The hosting systems are divided between three VBR servers. We would like to consolidate all customers into one VBR servers.
All current VBR servers also hold the mount server role.
Some of the customers’ vm’s network (subnet / vlan) are routed into the VBR and repo servers to make sure that all restore functions are working without problems. All the other customers are not routed, so backup and restore go through VIX which causes us some problems with restore (FLR are very slow and SQL restore does not work). To get rid of the VIX problems we would like to route all our customers network into veeam but we are concerned about security and problems with overlapping customers subnet.
We have been thinking about making a Veeam DMZ for at least each hosting system. I the DMZ we will place the guest interaction proxy and the mount server. Then route all the customers network to the DMZ and not to the VBR and repo servers. In that way we are able to make it a bit more secure and if we have overlapping subnet we can create another DMZ setup (with a new mount server) In v13 we see that you are able to choose the mount server when you do the restore job, but that is only for FLR, not for DC og SQL. And for SQL log backup, the SQL vm’s needs access directly to the repo servers (2500-3300). So, I can’t see the solution will work.
What is the best and most secure design for a solution for many customers and one VBR?
