Discussions specific to the Microsoft Hyper-V hypervisor
Post Reply
Blue407
Enthusiast
Posts: 98
Liked: 13 times
Joined: Apr 12, 2016 2:14 pm
Full Name: Paul Thomas
Contact:

Using Veeam Replication to non-domain server

Post by Blue407 » May 15, 2017 10:16 am

In light of the huge amount of ransomewear attacks over the past few days, I'm taking the opportunity to review the protections we have in place.

Currently our Veeam server replicates our hyper-v VM's to an off-site server each day. This is a domain member server.

I am looking to remove this server from the Domain and create a local admin accpunt on it for Veeam to use.

Can Veeam replicate VM's to a non-domain server?

While asking questions, I presume this stand-alone server would still work as a backup repository as long as I enter the local account login details into the job?

Mike Resseler
Product Manager
Posts: 5759
Liked: 615 times
Joined: Feb 08, 2013 3:08 pm
Full Name: Mike Resseler
Location: Belgium
Contact:

Re: Using Veeam Replication to non-domain server

Post by Mike Resseler » May 15, 2017 10:23 am 1 person likes this post

Hi Paul,

No, the Hyper-V host does not have to be a domain member. As long as you have the correct credentials for it, you can do this.

And for your second question: Correct

Cheers
Mike

Blue407
Enthusiast
Posts: 98
Liked: 13 times
Joined: Apr 12, 2016 2:14 pm
Full Name: Paul Thomas
Contact:

Re: Using Veeam Replication to non-domain server

Post by Blue407 » May 15, 2017 10:34 am

Thanks Mike

If I'm taking an existing Server 2012 R2 server and removing it form the Domain to air-gap it, and it currently has a repository and VM's replicated by Veeam, any special steps I need to take?

Mike Resseler
Product Manager
Posts: 5759
Liked: 615 times
Joined: Feb 08, 2013 3:08 pm
Full Name: Mike Resseler
Location: Belgium
Contact:

Re: Using Veeam Replication to non-domain server

Post by Mike Resseler » May 15, 2017 10:40 am

Paul,

The server is added to your infrastructure as a domain server. So you will need to remove that one and add it as a new server (it becomes a new "identity"). I have never done such an operation but I assume that means recreating the jobs and point them to that "new" repository. I am afraid this will give you some work.

PS: This cannot be considered air-gap. (Sorry...). You still have connection from the domain to the non-domain and vice versa. So the moment the credentials are stolen... If you really are thinking about air-gap (and you should! I think you are right in being so scared for RansomWare... So am I) then consider Tape/ Cloud Connect provider/ Rotating Devices... I know you probably will say that you have to work with the budget and so on... And I know that feeling very well from my previous life as administrator... But considering what has happened this weekend, I think you can make a good case to your management to get budget for a real air-gapped solution. (My additional 2 cents :-))

Blue407
Enthusiast
Posts: 98
Liked: 13 times
Joined: Apr 12, 2016 2:14 pm
Full Name: Paul Thomas
Contact:

Re: Using Veeam Replication to non-domain server

Post by Blue407 » May 15, 2017 10:47 am

Thanks for your thoughts.

We already backup to tape, this is going to be our off-site solution :) (Will be installed at another one of our offices in the UK)
The login account will use a complex password and will only be used in the Veeam backup and replication jobs. No Domain accounts will have rights on the machine.

Mike Resseler
Product Manager
Posts: 5759
Liked: 615 times
Joined: Feb 08, 2013 3:08 pm
Full Name: Mike Resseler
Location: Belgium
Contact:

Re: Using Veeam Replication to non-domain server

Post by Mike Resseler » May 15, 2017 11:01 am 1 person likes this post

Glad to see you have an off-site solution!

Post Reply

Who is online

Users browsing this forum: No registered users and 4 guests