Hardened repository for Veeam with TrueNAS Scale

[Thomas_VDB]

Hi,

I implemented this terrific tutorial on how to create immutable Veeam backups using TrueNAS scale.
One question though regarding the implementation:
Why is SMB used instead of iSCSI? I would suppose iSCSI is faster, and easier to harden than SMB?

Also 2 small remarks that perhaps can be updated in the tutorial :
- during the installation of TrueNAS scale, the installer suggests to create a user "admin". Discard this and use "root".
- while setting advanced options for the SMB share in TrueNAS scale : "NFSv3/SMB" is now "NFSv4/SMB"

 

[sretalla]

Why is SMB used instead of iSCSI? I would suppose iSCSI is faster, and easier to harden than SMB?

(I presume) SMB is used because iSCSI is not yet performance tuned on SCALE and SMB has had much more work put into it.

Also, it's probably better suited to the workload, not forcing sync writes like iSCSI would.

- during the installation of TrueNAS scale, the installer suggests to create a user "admin". Discard this and use "root".

Certainly not "best practice" (which is why TrueNAS pushes you to change to use admin or another named account rather than root).

If you're saying that due to the path variable being a mess and dotfiles missing, maybe do this:

Shell command issues with non-root-admin

Hi, I have created a new non-root-admin on Bluefin after the latest update. However while using the shell as this user for example I can't run the "zpool" command, as this will give me the error "zpool: command not found" When going back to the root-account it works fine. Any hints how to fix...

www.truenas.com

 

[Thomas_VDB]

(I presume) SMB is used because iSCSI is not yet performance tuned on SCALE and SMB has had much more work put into it.

Also, it's probably better suited to the workload, not forcing sync writes like iSCSI would.


Certainly not "best practice" (which is why TrueNAS pushes you to change to use admin or another named account rather than root).

If you're saying that due to the path variable being a mess and dotfiles missing, maybe do this:

Shell command issues with non-root-admin

Hi, I have created a new non-root-admin on Bluefin after the latest update. However while using the shell as this user for example I can't run the "zpool" command, as this will give me the error "zpool: command not found" When going back to the root-account it works fine. Any hints how to fix...

www.truenas.com

Thx for the reply. I agree on your comments about SMB vs iSCSI.

Regarding the root user : I just mentioned it because the tutorial is written with using the root-user in mind. I was using the admin user but then some issues in the tutorial didn't work (e.g. in the console the ZFS command doesn't work/is unknown).

 

[sretalla]

e.g. in the console the ZFS command doesn't work/is unknown)

See the post I linked for how to put that right.

 

[Thomas_VDB]

Okay thx!

 

[kudretcaglayan]

Hello,
I followed the recipes in the link below exactly. But I am getting error on SSH connection. I would be glad if experienced people can help.

/scale/scaletutorials/communityrecommends/

 

[Thomas_VDB]

Strange, SSH is not needed iirc.
Can you give more details?

 

[kudretcaglayan]

I am trying to add repository like this.
Which option do you use in add backup repository in veeam backup?

 

[Thomas_VDB]

As mentioned in tutorial, you should add the repository as an SMB share, not a linux hardened repository.

It is perhaps a bit unclear in the tutorial, but this tutorial uses a different way of hardening the repository (creating immutable backups), compared to the Veeam default way. So you have 2 possibilies :
- You setup a default Linux install and go the Veeam route : Use "Linux (hardened repository)" and Veeam will to the hardening for you.
- Or you go the alternative route using TrueNAS scale. This is a different (but I think not less secure) way of creating an immutable repo. But if you go this TrueNAS scale way, it is done via SMB.

(I would 've preferred that the tutorial used iSCSI instead of SMB).

 

[kudretcaglayan]

Thank you for your support.