vCenter 8.0 Update 2 Question

[MGT1981]

Hello,

I understand that vCenter 8.0 update 2 is not yet supported and will be supported in Veeam 12.1 when that is realeased. however i had 2 questions. First, what is the ETA for this release? and Second, one of the big feature upgrades for 8.0 update 2 is the ability to support Azure AD as an identity provider in vCenter (and conversely MFA through Azure AD). Will Veeam 12.1 also support Azure AD auth so we will be able to authenticate against Azure AD for our backup jobs?

[Mildur]

Hi MGT1981

We currently plan to release till end of 2023.

Second, one of the big feature upgrades for 8.0 update 2 is the ability to support Azure AD as an identity provider in vCenter (and conversely MFA through Azure AD). Will Veeam 12.1 also support Azure AD auth so we will be able to authenticate against Azure AD for our backup jobs?

MFA solutions don‘t work for a vCenter service account required by Veeam Backup & Replication. You would be required to provide a token/code for each rescan or backup session.

Best,
Fabian

[MGT1981]

are there any plans to add this functionality in in future releases? MFA for vCenter is a huge feature that is honestly well past due. I would think there has to be some way to make this work without having to MFA every time.

Could we maybe use a @vsphere.local account ?

[Gostev]

Veeam Backup & Replication has MFA too, and the way you address this very issue in our case is by disabling MFA for service accounts used by other applications to interact with a backup server (such as automation scripts). Does vSphere not provide a similar functionality?

[MGT1981]

Im sorry, I'm not sure i understand what you are asking Gostev. As far as i know up until vCenter 8.0 update 2 the only way you could MFA is with a smart card, RSA, or an external federated identity and i believe the only supported external providers were using full ADFS, or using Okta. Now with update 2 they allow for direct federation with Azure AD which in turn i can require MFA for those accounts to access vSphere.

The problem is not so much one of MFA'ing veeam. I know i can do that and the feature works great. the problem is more that the service accounts that Veeam uses for backing up VM's, by design need access to vCenter. i was HOPING that with the ability to use Azure AD as an identity provider Veeam would support that authentication (either via a token or something to that affect). If not then i will need to, as Fabian said, exclude this service account from MFA which is a bit of a security hole (granted no more than one that i already have) that i was hoping we could close. Basically the account that veeam uses to replicate VM's between hosts could essentially get into my vCenter and delete all of my VM's.

Again just more just asking the questions to see if its viable