Thanks for the quick reply... I’ve now spent some time testing & here’s where I’m at...
For the sake of brevity I’ll refer to these items as:VBR-Repo
= Repository used by VB&R Managed Backups (in my initial post I referred to this as the ‘Primary
= Repository used by VAW Free (Unmanaged by VB&R)VBR VM
= VM’s Managed & Backed up by VB&RVAW Compute
r = Physical Computer using VAW Free (Unmanaged by VB&R)
Just to clarify what I meant in my initial post about the VAW Computers not being able to access the VBR-Repo; I didn’t see this as a problem, in fact I purposefully left the VBR-Repo set to the Default Permission of Deny to Everyone
and I wasn’t surprised or concerned that the VAW Computers weren’t able to be able to access it that way.
On the VAW Computers & VAW-Repo: I had
used a User Account which had Admin rights on the Backup Server (I was under the mistaken impression that Admin rights were necessary) however, even after removing that User Account’s Admin rights, I found that (probably because I used the same User Account on all the VAW Computers) that any user on any VAW Computer could still access & Restore from any other VAW Computer’s backup in the VAW-Repo.
FWIW, the reason that I used the same User Account..., was that I didn’t want to use the actual User’s accounts and then have to deal with periodic password changes) so I created & used a single Faux
User Account with a non-expiring password (which it seemed like a good idea at the time)
However, I’ve now found that setting the VAW-Repo access permissions to the respective Computer
Accounts works great! No passwords and each VAW Computer can only see its own backups... which now has me rethinking my original plan...
Given that both of these Repos are on the same physical storage and that the VAW Computers wouldn’t be able to access the other machine’s backups..., I now think it’d be preferable to just use the VBR-Repo for all
the backups (and thus be able to leverage the Repo’s Concurrent Tasks
setting to simplify scheduling & load conflicts, etc.).
However, this raises another question of greater concern. Would granting Access Permissions on the VBR-Repo to the VAW Computer Accounts open a potential attack vector, e.g., if one of those VAW Computers got infected with Crypto/Malware? Or would the security mechanisms in VB&R be considered as adequate protection against that?
Obviously it would be bad if an infected VAW Computer was able to attack the other VAW Computer backups... but it’d be really, REALLY bad if it was able to get to the VBR VM Server backups!