Standalone backup agents for Linux, Mac, AIX & Solaris workloads on-premises or in the public cloud
Post Reply
eider
Influencer
Posts: 14
Liked: 7 times
Joined: Jul 01, 2021 10:10 am
Contact:

VAL v6 with B&R v12 - additional transport and installer services

Post by eider »

Since upgrading to B&R 12 and VAL v6, two additional service are installed on system:
- Veeam Transport Service
- Veeam Installer Service

Both reside in /opt, register themselves with systemd and store logs to a different directory (/var/log/VeeamBackup, as opposed to agent's /var/log/veeam).

These services were not necessary previously and require additional ports to be opened on managed devices; something that was not necessary before. Are these services necessary or is that a bug? I believe in B&R v11 these services were installed only on servers that were part of backup infrastructure (proxies, etc.), not individual managed computers.

These services are also not present in your APT/YUM repositories, which means they can not be managed this way, raising interesting question - why is agent in these repositories then if it does not as stand-alone application anymore?

Additionally, directory /var/log/VeeamBackup is world-readable and contains some interesting logs, such as direct base64-encoded config provided to agent when provisioning it to use B&R repository.
PTide
Product Manager
Posts: 6550
Liked: 765 times
Joined: May 19, 2015 1:46 pm
Contact:

Re: VAL v6 with B&R v12 - additional transport and installer services

Post by PTide »

Hi,

Those are services that are required if you switched to single-use credentials for Linux Agent. Did you do that after the upgrade?

As for the logs being observable - we'll look into that, thank you for noticing.

Thanks!
eider
Influencer
Posts: 14
Liked: 7 times
Joined: Jul 01, 2021 10:10 am
Contact:

Re: VAL v6 with B&R v12 - additional transport and installer services

Post by eider »

No, I did not switch to a single-use credentials (or at least have not done so manually; maybe B&R migration process did that for me); my desired setup has Linux devices with agents accessible via SSH by B&R and authentication happens over ssh-pubkey which is configured in B&R.

EDIT: Just checked to confirm and the credentials are still stored in B&R. If I read documentation correctly to switch to single-use I'd need to click Add->Single-use->Linux private key...

Image
Image
PTide
Product Manager
Posts: 6550
Liked: 765 times
Joined: May 19, 2015 1:46 pm
Contact:

Re: VAL v6 with B&R v12 - additional transport and installer services

Post by PTide »

In v12 VBR manages agents via those two services (transport and deployer) by default. If you shutdown the corresponding ports VBR will failover to SSH (if there are credentials available).
That is, at this point you can either shutdown ports 6162 and 6160, or you can forbid the server to accept SSH from VBR and remove the credentials from VBR - agent management will keep working.

Thanks!
eider
Influencer
Posts: 14
Liked: 7 times
Joined: Jul 01, 2021 10:10 am
Contact:

Re: VAL v6 with B&R v12 - additional transport and installer services

Post by eider » 2 people like this post

Thanks for response. If these service will be used regardless of credential type then there's no reason for me to stick with old permanent SSH access. I'll switch all my devices to single-use credentials and eliminate need for SSH.
Post Reply

Who is online

Users browsing this forum: No registered users and 10 guests