Hi,
We are designing a solution for a customer who uses the ISA 95 manufacturing model. They currently have Veeam in the trusted corporate LAN where their user PC reside backing up to direct storage on the Veeam server. They also have multiple networks behind a DMZ separated by a firewall where there are 2 Hyper-V servers that will need the VM backing up.. Anything in these restricted networks can't access the internet by design. Would the best approach be to use their current Veeam installation and open the required ports on the Firewall to access the Hyper-V servers in the restricted networks? Also, their repository for these Hyper-V servers is a NAS that resides in the restricted network. I believe the reason for this is that the backup traffic will have to pass over the Firewall which is slow and their data is 10+TB with a high change rate.
Thanks,
Matt
-
- Service Provider
- Posts: 211
- Liked: 21 times
- Joined: May 30, 2012 11:58 am
- Full Name: Matt Peek
- Contact:
Veeam in multiple restricted networks
Matt Peek
VMCE 2021
VMCE 2021
-
- Veeam Software
- Posts: 3708
- Liked: 621 times
- Joined: Aug 28, 2013 8:23 am
- Full Name: Petr Makarov
- Location: Prague, Czech Republic
- Contact:
Re: Veeam in multiple restricted networks
Hi Matt,
From a security perspective, I guess it's not a problem to let Veeam B&R which is located in the trusted LAN orchestrate jobs for the workloads running on Hyper-V servers. For instance, you may refer to this page of our best practices guide to get more info about typical zones segmentation methods.
The backup traffic will go from the Hyper-V host to the repository because the source Data Mover is running on the host itself (unless off-host mode is used). As far as I understand, the Hyper-V hosts and the repositories are located in the same network segment, therefore backup traffic will not pass the firewall. However, the management traffic will go through the firewall because Veeam B&R is located in another network but it will not impact backup performance.
Thanks!
From a security perspective, I guess it's not a problem to let Veeam B&R which is located in the trusted LAN orchestrate jobs for the workloads running on Hyper-V servers. For instance, you may refer to this page of our best practices guide to get more info about typical zones segmentation methods.
The backup traffic will go from the Hyper-V host to the repository because the source Data Mover is running on the host itself (unless off-host mode is used). As far as I understand, the Hyper-V hosts and the repositories are located in the same network segment, therefore backup traffic will not pass the firewall. However, the management traffic will go through the firewall because Veeam B&R is located in another network but it will not impact backup performance.
Thanks!
Who is online
Users browsing this forum: No registered users and 65 guests