Veeam Backup & Replication v11 introduces the Hardened Repository as a secure place where backups can be stored immutably for a configured amount of time. With the Hardened Repository, Veeam created a WORM (write once, read many) storage option for Veeam backups. And the best part, this new role can be deployed on ANY general-purpose Linux server, without locking you down to the special proprietary hardware.
Various regulations exist for WORM storage. To make sure the Hardened Repository meets the highest compliance standards, we engaged Cohasset Associates as an independent third party, who concluded that Hardened Repository meets the compliance requirements for the key U.S. financial industry regulations. When properly configured, the Hardened Repository meets the requirements for non-rewritable, non-erasable storage as specified by SEC 17a-4(f), FINRA 4511(c) and CFTC 1.31(c)-(d) regulations.
The compliance assessment report is available for download here. The assessment report was created for compliance officers and thus it might be hard to read for an IT professional. That’s why we created an additional whitepaper for Veeam administrators to make the requirements easier to understand. The chapter “Configuration for SEC Rule 17a-4(f), FINRA Rule 4511 and CFTC Rule 1.31 (c)-(d) compliance” covers the necessary Veeam configuration options. The whitepaper is available for download here.
In the report, you may note Cohasset determines that the Hardened Repository is only compliant with WORM regulations when used as standalone, but not a part of the Scale-out Backup Repository. This is because for the Capacity Tier Move policy to function, we cannot make GFS backup files immutable for longer than the Move policy window, while regulations require locking them for the entire duration of their retention policy. However, based on the input from Cohasset, we have implemented changes to ensure that hardened repositories, which are a part of Scale-out Backup Repositories, using the Copy policy remains compliant. This change is included in Veeam Backup & Replication v11 P20210319 and later builds.
This new functionality is a big step for Veeam customers working in regulated industries, such as financial services, broker dealers, healthcare, etc. They can now store backups on the Veeam Hardened Repository in compliance with mandatory regulations. But of course, even more importantly, every Veeam customer can now use the Hardened Repository to protect themselves against ransomware and other cyberthreats. And because of how important such protection is these days, we included this functionally in every Veeam Backup & Replication edition, including even the free Community Edition.