Pre-freeze script in multi-tenant environment

[squebel]

I have a customer asking us to kick off a bat file on their vm that's hosted in our environment. Because this is a multi-tenant environment, we don't share networks and certainly don't share the same AD domain that would be used for authentication. The way I understand how the pre-freeze scripts work is they run as the system account that runs B&R but that service account user doesn't exist anywhere on our customer's server. So my question is: Is there any way to set up a backup job that can kick off a bat file that's inside my customer's vm that sits outside of our network? Can we use some part of the "Guest Processing" portion of a backup job config that would handle this? Or am I overthinking this?

[Mildur]

You can use vmware tools pre freeze scripts:
https://kb.vmware.com/s/article/1006671

In Veeam, activate VmwareTools Squiescence for that:
https://helpcenter.veeam.com/docs/backu ... ml?ver=110

[squebel]

@Mildur, thank you for the links to those articles. I just want to make sure I understand that this is likely the only way to kick off a bat file inside a guest vm given the situation I laid out in the original post

[Mildur]

Hi
Ok, I hope, I understand your question. You want to use post freeze scripts in your backup jobs and you have limited or zero access to the guest from your backup server?

The VBR Server needs to copy this scripts each time to the vm at the start of a backup.
Veeam will need to have access to the admin share (cifs protocoll) of the vm for this process.
Guest Credentials (you can use guest ad credentials for that) need to be configured in the vbr server and network connectivity must be possible for that.

There are other possibilities to do that, if you don‘t have network connection or don‘t want to open the firewall for cifs access to the admin share, and I think, rpc is also needed.
1. Use a Guest interaction Proxy in the customers network. This will help you to minimize the ports used between vbr and the entire customer networks
https://helpcenter.veeam.com/docs/backu ... ml?ver=110

2. Use VIX for distribution of the scripts in a running backup job. You will have to use guest credentials for that too. Without a user, you don‘t have the access rights.

3. Another thing would be todo scheduled tasks inside the vm.
Start the script for stopping a service at 10 PM
Start the backup Job at 10:15 PM
Start the script for starting a service at 10:30

There are not much possibilities running a script from veeam Backup Job without having access to the guest vms itself.

[squebel]

Yes, you are understanding our situation exactly and thank you for the the follow-up information. What you've said here makes sense to me and I greatly appreciate the different ideas and methods. I will try some of these out and see what we can come up with.

[Mildur]

With Veeam V11, there is a new possibility to use persistent Guest Agent.
This will reduce the firewall ports to a few ports only

https://helpcenter.veeam.com/docs/backu ... ml?ver=110