References

Knowledge Base

This knowledge base has How-To guides and troubleshooting articles related to Veeam Kasten.

Kasten Best Practices

Explore the following recommended practices for Veeam Kasten to optimize its performance and ensure effective data management of cloud-native applications. Refer to this page for more information.

Security

Software Bill of Materials

For the Veeam Kasten environment to be transparent, secure, and compliant, the Software Bill of Materials (SBOM) provides information about software components included in or with Veeam Kasten software.

Purpose

The SBOM bundle makes it easier to understand the composition of the software, which in turn makes it easier to evaluate any possible security vulnerabilities.

To generate the bundle, Syft is run against all of the images that Veeam Kasten installs. An SBOM provides a comprehensive view of an image's contents, but does not indicate Veeam Kasten's dependency needs.

Download SBOM bundle sbom-7.0.12.tar.gz

Veeam Kasten repackages and distributes the following 3rd-party open-source images:

• dex

• emissary

• grafana

• kanister-tools

• prometheus

• prometheus-config-reloader (image listed as configmap-reload)

Note

The published bill of materials for these 3rd-party images are incomplete. Please refer to their corresponding projects for additional information.

Veeam Kasten Helm Chart Provenance

The integrity and origin of Veeam Kasten Helm charts can be verified using Helm provenance. The Veeam Kasten Helm charts are signed with a GnuPG keypair. The public part of the keypair must be downloaded to verify the Helm chart.

Note

Helm chart provenance is supported only in Veeam Kasten chart versions 6.5.14 and later.

Download the Veeam Kasten Helm Chart Public Signing Key

The Veeam Kasten Helm chart public signing key must be used to verify the provenance of the Veeam Kasten Helm charts. The official public signing key can be downloaded here.

Verify the Helm Chart Integrity

The Veeam Kasten Helm chart integrity can be verified either by:

• Downloading the chart and running the helm verify command.

• Using the --verify option during chart installation.

Verify the Downloaded Helm Chart

A downloaded Helm chart can be verified using the helm verify command.

To download a Helm chart, the helm pull command can be used as follows:

$ helm pull --prov kasten/k10 --version=<k10-version>

Once the Helm chart has been downloaded, the helm verify command can be used to verify the integrity of the downloaded Helm chart.

$ helm verify --keyring=/path/to/downloaded/RPM-KASTEN k10-<k10-version>.tgz --namespace kasten-io

Alternatively, the pull and verify commands can be combined as follows:

$ helm pull --prov kasten/k10 --version=<k10-version> --verify --keyring=/path/to/downloaded/RPM-KASTEN

Verify the Chart During Installation

The Veeam Kasten Helm chart can be verified during installation using the --verify option with the helm install or helm upgrade command.

For example:

$ helm install k10 kasten/k10 --namespace=kasten-io --verify --keyring=/path/to/downloaded/RPM-KASTEN