Discussions specific to the Microsoft Hyper-V hypervisor
Post Reply
LMS
Influencer
Posts: 24
Liked: never
Joined: May 29, 2017 5:13 am
Full Name: MS Sunil
Contact:

VBR in security perspective

Post by LMS » Jun 11, 2017 4:46 pm

Hi

We are looking for security best practice recommendations with VBR. As of now using Windows Repositories (FC NetApp SAN), in Hyper V 2012 R2 environment. At present VBR is member of the same Domain, planning to create a separate dedicated AD Domain for VBR and make the VBR server member of this domain. What are the general practices on security perspective?

Thanks in advance

Mike Resseler
Product Manager
Posts: 5844
Liked: 640 times
Joined: Feb 08, 2013 3:08 pm
Full Name: Mike Resseler
Location: Belgium
Contact:

Re: VBR in security perspective

Post by Mike Resseler » Jun 12, 2017 5:54 am

Hi LMS,

I would not dare to say that there are general practices since many organizations will organize their security differently and based on those practice, you can work with VBR server also. A few things to think about:

1) Putting VBR server in a different domain is perfectly possible.
2) Try to use a specific username/ password (as lengthy as possible :-)) for your repository. Write it somewhere, put it in an envelope and move it to the companies safety vault
3) Depending on how many backup admins you have, try to keep them as low as possible and use roles in enterprise manager to keep the restore operators from seeing everything

These are just a few to start with. Obviously I would advise firewall (even windows firewall to start with) and blocking network traffic between servers and VBR if that is not necessary. But it would obviously take some time to map all that out

Just a start
Mike

jmmarton
Veeam Software
Posts: 1763
Liked: 244 times
Joined: Nov 17, 2015 2:38 am
Full Name: Joe Marton
Location: Chicago, IL
Contact:

Re: VBR in security perspective

Post by jmmarton » Jun 22, 2017 10:18 pm

Another thing to consider is to not join the repository to the domain and use a local user for it. Then continue on with step 2 that Mike outlined.

Joe

Post Reply

Who is online

Users browsing this forum: No registered users and 10 guests