Firstly I've checked known issues and other threads although apologies if I've missed this.
On installation, following the documentation, we set up MFA for the main veeamadmin account and setup the security account veeamso. When I login to the console for the first time there is no sign of the MFA or the veeamso user I specified in the setup process. In fact in trying to enable MFA I had to set a config backup password and enable that first and then set up MFA all over again on the veeamadmin user. Is this expected? - Edited I see this veeam admin was for the appliance host management not the VBR console. This isn't clear in the documentation.
On installing the console on a Windows 11 laptop at the end of the installation it didn't prompt for a reboot, but the console would not connect until I rebooted my laptop and then it went straight in.
I really like the integrated SAML authentication as, for us, it ticks a lot of boxes. Does this require the VBR server to be on a server that has inbound access from internet to work? I assume it would work fine behind an Entra Enterprise Application - Application Proxy?
-
jasonede
- Service Provider
- Posts: 139
- Liked: 32 times
- Joined: Jan 04, 2018 4:51 pm
- Contact:
-
ashleyw
- Veteran
- Posts: 256
- Liked: 79 times
- Joined: Oct 28, 2010 10:55 pm
- Full Name: Ashley Watson
- Contact:
Re: First thoughts on VBR 13
On your last point we are running SSO to entra and this does not require inbound access for VBR or EM from o365. I recently dialed in our vcentre v8 into SSO and this does require inbound access for user provisioning via SCIM but there are workarounds for that one which we have implemented.. so Veeam SSO working beautifully!
I'm reverse publishing all Veeam products through haproxy but to get things working properly in our case meant using the same DNS name throughout the chain and using split DNS to get the thing working and static host names on some of the appliances so that appliance to appliance comms take place on the direct ips of the appliances. (Depending on your configuration). In our case we re-present the urls for internal consumption so we can manage the LE certs in haproxy rather than on the Veeam appliances directly.
It would be great if there was a configuration item like "presentation URL" on the Veeam webui configs to make it easy to use a different internal to external DNS name.
V13 is genuinely working great with just a couple of minor quirks I'm working through. SSO makes things much easier and it's totally worth the effort to secure (even for internally only deployments like ours)
Cheers
Ashley
I'm reverse publishing all Veeam products through haproxy but to get things working properly in our case meant using the same DNS name throughout the chain and using split DNS to get the thing working and static host names on some of the appliances so that appliance to appliance comms take place on the direct ips of the appliances. (Depending on your configuration). In our case we re-present the urls for internal consumption so we can manage the LE certs in haproxy rather than on the Veeam appliances directly.
It would be great if there was a configuration item like "presentation URL" on the Veeam webui configs to make it easy to use a different internal to external DNS name.
V13 is genuinely working great with just a couple of minor quirks I'm working through. SSO makes things much easier and it's totally worth the effort to secure (even for internally only deployments like ours)
Cheers
Ashley
-
jasonede
- Service Provider
- Posts: 139
- Liked: 32 times
- Joined: Jan 04, 2018 4:51 pm
- Contact:
Re: First thoughts on VBR 13
I've not thought about certs now yet, but lets encrypt support with the DNS plugins would be ideal for us.
Who is online
Users browsing this forum: Bing [Bot] and 46 guests