Agent-based backup of Windows, Linux, Max, AIX and Solaris machines.
Post Reply
ejenner
Veteran
Posts: 636
Liked: 100 times
Joined: Mar 23, 2018 4:43 pm
Full Name: EJ
Location: London
Contact:

Backing up DMZ servers

Post by ejenner »

Has Veeam got a recommendation for backing up DMZ servers. By DMZ I mean servers which are mostly blocked from accessing the internal network where your B&R and repository servers are.

My plan at the moment is to try and work out if we can open ports to allow Veeam to communicate with the DMZ servers. But I'm not sure if that will be possible. Was wondering if there was any other way?
Vitaliy S.
VP, Product Management
Posts: 27377
Liked: 2800 times
Joined: Mar 30, 2009 9:13 am
Full Name: Vitaliy Safarov
Contact:

Re: Backing up DMZ servers

Post by Vitaliy S. »

Hello,

Opening the required ports for communication between all components should do the trick. Here is the user guide page for further reading > Used Ports. Additionally, you may need to install guest interaction proxy for application consistent backups > Guest Interaction Proxy

Thank you!
Mgamerz
Expert
Posts: 160
Liked: 28 times
Joined: Sep 29, 2017 8:07 pm
Contact:

Re: Backing up DMZ servers

Post by Mgamerz »

We backup our systems in our DMZ. We got the ports and stuff all working. The only issue I have is that for some reason I cannot authenticate to the DMZ VMs with my active directory credentials as I get error during logon (not bad password). The systems are on the domain and can reach a DC. I have to use a local account on the Hypervisor. Connecting to guests with AD works fine though. No idea why, but our DMZ is small so I don't really care that much as long as it works.

So yes, definitely doable.
Vitaliy S.
VP, Product Management
Posts: 27377
Liked: 2800 times
Joined: Mar 30, 2009 9:13 am
Full Name: Vitaliy Safarov
Contact:

Re: Backing up DMZ servers

Post by Vitaliy S. »

Mgamerz wrote:The only issue I have is that for some reason I cannot authenticate to the DMZ VMs with my active directory credentials as I get error during logon (not bad password). The systems are on the domain and can reach a DC
You're running vSphere, aren't you? This happens because remote connection is done via VIX API. Here is a bit more info on the issue you have. Hope this helps!
gparker
Enthusiast
Posts: 62
Liked: 7 times
Joined: Feb 01, 2012 2:24 am
Full Name: George Parker
Contact:

Re: Backing up DMZ servers

Post by gparker »

If your DMZ servers are VMs, you can easily create crash-consistent backups of them without having to open any firewall ports. The B&R server logs onto vCenter and essentially just backs up vmdk files, irrespective of whet networks the VMs are on. Am I missing something here?
Vitaliy S.
VP, Product Management
Posts: 27377
Liked: 2800 times
Joined: Mar 30, 2009 9:13 am
Full Name: Vitaliy Safarov
Contact:

Re: Backing up DMZ servers

Post by Vitaliy S. »

Hi George, actually, you can create both crash-consistent and application-consistent backups of DMZ VMs (via VIX APIs).
gparker
Enthusiast
Posts: 62
Liked: 7 times
Joined: Feb 01, 2012 2:24 am
Full Name: George Parker
Contact:

Re: Backing up DMZ servers

Post by gparker »

Hi, thanks for confirming that. The questioner asked if it’s possible to backup their DMZ servers without opening any firewall ports, my response and your confirmation advises the poster that it can be achieved if they’re happy with crash consistent backups.
Vitaliy S.
VP, Product Management
Posts: 27377
Liked: 2800 times
Joined: Mar 30, 2009 9:13 am
Full Name: Vitaliy Safarov
Contact:

Re: Backing up DMZ servers

Post by Vitaliy S. »

You're welcome! BTW, application-aware backups are possible even without direct network connection, so there is no need to agree with a trade-off of having crash consistent backups ;)
ejenner
Veteran
Posts: 636
Liked: 100 times
Joined: Mar 23, 2018 4:43 pm
Full Name: EJ
Location: London
Contact:

Re: Backing up DMZ servers

Post by ejenner »

I should have made clear, it will be using Veeam Agent for Windows - physical machines.

I'll have a look at the guide above.

One tip to anyone else reading this is that Windows Server 2016 implements UAC for remote connections. That can cause a bit of head scratching.

I've also had to add hosts to the host file because the DMZ server can't resolve DNS names of the Veeam servers.
foggy
Veeam Software
Posts: 21139
Liked: 2141 times
Joined: Jul 11, 2011 10:22 am
Full Name: Alexander Fogelson
Contact:

Re: Backing up DMZ servers

Post by foggy »

ejenner wrote: Sep 27, 2018 12:21 pm I should have made clear, it will be using Veeam Agent for Windows - physical machines.
Then here's the ports list you should review.
Mgamerz
Expert
Posts: 160
Liked: 28 times
Joined: Sep 29, 2017 8:07 pm
Contact:

Re: Backing up DMZ servers

Post by Mgamerz »

Vitaliy S. wrote: Sep 24, 2018 7:49 pm You're running vSphere, aren't you? This happens because remote connection is done via VIX API. Here is a bit more info on the issue you have. Hope this helps!
Nope, we use Hyper-V Server.
Vitaliy S.
VP, Product Management
Posts: 27377
Liked: 2800 times
Joined: Mar 30, 2009 9:13 am
Full Name: Vitaliy Safarov
Contact:

Re: Backing up DMZ servers

Post by Vitaliy S. »

Ok, in this case I would suggest to review the debug logs or set up the guest interaction proxy to re-confirm this behavior with AD accounts.
ejenner
Veteran
Posts: 636
Liked: 100 times
Joined: Mar 23, 2018 4:43 pm
Full Name: EJ
Location: London
Contact:

Re: Backing up DMZ servers

Post by ejenner »

I'm getting the error which says "Error: Managed session xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx has failed unexpectedly"

From the limited info available on that, it appears this is an indication that the source can't access the target.

This DMZ server isn't a domain member so it does not have permission to access the repository and I'm guessing at the moment, where I should be looking unless anybody has any better ideas?
Vitaliy S.
VP, Product Management
Posts: 27377
Liked: 2800 times
Joined: Mar 30, 2009 9:13 am
Full Name: Vitaliy Safarov
Contact:

Re: Backing up DMZ servers

Post by Vitaliy S. »

Into the debug logs files ;) Please contact our technical team to assist you with this. Thanks!
Post Reply

Who is online

Users browsing this forum: No registered users and 3 guests