Host-based backup of VMware vSphere VMs.
Post Reply
jmc
Service Provider
Posts: 103
Liked: 9 times
Joined: Sep 12, 2011 11:49 am
Full Name: jmc
Location: Duisburg - Germany
Contact:

side by side backup permissions

Post by jmc »

hi @all,

today i got the following work:

i have 2 sites of one company (headquarter - department). on both sides are veeam b&r 9.5 on vsphere in separate systems (vcenter, hosts, veeam, licenses). both sides are connected per vpn with private ip adresses. each side backup his own vm's on the other side (remote repository). it works very well and both sides can backup the vm's at the other location.

each side has 2 veeam shares. one for local backup and one for the other remote location. this shares are disks in the veeam vm, no cifs shares on separate storages.

BUT:
when i look for repositories on one side, i can see BOTH shares. the remote, for my backups AND the remote side local where the other location backups his vm's localy.

Question:
how can i prevent each side to see only the right target and NOT all shares. i tried this with veeam permissons without success.

thx
jeff
"Who brakes late stays fast longer." - "Wer später bremst ist länger schnell"
foggy
Veeam Software
Posts: 21139
Liked: 2141 times
Joined: Jul 11, 2011 10:22 am
Full Name: Alexander Fogelson
Contact:

Re: side by side backup permissions

Post by foggy »

Do you mean in the local Veeam B&R instance you see the repository and backups created by remote Veeam B&R instance? Haven't you added the corresponding remote location as a repository to the local Veeam B&R instance? A screenshot would help to understand the concern.
jmc
Service Provider
Posts: 103
Liked: 9 times
Joined: Sep 12, 2011 11:49 am
Full Name: jmc
Location: Duisburg - Germany
Contact:

Re: side by side backup permissions

Post by jmc »

hi foogy,

i will try to explain it more simple. (i have no idea how i can attach screenshots to this threat)

i have a local B&R installation with server, proxy, repository and a second remote installation with server, proxy and repository. the remote side has 2 disks. one for his own local backups and one for my backup copy jobs.

now i define a new backup repository for the remote side as target for my backup jobs:

- backup infrastucture
- backup repository
- add backup repository
- name, type (windows server)

NOW:
- server and repository server
when i take the remote side and press populate, THAN i can see ALL on the remote side defines repositories. the disk for his local backups and the disk for my backup copy jobs.

what i want is to see ONLY the disk defined for my copy jobs.

at the moment i could attach the repository for the remote side local backups and i have full access to their backups. OK, i could define an encryption password, but that's not the same.

how can i define the remote side to populate ONLY the repository for use for me?

thx
jeff
"Who brakes late stays fast longer." - "Wer später bremst ist länger schnell"
foggy
Veeam Software
Posts: 21139
Liked: 2141 times
Joined: Jul 11, 2011 10:22 am
Full Name: Alexander Fogelson
Contact:

Re: side by side backup permissions

Post by foggy »

When you're adding Windows server as repository, you're seeing all the disks of that server, this is expected. To restrict access to some of the disks/folders you can use NTFS permissions.
Vitaliy S.
VP, Product Management
Posts: 27377
Liked: 2802 times
Joined: Mar 30, 2009 9:13 am
Full Name: Vitaliy Safarov
Contact:

Re: side by side backup permissions

Post by Vitaliy S. »

...or you can re-configure your repositories structures, so that remote share (repository) is not located on the backup server (Veeam VM). Place it on another server to achieve your goal.
jmc
Service Provider
Posts: 103
Liked: 9 times
Joined: Sep 12, 2011 11:49 am
Full Name: jmc
Location: Duisburg - Germany
Contact:

Re: side by side backup permissions

Post by jmc »

hello,

use a new server would be work, but need a new installation and one more vm.

BUT how do you realize this with ntfs permission? all veeam services running under system or a specific user. i have no option to give a user to the new backup repository.

thx
jeff
"Who brakes late stays fast longer." - "Wer später bremst ist länger schnell"
foggy
Veeam Software
Posts: 21139
Liked: 2141 times
Joined: Jul 11, 2011 10:22 am
Full Name: Alexander Fogelson
Contact:

Re: side by side backup permissions

Post by foggy »

If you deny that user access to the remote folder and enable access-based enumeration on it, the user will not see this folder.
jmc
Service Provider
Posts: 103
Liked: 9 times
Joined: Sep 12, 2011 11:49 am
Full Name: jmc
Location: Duisburg - Germany
Contact:

Re: side by side backup permissions

Post by jmc »

hi foggy,

i don't understand. This feature is active only when viewing files and folders in a shared folder; it is not active when viewing files and folders in the local file system. to propagate remote storage i can use ONLY local volumes. when i use shared folders, than i can use this for local backups, but not for remote. i don't see this shared folders at the remote side.

jeff
"Who brakes late stays fast longer." - "Wer später bremst ist länger schnell"
foggy
Veeam Software
Posts: 21139
Liked: 2141 times
Joined: Jul 11, 2011 10:22 am
Full Name: Alexander Fogelson
Contact:

Re: side by side backup permissions

Post by foggy »

In case of local folders you can restrict access to the folder so that the user could see it but not be able to open.
jmc
Service Provider
Posts: 103
Liked: 9 times
Joined: Sep 12, 2011 11:49 am
Full Name: jmc
Location: Duisburg - Germany
Contact:

Re: side by side backup permissions

Post by jmc »

hi foggy,

i have tested it very much per different ways, but i got no success. the problem is, that i have only one local service account to start veeam. when i connect remote, than i have NO different user on the other side. for that i could not restrict folder without different accounts. the remote veeam side does not reflect their account to my side. i got all time the local service account as user to controll access.

jeff
"Who brakes late stays fast longer." - "Wer später bremst ist länger schnell"
foggy
Veeam Software
Posts: 21139
Liked: 2141 times
Joined: Jul 11, 2011 10:22 am
Full Name: Alexander Fogelson
Contact:

Re: side by side backup permissions

Post by foggy »

I do not see any other workarounds except adding another account and restricting its permissions.
jmc
Service Provider
Posts: 103
Liked: 9 times
Joined: Sep 12, 2011 11:49 am
Full Name: jmc
Location: Duisburg - Germany
Contact:

Re: side by side backup permissions

Post by jmc »

hi foggy,

how can i adding a new or other account to veeam that i can define permissions to the folder? i have no way at the remote side to define a user for access the windows server. i can set agent permissions, but that's for endpoint backups.

is it possible to give me an example or steps to do that?

thx
jeff
"Who brakes late stays fast longer." - "Wer später bremst ist länger schnell"
foggy
Veeam Software
Posts: 21139
Liked: 2141 times
Joined: Jul 11, 2011 10:22 am
Full Name: Alexander Fogelson
Contact:

Re: side by side backup permissions

Post by foggy »

I didn't mean Veeam B&R account, but Windows one. And connecting to remote server under the account that doesn't have rights to see the folders. But seems this is not applicable in your case.
jmc
Service Provider
Posts: 103
Liked: 9 times
Joined: Sep 12, 2011 11:49 am
Full Name: jmc
Location: Duisburg - Germany
Contact:

Re: side by side backup permissions

Post by jmc »

ok,

but could i have a way to set up different proxy and repository server? proxy and repository on a separate windows server per repository? all veeam services with a different windows account. ....

when i have a local repository and a remote repository than i will setup one backup server, 2 proxy & repository - each with repository. one proxy/repo for local and one for remote.

could this work or i'm crazy wrong?

jeff
"Who brakes late stays fast longer." - "Wer später bremst ist länger schnell"
foggy
Veeam Software
Posts: 21139
Liked: 2141 times
Joined: Jul 11, 2011 10:22 am
Full Name: Alexander Fogelson
Contact:

Re: side by side backup permissions

Post by foggy »

Yes, in fact that's exactly what Vitaliy has suggested above.
jmc
Service Provider
Posts: 103
Liked: 9 times
Joined: Sep 12, 2011 11:49 am
Full Name: jmc
Location: Duisburg - Germany
Contact:

Re: side by side backup permissions

Post by jmc »

ups,

yes, you are right. my fault. some times it is better to read a post again.

thank's so much for your support.
jeff
"Who brakes late stays fast longer." - "Wer später bremst ist länger schnell"
veremin
Product Manager
Posts: 20415
Liked: 2302 times
Joined: Oct 26, 2012 3:28 pm
Full Name: Vladimir Eremin
Contact:

Re: side by side backup permissions

Post by veremin »

Sometimes you need a separate pair of eyes to get the right perspective on the problem. :)

Anyway glad to hear that you're up and running now.

Thanks.
Post Reply

Who is online

Users browsing this forum: Google [Bot] and 23 guests