-
- Veteran
- Posts: 636
- Liked: 100 times
- Joined: Mar 23, 2018 4:43 pm
- Full Name: EJ
- Location: London
- Contact:
Backing up DMZ servers
Has Veeam got a recommendation for backing up DMZ servers. By DMZ I mean servers which are mostly blocked from accessing the internal network where your B&R and repository servers are.
My plan at the moment is to try and work out if we can open ports to allow Veeam to communicate with the DMZ servers. But I'm not sure if that will be possible. Was wondering if there was any other way?
My plan at the moment is to try and work out if we can open ports to allow Veeam to communicate with the DMZ servers. But I'm not sure if that will be possible. Was wondering if there was any other way?
-
- VP, Product Management
- Posts: 27377
- Liked: 2800 times
- Joined: Mar 30, 2009 9:13 am
- Full Name: Vitaliy Safarov
- Contact:
Re: Backing up DMZ servers
Hello,
Opening the required ports for communication between all components should do the trick. Here is the user guide page for further reading > Used Ports. Additionally, you may need to install guest interaction proxy for application consistent backups > Guest Interaction Proxy
Thank you!
Opening the required ports for communication between all components should do the trick. Here is the user guide page for further reading > Used Ports. Additionally, you may need to install guest interaction proxy for application consistent backups > Guest Interaction Proxy
Thank you!
-
- Expert
- Posts: 160
- Liked: 28 times
- Joined: Sep 29, 2017 8:07 pm
- Contact:
Re: Backing up DMZ servers
We backup our systems in our DMZ. We got the ports and stuff all working. The only issue I have is that for some reason I cannot authenticate to the DMZ VMs with my active directory credentials as I get error during logon (not bad password). The systems are on the domain and can reach a DC. I have to use a local account on the Hypervisor. Connecting to guests with AD works fine though. No idea why, but our DMZ is small so I don't really care that much as long as it works.
So yes, definitely doable.
So yes, definitely doable.
-
- VP, Product Management
- Posts: 27377
- Liked: 2800 times
- Joined: Mar 30, 2009 9:13 am
- Full Name: Vitaliy Safarov
- Contact:
Re: Backing up DMZ servers
You're running vSphere, aren't you? This happens because remote connection is done via VIX API. Here is a bit more info on the issue you have. Hope this helps!Mgamerz wrote:The only issue I have is that for some reason I cannot authenticate to the DMZ VMs with my active directory credentials as I get error during logon (not bad password). The systems are on the domain and can reach a DC
-
- Enthusiast
- Posts: 62
- Liked: 7 times
- Joined: Feb 01, 2012 2:24 am
- Full Name: George Parker
- Contact:
Re: Backing up DMZ servers
If your DMZ servers are VMs, you can easily create crash-consistent backups of them without having to open any firewall ports. The B&R server logs onto vCenter and essentially just backs up vmdk files, irrespective of whet networks the VMs are on. Am I missing something here?
-
- VP, Product Management
- Posts: 27377
- Liked: 2800 times
- Joined: Mar 30, 2009 9:13 am
- Full Name: Vitaliy Safarov
- Contact:
Re: Backing up DMZ servers
Hi George, actually, you can create both crash-consistent and application-consistent backups of DMZ VMs (via VIX APIs).
-
- Enthusiast
- Posts: 62
- Liked: 7 times
- Joined: Feb 01, 2012 2:24 am
- Full Name: George Parker
- Contact:
Re: Backing up DMZ servers
Hi, thanks for confirming that. The questioner asked if it’s possible to backup their DMZ servers without opening any firewall ports, my response and your confirmation advises the poster that it can be achieved if they’re happy with crash consistent backups.
-
- VP, Product Management
- Posts: 27377
- Liked: 2800 times
- Joined: Mar 30, 2009 9:13 am
- Full Name: Vitaliy Safarov
- Contact:
Re: Backing up DMZ servers
You're welcome! BTW, application-aware backups are possible even without direct network connection, so there is no need to agree with a trade-off of having crash consistent backups
-
- Veteran
- Posts: 636
- Liked: 100 times
- Joined: Mar 23, 2018 4:43 pm
- Full Name: EJ
- Location: London
- Contact:
Re: Backing up DMZ servers
I should have made clear, it will be using Veeam Agent for Windows - physical machines.
I'll have a look at the guide above.
One tip to anyone else reading this is that Windows Server 2016 implements UAC for remote connections. That can cause a bit of head scratching.
I've also had to add hosts to the host file because the DMZ server can't resolve DNS names of the Veeam servers.
I'll have a look at the guide above.
One tip to anyone else reading this is that Windows Server 2016 implements UAC for remote connections. That can cause a bit of head scratching.
I've also had to add hosts to the host file because the DMZ server can't resolve DNS names of the Veeam servers.
-
- Veeam Software
- Posts: 21139
- Liked: 2141 times
- Joined: Jul 11, 2011 10:22 am
- Full Name: Alexander Fogelson
- Contact:
Re: Backing up DMZ servers
Then here's the ports list you should review.
-
- Expert
- Posts: 160
- Liked: 28 times
- Joined: Sep 29, 2017 8:07 pm
- Contact:
Re: Backing up DMZ servers
Nope, we use Hyper-V Server.Vitaliy S. wrote: ↑Sep 24, 2018 7:49 pm You're running vSphere, aren't you? This happens because remote connection is done via VIX API. Here is a bit more info on the issue you have. Hope this helps!
-
- VP, Product Management
- Posts: 27377
- Liked: 2800 times
- Joined: Mar 30, 2009 9:13 am
- Full Name: Vitaliy Safarov
- Contact:
Re: Backing up DMZ servers
Ok, in this case I would suggest to review the debug logs or set up the guest interaction proxy to re-confirm this behavior with AD accounts.
-
- Veteran
- Posts: 636
- Liked: 100 times
- Joined: Mar 23, 2018 4:43 pm
- Full Name: EJ
- Location: London
- Contact:
Re: Backing up DMZ servers
I'm getting the error which says "Error: Managed session xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx has failed unexpectedly"
From the limited info available on that, it appears this is an indication that the source can't access the target.
This DMZ server isn't a domain member so it does not have permission to access the repository and I'm guessing at the moment, where I should be looking unless anybody has any better ideas?
From the limited info available on that, it appears this is an indication that the source can't access the target.
This DMZ server isn't a domain member so it does not have permission to access the repository and I'm guessing at the moment, where I should be looking unless anybody has any better ideas?
-
- VP, Product Management
- Posts: 27377
- Liked: 2800 times
- Joined: Mar 30, 2009 9:13 am
- Full Name: Vitaliy Safarov
- Contact:
Re: Backing up DMZ servers
Into the debug logs files Please contact our technical team to assist you with this. Thanks!
Who is online
Users browsing this forum: No registered users and 3 guests