easily and correctly configured and managed. So, what does one do? Ask for help from companies that might have surplus gear after hardware refreshes. I have used Aruba (IAP versions) and UniFi in the past. Any kit that works without expensive, high-end controller requirements and continues to function without requiring support contracts does the job. In some instances, flashing proprietary hardware with OpenWrt helps leverage hardware that does not work or cannot be maintained without a subscription.

For this project, I acquired some donated TP-Link Omada gear that was perfect for the job at hand.

What also came in handy is the community edition or free software from Veeam, which is available without subscriptions or costs, provided it is not installed by consultants or for profit. Hence, I give some schooling and training to ensure that the most tech-savvy person can take care of it. I help, explain, and offer advice on some aspects, but they ultimately get the job done.

I also needed a gateway/router/firewall. While in this case, I might consider installing a TP-Link gateway if I ever get my hands on one, but for now, an older model proprietary firewall I recovered and flashed with OPNsense Community Edition fills that role.

Preaching

We live in a polarized world, where division hinders progress. Social media bombards us with a tsunami of bad news that can keep you doomscrolling 24/7 if you fall into that trap. Instead, apply your skills to do something that improves the lives of people who need some assistance. It doesn’t have to be big in terms of size or money. It does not have to make the news or require Herculean effort.

All it takes is some effort and some time on your part, but it can also be fun to do. Did I do this alone? The people themselves got involved; the business I asked to donate hardware delivered the gear. The cabling came from dumpster diving. The firewall is an “obsolete” proprietary firewall appliance flashed with OPNsense community edition. Is the setup perfect? Nope, but it is excellent and does a fantastic job, way better than ever before!

You also have some skills, time, or materials to help out people. Just do it.

Configuring an Interface Bond for Veeam Software Appliance and Veeam JeOS Installations on Hyper-V

Posted on by
Reply

Introduction

If you are anything like me, you want your labs and testing to mimic production as much as possible. Hence, when testing the Veeam Software Appliance and Veeam JeOS ISO installations in my Hyper-V lab, I want to use bonding for my LAN NICs and, potentially, for my dedicated backup network NICs. I say potentially, as that depends on the backup source and the available backup target networks, as well as the required configuration and the workloads they serve. Such design discussions have numerous permutations, which would lead us astray from the goal of this blog post.

Once we have decided we want bonding, the question at hand quickly becomes How does one get a bond to work in Linux VMs on Hyper-V? I will demonstrate how to do it for this specific use case. My primary concern was that the hardening of the ISO image might have blocked this from working, but it does not! Which is excellent news.

Yes, I know that bonding inside VMs is not the best approach, but we are doing this to emulate physical production configurations. In real-life production workloads, you should NOT even use virtual machines for hardened (immutable) repositories!

We need multiple NICs

First of all, we need a VM with multiple NICs. Two NICs for the LAN bond and then two or four NICs, depending on your network setup and goals. As stated above, we will not discuss this here.

I will direct you to a PowerShell script that allows you to easily deploy one or more scaffolding virtual machines on Hyper-V for testing the Veeam JeOS (Hardened Repository) ISO. Adapt the variables to your needs and run the script with elevated permissions. Locally, remotely, whatever suits you best.

You can set up the Hyper-V part of the NIC configuration for teaming via a script or in the GUI. I will use the GUI to showcase this, but will also provide the PowerShell commands in the script.

Note

You might remember my earlier guide on NIC bonding for Ubuntu guests in Hyper-V. There, I relied on full access to tooling on my Ubuntu servers. When working with the Veeam Hardened Repository ISO, things are more locked down. Thankfully, the installer provides a basic yet effective GUI. You can use it to configure NIC bonding during the installation process. Not only that, but we also have a basic menu-driven GUI after installation to configure and change the essentials. There should not be a need to SSH into the repository servers.

Bonding

This post guides you through setting up interface bonding during the initial installation phase using the built-in GUI, and I will show you where to configure or change it post-installation.

Installing the Veeam appliance & configuring bonding

They designed VeeamJeOS and other appliances with security in mind. That’s great for production, but it means you don’t get the same level of access to system internals as you do with a full-blown Ubuntu install. Specifically:

  • You can’t easily view or manipulate MAC addresses.
  • The repository is a stripped-down OS, so tools like ip, ifconfig, or even netplan might not be available.
  • You’re working with a locked-down shell and a minimal set of packages.
  • SSH access is available with one-time use passwords, and you need to enable it explicitly.

So how do we configure NIC bonding under these constraints? Let me walk you through this.

Step-by-Step: Bonding Interfaces in the Hardened ISO

1. Prepare Your Hyper-V Environment

Before booting the ISO, ensure your Hyper-V setup is ready. We will create a VM with an OS disk of at least 100 GB and add one or more larger data disks to emulate volumes backed by one or more RAID controllers. Don’t worry too much about the size, the disks are dynamically expanding ones and thin-provisioned. Naturally, you’ll need some vCPUs and vMemory. Additionally, create a Generation 2 VM and ensure that you set the secure boot template to “Microsoft EUFI Certificate Authority”. Last but not least, set the boot order to boot from the DVD drive first.

Next is the most important for this blog post: creating the vNICs.

  • Create two LAN vNICs for your VM and two or more BACKUP vNICs.
  • Enable MAC spoofing on the vNICs that you will bond inside the guest OS. It is crucial, as without it, the bond does not work correctly.
  • You must check “Enable this network adapter to be part of a team in the guest OS.”

Lucky you, I have a scaffolding script to create such VMs for you, and you can find it here: https://github.com/WorkingHardInIT/CreateVeeamHardenedRepoScafoldingVMs

Change the variables to values that make sense in your lab and run it in an elevated PowerShell session.

Enjoy. The only thing you need to do after running that script is mount the ISO in the DVD drive. You can play along with the VeeamHardenedRepository_2.0.0.8_20250117.iso or the VeeamJEOS_13.0.0.12109.BETA2.iso. In this article, I am using the VeeamHardenedRepository_2.0.0.8_20250117, as it is the current version suitable for production use. But if you follow the instructions below, you will be able to complete the process on both. For the V13 Beta 2, you need to contact Veeam as it requires an access code to download. You can watch a video of me installing VeeamSoftwareAppliance_13.0.0.12109.BETA2.iso with bonding here: https://vimeo.com/1108152527; the process is the same for the VeeamJEOS.

2. Boot the ISO and Access the Shell

Start the virtual machine.

Once the virtual machine is running, you should see the installer splash screen. Select “Install Hardened Repository (deletes all data).” Hit ENTER to continue

Next, you will see the Installation Summary Screen. It is more limited than you might be used to with a standard Rocky Linux deployment.

  • Make sure the Keyboard is correct.
  • Select your time zone (region and city)
  • The installation (storage layout) is not configurable.
  • The Network and hostname section is where we will do the most work!

3. Identify Your Network Interfaces

You should see all your NICs listed, and when you select one, you can also see the MAC address. That helps verify which Hyper-V vNIC this corresponds to. Usually, they are listed on both Hyper-V and in the OS (e.g., eth0, eth1, …) in the order in which the script created them.

As you can see, one NIC got an IP address via DHCP, which is a good sign.

4. Create the Bond

Now, let’s set up bonding. Click the “+” button located to the left of the NIC listing.

Ensure the type is “Bond” and click “Add”. Now configure the bond:

Please give it a distinguishable name, such as LANBOND

Give the interface a name: lanbond0

Add the interfaces. These are of type “Ethernet”

Click Create and add the devices. In this example, we will add both LAN NICs. Round-Robin is best here. LACP is not suitable for Hyper-V guest deployments. However, you can certainly use it in a physical production setup.

Save this and take a peek at the bond interface now. It has received a DHCP address. Good, now let’s configure our static IP settings. All this is pretty straightforward. Enter the correct data, including the NIC IP, subnet mask (in CIDR or Dotted Decimal Notation), gateway IP, and DNS servers.

5. Check your bond status and turn your bond off and on

Now pay attention to the bond. It will display the original IP address until you disconnect and reconnect. Use the toggle button for this. But there is more. Look at the MAC address. Yes, it has a spoofed MAC address of one of the member interfaces.

That is why you need MAC spoofing enabled on those bond member NICs in the Hyper-V setting of your virtual machine.

Finally, enter the host name and click Apply.

Click Done! You can already ping test the address; it should work.

Click “Begin Installation” in the lower-right corner of the splash screen. You will get a warning that this will wipe all disks. That is not a concern here. Click Yes. Let the installation process run. You can follow the progress.

Reboot the system when asked.

Log in using the following credentials:

  • User: vhradmin
    • Password: vhradmin

You must change the password to one that meets the minimal complexity requirements.

Accept the license terms.

You will have a menu to work with.

One of the things to do is configure the proxy setting, manage the network configuration, update your system, and start SSH with a single-use password.

SSH gives you (controlled/protected) SSH access to take a peek under the hood or see if you can customize anything (lab only).

However, mainly, you need to temporarily enable SSH to add this repository to the Veeam fabric.

7. Troubleshooting tips

Look at your ping -t 192.168.2.101 replies. They should be returning an answer reliably! If not, here are some tips:

  • First, ensure that you ping from only one test machine, as you can only send five pings per second. If you test from multiple machines and consoles, you will easily exceed this limit and experience drops.
  • MAC Spoofing is non-negotiable. Without it, it won’t work
  • Make sure “Enable the network adapter to be a part of a team in the guest operating system” is enabled.
  • If you’re unsure which NIC is which, Hyper-V’s VM settings display the order in which you added them. But you can also use the MAC address to identify them via SSH if needed.

8. Bond failover testing

Once you have a reliable ping reply, do some further failover testing:

  • Unplug one vNIC in Hyper-V and verify connectivity.
  • Deactivate the members of the bond in Rocky Linux.

Note that you should not lose connectivity.

Conclusion

You are now ready to add that Veeam hardened repository to your Veeam Backup & Replication environment. Congrats.

Configuring bonding during installation with the GUI is surprisingly efficient. Suppose you forgot or want to change the configuration that is possible in the GUI provided by Veeam when you log on to the console. If you enable SSH, you can also use it to access the system; however, it is not necessary to configure bonding in this manner.

The Veeam Hardened Repository ISO is pretty slick! I like it a lot. I would like to see some flexibility in the backup storage configuration to allow for customization. I would also like to have MFA for console, SSH, and sudo actions, similar to what I have with Duo, which I use for my hardened repository builds. And guess what? Veeam is adding MFA to the JeOS ISO image with Veeam Backup & Replication 13. That, and mandatory Security Officer approval for privileged actions, under the ‘two pairs of eyes’ principle. Below is a sneak peek of that!

In lab environments running on Hyper-V, this blog post and my PowerShell script can help you get up and running quickly with redundant connectivity to reproduce production configurations. Please share your questions, experiences, or tweaks in the comments below.