Upcoming V13 NTLM Deprecation

[ENBS]

Hi,

i've read in the "whats new in V13 https://www.veeam.com/veeam_backup_13_whats_new__wn.pdf " that NTLM will be changed out in favor of Kerberos. As I'm currently testing the v13 appliance and having encountered Authproblems when trying to connect to SMB-Repositories not connected to an AD i'm wondering if this will also apply to the final V13 on windows?

We are running all our Hyperv-Hosts without a Domain on a seperate Network and even offsite where the firewall blocks the return-traffic ("run server on this side" helps here). We connect the Servers through IP or HOST-File-entrys. Will this be supported in the future?

[Egor Yakovlev]

Hi ENBS,

For Windows VBR, NTLM will remain available after upgrade. Just as today with V12, the choice between Kerberos and NTLM when both are available will be based on the OS settings, that is Veeam will use whatever protocol the OS is configured to use. Of course by default Kerberos has preference and overall we highly recommend that you start deprecating NTLM usage.

The software appliance on the other hand operates in FIPS certified mode and has DISA STIG hardening applied, which makes it impossible for us to use NTLM in principle.

P.S. Hyper-V communication without domain is not a problem for software appliance, you just need to use Veeam Deployment Kit.