Comprehensive data protection for all workloads
- Product Manager
- Posts: 22127
- Liked: 1380 times
- Joined: Mar 30, 2009 9:13 am
- Full Name: Vitaliy Safarov
If you cannot use AAIP, then I would recommend using SureBackup jobs to verify recoverability for all your mission-critical VMs and applications.
- Veeam Software
- Posts: 56
- Liked: 15 times
- Joined: Apr 20, 2017 4:19 pm
- Full Name: Joe Houghes
- Location: Austin, TX
You would only need an account per server with access, rather than a single service account with access to every server, as these credentials could be specified for each object targeted in your backup.sandsturm wrote: ↑Jan 10, 2019 7:00 amThe reason to not use AAIP is the need for a service account, which is member of the local Administrators group on every server. Our security guys are not really amused with such requirements . We have about 1500 Windows server in differents security zones and probably I have to create a separate account for each zone. VMware tools quiescence is not an option in our case, because we're using DirectNFS.
This means that you could set specific credentials per job, if your jobs matched to your security zones; or you could also specify per VM/template, host/cluster, datastore, or tag depending on which object type you use for including VMs your backups.
If you tagged your VMs by zone and had your backups created with those tags being included, then you could specify security accounts per zone, but again some of this will depend on your VMware structure and ability to group your VMs based on needs for things like backup schedule/backup target/AAIP account/etc. and then tag accordingly.
It could take some effort to get there, so it's all dependent on your needs.
Husband, Father, Solutions Architect, Geek Extraordinaire | @AustinVMUG & @ATXPowerShell leader | vExpert | Cisco Champion | Tech Field Day Delegate | VCP 4/5/6 | VCP6-NV | VMware/Cisco UCS/Powershell/VEEAM Enthusiast
- Posts: 94
- Liked: 10 times
- Joined: Mar 23, 2015 8:30 am
Thanks for your answer. Yes, all Backup jobs are tagged with a zone relevant tag, so it makes sense to have one account per zone or something. I'll think about it.