Endpoint Backup User repositoreis best practice

[alu]

Hello

My task is to back up notebooks from users with endpoint backup to a Veeam Server. Important is that the users can only see their own backup. My idea is to create for each user (~30) a repository and add the specific AD user. Is that the best way? Can the user do a recovery on their own?
Or is it better with encryption (not on users harddrive)?

Thanks

[Dima P.]

Hello alu,

That is a perfect idea, the best is, however, to set up a dedicated ‘backup’ account for every user and let only VEB job know the creds (BTW AD computer accounts can be used for setting the access to the repository). With last approach you will protect your backups in the repository from unauthorized access of malware that can be executed by regular end user account. Encryption on backup repository can help as well.

[poussah]

Follow up question: if the repository is authorized for all relevant AD users but the storage target (NAS) is on a separate network and thus not directly accessible to the users, could a malware damage the backup files?

[Dima P.]

Renaud,

Most likely NAS remains hidden.

[Vitaliy S.]

My question is, how secure will be Mike_BK credential stored inside Veeam software? Do you guys encrypt the credentials or something like that?

Yes, all user sensitive data is encrypted with machine specific key using WinAPI.

In short, anyone would be able to create his "Backup Job for XYZ" inside /backup and put their files in there, but wouldn't be able to affect other user folders. Is that a good approach?

Yes, seems good to me.

[folerx]

ok, but what is best practices if b&r server is not domain member? one repository, multiple?
today i receive 6x8tb hdds and need to configure test repository. 50 clients in domain.
also how to schedule backup across day? wont overload repository. 3gb incremental per day/client changes.

[Vitaliy S.]

If Veeam B&R is not a member of a domain, you can still use 1 or multiple repositories, all VEB users will see only their backup files. Scheduling is a bit tricky, you need to do that for all clients individually. There is no central management for Veeam Endpoint Backup / Veeam Agent for Windows yet, however you can set a limit of concurrent tasks on the repository that would fit best to your deployment.