Hi,
according to Veeam Support - Case # 07172674, I would like to open a feature request based to the already existing Forum topic veeam-backup-replication-f2/manual-inst ... 79819.html
Thanks @kaysond and @HannesK.
I would like to request an officially way + user guide description, how a Veeam transport service on Linux can be installed manually and not via Veeam GUI by using a "elevated to root permissions" account from the VBR-Server.
Additionally, a VBR-GUI modification would be also required. Instead of deploy Veeam Data Mover, a connect to existing Veeam Data Mover should be possible from VBR system, based to:
https://helpcenter.veeam.com/docs/backu ... ml?ver=120
Further it would be very needful, if this "connect to existing Veeam Data Mover" option would work without any OS account credentials. All this should be possible in fact that the current connection communication already works via certificates and user less.
Thank you
-
TheBrain82
- Influencer
- Posts: 14
- Liked: never
- Joined: Mar 01, 2022 1:53 pm
- Full Name: Oleg the Brain
- Contact:
-
HannesK
- Product Manager
- Posts: 14322
- Liked: 2890 times
- Joined: Sep 01, 2014 11:46 am
- Full Name: Hannes Kasparick
- Location: Austria
- Contact:
Re: Feature request about a new hardened repository deployment option
Hello,
there are some ideas around that. Could you maybe tell me what you try to achieve to see whether our ideas match with your goal? The main question is, how to get certificates to the machine and how to make that user friendly (we only want to allow a legitimate backup server to connect)
Best regards,
Hannes
there are some ideas around that. Could you maybe tell me what you try to achieve to see whether our ideas match with your goal? The main question is, how to get certificates to the machine and how to make that user friendly (we only want to allow a legitimate backup server to connect)
Best regards,
Hannes
-
TheBrain82
- Influencer
- Posts: 14
- Liked: never
- Joined: Mar 01, 2022 1:53 pm
- Full Name: Oleg the Brain
- Contact:
Re: Feature request about a new hardened repository deployment option
Hello Hannes,
I am working for an IT Enterprise company with several thousand employees. All working teams are separated by their topics. For example, there are Linux Managed_OS teams and separated Backup teams. Now it appears, that the Linux guys do not likely create users with "elevated to root permissions" permissions to share the passwords of this user to other teams. Additionally, they are not happy when someone enters these passwords inside of any windows systems.
Believe me, there is a huge special operational security exception required to get this realized for a specific period of time. 
.
Therefore, it would be needful, if the Linux guys are able to install the Linux based Veeam components by themself in their managed Linux System and the backup/windows guys do not have to deal with any shared "elevated to root permissions" user credentials.
Regards
I am working for an IT Enterprise company with several thousand employees. All working teams are separated by their topics. For example, there are Linux Managed_OS teams and separated Backup teams. Now it appears, that the Linux guys do not likely create users with "elevated to root permissions" permissions to share the passwords of this user to other teams. Additionally, they are not happy when someone enters these passwords inside of any windows systems.
Believe me, there is a huge special operational security exception required to get this realized for a specific period of time. . Therefore, it would be needful, if the Linux guys are able to install the Linux based Veeam components by themself in their managed Linux System and the backup/windows guys do not have to deal with any shared "elevated to root permissions" user credentials.
Regards
-
HannesK
- Product Manager
- Posts: 14322
- Liked: 2890 times
- Joined: Sep 01, 2014 11:46 am
- Full Name: Hannes Kasparick
- Location: Austria
- Contact:
Re: Feature request about a new hardened repository deployment option
Hello,
that sounds fair. Would the Linux team be willing to place a file (certificate) on their Linux machines that we can use to secure the initial connection? Otherwise it's hard to start the "chain of trust" (we also have a "plan B", but placing the certificate would be the easiest one).
Best regards,
Hannes
that sounds fair. Would the Linux team be willing to place a file (certificate) on their Linux machines that we can use to secure the initial connection? Otherwise it's hard to start the "chain of trust" (we also have a "plan B", but placing the certificate would be the easiest one).
Best regards,
Hannes
-
TheBrain82
- Influencer
- Posts: 14
- Liked: never
- Joined: Mar 01, 2022 1:53 pm
- Full Name: Oleg the Brain
- Contact:
Re: Feature request about a new hardened repository deployment option
Hello Hannes,
I just had a chat with one of our Linux colleages. He confirmed that it wouldn`t be a problem for us to place a file (certificate) on our Linux machine to establish a secure initial connection.
Best of luck!
I just had a chat with one of our Linux colleages. He confirmed that it wouldn`t be a problem for us to place a file (certificate) on our Linux machine to establish a secure initial connection.
Best of luck!
-
HannesK
- Product Manager
- Posts: 14322
- Liked: 2890 times
- Joined: Sep 01, 2014 11:46 am
- Full Name: Hannes Kasparick
- Location: Austria
- Contact:
Re: Feature request about a new hardened repository deployment option
ok thanks. I will add that information to the existing feature request
Who is online
Users browsing this forum: Google [Bot], Semrush [Bot] and 93 guests