Monitoring and reporting for Veeam Data Platform
Post Reply
TimLawhead
Enthusiast
Posts: 40
Liked: 4 times
Joined: Mar 05, 2019 3:29 pm
Full Name: Tim Lawhead
Contact:

Veeam ONE sending unwanted network traffic to guest VMs. No Windows VMs Guest OS Creds in Server Settings

Post by TimLawhead »

Case #04450186
Veeam ONE version: 10.0.2.1094

I am finding on my Guest VMs that our Symantec Endpoint Protection is blocking traffic on dynamic incoming ports from my Veeam ONE server.

I don't have a username/password in the Windows VM Guest OS Credentials and I can't find any other features or reasons why the Veeam ONE server would be talking to my Guest VMs.

I'd be ok with communication between Veeam ONE and Guest VMs if I were to provide credentials under the Server Settings -> Credentials tab or for specific VMs if I provided the UN/PW under the Processes or Services tab of an individual server, but I don't want generic traffic going on.

I'm curious why Veeam ONE is reaching out to my Guest VMs and whether I can turn it off? Anyone else run across this?

TIA
Tim
Vitaliy S.
VP, Product Management
Posts: 27055
Liked: 2710 times
Joined: Mar 30, 2009 9:13 am
Full Name: Vitaliy Safarov
Contact:

Re: Veeam ONE sending unwanted network traffic to guest VMs. No Windows VMs Guest OS Creds in Server Settings

Post by Vitaliy S. »

Hi Tim,

Do you have any of the guest OS (services/processes) alarms enabled? For example, to monitor the service state or performance metrics for processes?

Thanks!
TimLawhead
Enthusiast
Posts: 40
Liked: 4 times
Joined: Mar 05, 2019 3:29 pm
Full Name: Tim Lawhead
Contact:

Re: Veeam ONE sending unwanted network traffic to guest VMs. No Windows VMs Guest OS Creds in Server Settings

Post by TimLawhead »

Yes. There are some predefined alarms for Guest Customization Failure, Guest Disk Space, Guest processes collection failure, and Guest services collection failure that are enabled.

My network team ran across the traffic from the Veeam ONE to the Guest VMs and was asking if it was legit traffic.

Support wrote back:
Veeam ONE communicates with vSphere's API on TCP 443 by default (https://helpcenter.veeam.com/docs/one/d ... ml?ver=100).

For In-Guest interaction, Veeam ONE uses the following:

Microsoft Windows VM Guest OS TCP 135, 445, dynamically assigned ports
Required to monitor Microsoft Windows VM guest OS processes and services.

Linux VM Guest OS TCP 22
Required to monitor Linux VM guest OS processes and services.

Since VMware Tools is required for monitoring the In-Guest Processes/Services (https://helpcenter.veeam.com/docs/one/m ... ml?ver=100) by Veeam ONE, I would expect communication between the two as part of this functionality if used.
I am asking for a clarification about whether these predefined alarms will work without a valid Guest VM OS Credential since they may be leveraging the VMware APIs in talking to VMware Tools.
Vitaliy S.
VP, Product Management
Posts: 27055
Liked: 2710 times
Joined: Mar 30, 2009 9:13 am
Full Name: Vitaliy Safarov
Contact:

Re: Veeam ONE sending unwanted network traffic to guest VMs. No Windows VMs Guest OS Creds in Server Settings

Post by Vitaliy S. »

Got it! Let me ask our RnD team to review what's causing it and I will post back. Thanks!
Vitaliy S.
VP, Product Management
Posts: 27055
Liked: 2710 times
Joined: Mar 30, 2009 9:13 am
Full Name: Vitaliy Safarov
Contact:

Re: Veeam ONE sending unwanted network traffic to guest VMs. No Windows VMs Guest OS Creds in Server Settings

Post by Vitaliy S. »

If Guest OS credentials are not set, then there should not be any attempts of reaching out to the VM. BTW, do you have other VMs enabled for monitoring the Guest OS services and processes?
TimLawhead
Enthusiast
Posts: 40
Liked: 4 times
Joined: Mar 05, 2019 3:29 pm
Full Name: Tim Lawhead
Contact:

Re: Veeam ONE sending unwanted network traffic to guest VMs. No Windows VMs Guest OS Creds in Server Settings

Post by TimLawhead »

I did a Wireshark capture on the Veeam ONE server and can see it sending DCERPC/TCP/IOXIDR_ (Operation: SimplePing (1)) packets to guest VMs that have no credentials set.

The way I read the support response was that the VMware API would be leveraged using the vCenter credentials and it's a call to the VMware Tools on the Guest VM..., which would make this traffic legitimate.

My questions are is that true, the vCenter Credentials are used to call on Guest VMs and I should expect to see traffic. And if that is true, does providing Guest VM credentials allow for more information to be gathered from the Guest OS? i.e. does the VMware Tools API not have the ability to look at Guest VM Services and Processes and start/restart them?
Vitaliy S.
VP, Product Management
Posts: 27055
Liked: 2710 times
Joined: Mar 30, 2009 9:13 am
Full Name: Vitaliy Safarov
Contact:

Re: Veeam ONE sending unwanted network traffic to guest VMs. No Windows VMs Guest OS Creds in Server Settings

Post by Vitaliy S. »

VMware Tools data is not gathered directly from the Guest VM, it is collected via vSphere API, so you should not see any traffic from Veeam ONE server to Guest VMs in this case. The only situations I'm aware of with the traffic are the following:

1. You right-click on the VM to connect to it via RDP or PuTTy, and this action triggers a call to the Guest VM to detect the type of the installed OS.
2. If you ever logged in to see processes and services for a given VM, then Veeam ONE server will continue sending calls to this VM for services/processes data even when if cleared out the credentials for this VM. This is a known issue and will be fixed in the upcoming major version release.

Do you possibly face #2 in your research?
TimLawhead
Enthusiast
Posts: 40
Liked: 4 times
Joined: Mar 05, 2019 3:29 pm
Full Name: Tim Lawhead
Contact:

Re: Veeam ONE sending unwanted network traffic to guest VMs. No Windows VMs Guest OS Creds in Server Settings

Post by TimLawhead »

There is a chance that during the setup of Veeam ONE, when it was 9.5, I could've added a Guest VM Credentials and then took them out. It was over a year ago... so I'm not certain. I don't see any Guest VM credentials in now.
Vitaliy S.
VP, Product Management
Posts: 27055
Liked: 2710 times
Joined: Mar 30, 2009 9:13 am
Full Name: Vitaliy Safarov
Contact:

Re: Veeam ONE sending unwanted network traffic to guest VMs. No Windows VMs Guest OS Creds in Server Settings

Post by Vitaliy S. » 1 person likes this post

Ok, so let's do the following (if it is OK with you): once v11 is released (soon), please take a look at the network traffic once again, it should be gone. If not, then let's sync up and open the support case for further troubleshooting. Our QA team confirms there is no traffic between Veeam ONE server and VM Guests in v11, so it looks like you've faced that bug in your environment.
TimLawhead
Enthusiast
Posts: 40
Liked: 4 times
Joined: Mar 05, 2019 3:29 pm
Full Name: Tim Lawhead
Contact:

Re: Veeam ONE sending unwanted network traffic to guest VMs. No Windows VMs Guest OS Creds in Server Settings

Post by TimLawhead » 1 person likes this post

I'll swing back around to this when I've upgraded to v11.
Post Reply

Who is online

Users browsing this forum: No registered users and 12 guests