Hi Juan,
Thanks for your +1 for this request.
Our "promoted best practice" for hardened repositories advise closing all remote management ports, such as remote hardware management and SSH. If an attacker gains root access to the machine through such ports, they could potentially delete the entire disk partition containing the backups. That's why it's essential to block remote management protocols and ports from external access.
However, it’s important that the Agents and Backup Proxy Server for VM and file backup jobs can communicate with the Data Mover Service on the hardened repository for transferring backup data and restoring data.
Best,
Fabian
Thanks for your +1 for this request.
I'm curious where you saw us promoting the idea that Veeam Agents should never have direct access to a hardened repository for transferring backup data. Can you maybe share a link?Giving network access to our Veeam agents to talk directly to our Inmutable Hard Repositories is a no-no. It breaks all the best practices promoted by Veeam regarding their Hard Repositories.
Our "promoted best practice" for hardened repositories advise closing all remote management ports, such as remote hardware management and SSH. If an attacker gains root access to the machine through such ports, they could potentially delete the entire disk partition containing the backups. That's why it's essential to block remote management protocols and ports from external access.
However, it’s important that the Agents and Backup Proxy Server for VM and file backup jobs can communicate with the Data Mover Service on the hardened repository for transferring backup data and restoring data.
Best,
Fabian
Statistics: Posted by Mildur — Mar 05, 2025 9:41 am
![Chad Lawson – Awakening: The Stillness Within (2026) [FLAC 24bit/48kHz]](http://imghd.xyz/images/2026/05/09/x5d03jw9bi367_600.jpg)
