Using Veeam Replication to non-domain server

Hyper-V specific discussions

Using Veeam Replication to non-domain server

Veeam Logoby Blue407 » Mon May 15, 2017 10:16 am

In light of the huge amount of ransomewear attacks over the past few days, I'm taking the opportunity to review the protections we have in place.

Currently our Veeam server replicates our hyper-v VM's to an off-site server each day. This is a domain member server.

I am looking to remove this server from the Domain and create a local admin accpunt on it for Veeam to use.

Can Veeam replicate VM's to a non-domain server?

While asking questions, I presume this stand-alone server would still work as a backup repository as long as I enter the local account login details into the job?
Blue407
Enthusiast
 
Posts: 44
Liked: 9 times
Joined: Tue Apr 12, 2016 2:14 pm
Full Name: Paul Thomas

Re: Using Veeam Replication to non-domain server

Veeam Logoby Mike Resseler » Mon May 15, 2017 10:23 am 1 person likes this post

Hi Paul,

No, the Hyper-V host does not have to be a domain member. As long as you have the correct credentials for it, you can do this.

And for your second question: Correct

Cheers
Mike
Mike Resseler
Veeam Software
 
Posts: 3150
Liked: 362 times
Joined: Fri Feb 08, 2013 3:08 pm
Location: Belgium, the land of the fries, the beer, the chocolate and the diamonds...
Full Name: Mike Resseler

Re: Using Veeam Replication to non-domain server

Veeam Logoby Blue407 » Mon May 15, 2017 10:34 am

Thanks Mike

If I'm taking an existing Server 2012 R2 server and removing it form the Domain to air-gap it, and it currently has a repository and VM's replicated by Veeam, any special steps I need to take?
Blue407
Enthusiast
 
Posts: 44
Liked: 9 times
Joined: Tue Apr 12, 2016 2:14 pm
Full Name: Paul Thomas

Re: Using Veeam Replication to non-domain server

Veeam Logoby Mike Resseler » Mon May 15, 2017 10:40 am

Paul,

The server is added to your infrastructure as a domain server. So you will need to remove that one and add it as a new server (it becomes a new "identity"). I have never done such an operation but I assume that means recreating the jobs and point them to that "new" repository. I am afraid this will give you some work.

PS: This cannot be considered air-gap. (Sorry...). You still have connection from the domain to the non-domain and vice versa. So the moment the credentials are stolen... If you really are thinking about air-gap (and you should! I think you are right in being so scared for RansomWare... So am I) then consider Tape/ Cloud Connect provider/ Rotating Devices... I know you probably will say that you have to work with the budget and so on... And I know that feeling very well from my previous life as administrator... But considering what has happened this weekend, I think you can make a good case to your management to get budget for a real air-gapped solution. (My additional 2 cents :-))
Mike Resseler
Veeam Software
 
Posts: 3150
Liked: 362 times
Joined: Fri Feb 08, 2013 3:08 pm
Location: Belgium, the land of the fries, the beer, the chocolate and the diamonds...
Full Name: Mike Resseler

Re: Using Veeam Replication to non-domain server

Veeam Logoby Blue407 » Mon May 15, 2017 10:47 am

Thanks for your thoughts.

We already backup to tape, this is going to be our off-site solution :) (Will be installed at another one of our offices in the UK)
The login account will use a complex password and will only be used in the Veeam backup and replication jobs. No Domain accounts will have rights on the machine.
Blue407
Enthusiast
 
Posts: 44
Liked: 9 times
Joined: Tue Apr 12, 2016 2:14 pm
Full Name: Paul Thomas

Re: Using Veeam Replication to non-domain server

Veeam Logoby Mike Resseler » Mon May 15, 2017 11:01 am 1 person likes this post

Glad to see you have an off-site solution!
Mike Resseler
Veeam Software
 
Posts: 3150
Liked: 362 times
Joined: Fri Feb 08, 2013 3:08 pm
Location: Belgium, the land of the fries, the beer, the chocolate and the diamonds...
Full Name: Mike Resseler


Return to Microsoft Hyper-V



Who is online

Users browsing this forum: No registered users and 4 guests