Configure a Nakivo Hardened Repository

nakivo-hardened-repository-configuration-01

To protect backup data from overwrites, deletions, and modifications, you must make the backups immutable by saving them to a Nakivo Hardened Repository.

Nakivo Backup & Replication supports immutability and allows administrators to configure Hardened Repositories without relying on commercial storage solutions only.

 

Configure a Nakivo Hardened Repository

To make your backups immutable, you need to install a file system that supports XFS. Linux provides the XFS file system and the distribution you use must be supported by the Nakivo Transporter.

 

Install the OS Linux

In this example, the Linux Ubuntu Server LTSC 22.04 is used as the operating system.

Install the OS and make sure to create an XFS partition where backups will be stored to leverage the immutability capability.

# df -Th

nakivo-hardened-repository-configuration-02

 

Deploy the Transporter to the Hardened Repository

Once the OS installation is completed, download from Nakivo website the Linux installer. Using a tool like WinSCP, copy the installer to the Linux machine to configure.

nakivo-hardened-repository-configuration-03

Add the permissions to execute the file.

# chmod +x ./NAKIVO_Backup_Replication_v11.0.2.91392_Installer-TRIAL.sh

nakivo-hardened-repository-configuration-04

Run the installer and choose the desired language (1 English in the example).

# sudo ./NAKIVO_Backup_Replication_v11.0.2.91392_Installer-TRIAL.sh

nakivo-hardened-repository-configuration-05

The installation begins by showing the EULA.

nakivo-hardened-repository-configuration-06

Scroll the EULA till the end and type 1 to accept the license agreement then the option 3 to install the Transporter.

nakivo-hardened-repository-configuration-07

Specify the location to install the Transporter (default /opt/nakivo) and press Enter. Enter the master password used to connect the Nakivo Server. Type 1 to skip the custom certificate installation and press Enter.

nakivo-hardened-repository-configuration-08

The Transporter has been installed successfully.

nakivo-hardened-repository-configuration-09

Check the Transporter service status with the command:

# systemctl status nkv-bhsvc

nakivo-hardened-repository-configuration-10

Create the folder for the repository.

# sudo mkdir /opt/nakivo/repository

nakivo-hardened-repository-configuration-11

 

Apply required permissions

Apply the required permissions to the folder. You must grant the required permissions to bhsvc account.

# sudo chown -R bhsvc:bhsvc /opt/nakivo/repository
# sudo chmod -R 770 /opt/nakivo/repository

nakivo hardened repository 1

Check the applied permissions.

# ll

nakivo hardened repository 2

 

Adjust the required mount point

Nakivo can add the repository to the server if the folder is created in /opt/nakivo. However, if you specified a different location during the OS installation, some adjustments will be required.

Identify the disk that will be used for the repository.

# sudo fdisk -l

nakivo-hardened-repository-configuration-14

Unmount the current partition.

# sudo umount /mnt/nakivorepo

nakivo-hardened-repository-configuration-15

Mount the partition to the created folder.

# sudo mount /dev/sdb1 /opt/nakivo/repository

nakivo-hardened-repository-configuration-16

To make the mount persistent, you need to edit the /etc/fstab file to modify the partition path. Change the mount point with the correct path and save the configuration.

# sudo vi /etc/fstab

nakivo-hardened-repository-configuration-17

Reload the mounting points.

# sudo mount -a

nakivo-hardened-repository-configuration-18

Check the mounted partition.

# df -Th

nakivo-hardened-repository-configuration-19

To secure the access to the Nakivo Hardened Repository, disable SSH service.

# sudo systemctl disable ssh.service
# sudo systemctl stop ssh.service

nakivo-hardened-repository-configuration-20

 

Test the backup

Create a new Backup Job by specifying the new Nakivo Hardened Repository as Destination.

nakivo-hardened-repository-configuration-21

Run the job.

nakivo-hardened-repository-configuration-22

Depending on the VM size, after a few minutes the job is completed successfully.

nakivo-hardened-repository-configuration-23

 

Test immutability

To test the Nakivo Hardened Repository, try deleting the just created backup. Access the Settings > Repositories section and select the Hardened Repository.

nakivo-hardened-repository-configuration-24

Select the job to test, and then try to delete it. As expected, the backup cannot be deleted because it's immutable.

nakivo hardened repository 3

The message displayed is self-explanatory.

nakivo-hardened-repository-configuration-26

Ensuring immutability for backups stored in the Nakivo Hardened Repository is the only defense a company has to protect its business against potential ransomware attacks.

signature

Leave a Reply