In light of the huge amount of ransomewear attacks over the past few days, I'm taking the opportunity to review the protections we have in place.
Currently our Veeam server replicates our hyper-v VM's to an off-site server each day. This is a domain member server.
I am looking to remove this server from the Domain and create a local admin accpunt on it for Veeam to use.
Can Veeam replicate VM's to a non-domain server?
While asking questions, I presume this stand-alone server would still work as a backup repository as long as I enter the local account login details into the job?
-
Blue407
- Enthusiast
- Posts: 99
- Liked: 13 times
- Joined: Apr 12, 2016 2:14 pm
- Full Name: Paul Thomas
- Contact:
-
Mike Resseler
- Product Manager
- Posts: 8191
- Liked: 1322 times
- Joined: Feb 08, 2013 3:08 pm
- Full Name: Mike Resseler
- Location: Belgium
- Contact:
Re: Using Veeam Replication to non-domain server
Hi Paul,
No, the Hyper-V host does not have to be a domain member. As long as you have the correct credentials for it, you can do this.
And for your second question: Correct
Cheers
Mike
No, the Hyper-V host does not have to be a domain member. As long as you have the correct credentials for it, you can do this.
And for your second question: Correct
Cheers
Mike
-
Blue407
- Enthusiast
- Posts: 99
- Liked: 13 times
- Joined: Apr 12, 2016 2:14 pm
- Full Name: Paul Thomas
- Contact:
Re: Using Veeam Replication to non-domain server
Thanks Mike
If I'm taking an existing Server 2012 R2 server and removing it form the Domain to air-gap it, and it currently has a repository and VM's replicated by Veeam, any special steps I need to take?
If I'm taking an existing Server 2012 R2 server and removing it form the Domain to air-gap it, and it currently has a repository and VM's replicated by Veeam, any special steps I need to take?
-
Mike Resseler
- Product Manager
- Posts: 8191
- Liked: 1322 times
- Joined: Feb 08, 2013 3:08 pm
- Full Name: Mike Resseler
- Location: Belgium
- Contact:
Re: Using Veeam Replication to non-domain server
Paul,
The server is added to your infrastructure as a domain server. So you will need to remove that one and add it as a new server (it becomes a new "identity"). I have never done such an operation but I assume that means recreating the jobs and point them to that "new" repository. I am afraid this will give you some work.
PS: This cannot be considered air-gap. (Sorry...). You still have connection from the domain to the non-domain and vice versa. So the moment the credentials are stolen... If you really are thinking about air-gap (and you should! I think you are right in being so scared for RansomWare... So am I) then consider Tape/ Cloud Connect provider/ Rotating Devices... I know you probably will say that you have to work with the budget and so on... And I know that feeling very well from my previous life as administrator... But considering what has happened this weekend, I think you can make a good case to your management to get budget for a real air-gapped solution. (My additional 2 cents
)
The server is added to your infrastructure as a domain server. So you will need to remove that one and add it as a new server (it becomes a new "identity"). I have never done such an operation but I assume that means recreating the jobs and point them to that "new" repository. I am afraid this will give you some work.
PS: This cannot be considered air-gap. (Sorry...). You still have connection from the domain to the non-domain and vice versa. So the moment the credentials are stolen... If you really are thinking about air-gap (and you should! I think you are right in being so scared for RansomWare... So am I) then consider Tape/ Cloud Connect provider/ Rotating Devices... I know you probably will say that you have to work with the budget and so on... And I know that feeling very well from my previous life as administrator... But considering what has happened this weekend, I think you can make a good case to your management to get budget for a real air-gapped solution. (My additional 2 cents
)-
Blue407
- Enthusiast
- Posts: 99
- Liked: 13 times
- Joined: Apr 12, 2016 2:14 pm
- Full Name: Paul Thomas
- Contact:
Re: Using Veeam Replication to non-domain server
Thanks for your thoughts.
We already backup to tape, this is going to be our off-site solution (Will be installed at another one of our offices in the UK)
The login account will use a complex password and will only be used in the Veeam backup and replication jobs. No Domain accounts will have rights on the machine.
We already backup to tape, this is going to be our off-site solution
(Will be installed at another one of our offices in the UK)The login account will use a complex password and will only be used in the Veeam backup and replication jobs. No Domain accounts will have rights on the machine.
-
Mike Resseler
- Product Manager
- Posts: 8191
- Liked: 1322 times
- Joined: Feb 08, 2013 3:08 pm
- Full Name: Mike Resseler
- Location: Belgium
- Contact:
Re: Using Veeam Replication to non-domain server
Glad to see you have an off-site solution!
Who is online
Users browsing this forum: No registered users and 21 guests