Backup for a Confidentail VM - Security Concern

[alswi]

Hi,

I am a System Administrator and my role takes care of the server backup but one of the special VM would have needed to ask somebody password during restore process.

After migrated the VM infrastructure from 4.0 to 5.5 and also migrated the VM bakcup software from VCB backup ( vmware ) to Veeam Backup software ( Version 7 Enterprise Edition ). The software works perpectly which I could perform backup / restore without any problems. Although the 7.0 version still need the Virtual Lab to perform AD / SQL restore for my enviroment.

However, there is a special VM machine ( Windows perform Joined with confidentail domain - which I should never have the password to login ). I found I could perform VM backup even I configure the backup job for that VM without password to enable applicatoin-aware image processing but just enable VMware Tools quiescence and restore the Guest OS files using the Veeam explorer.

I have raised the question to Veeam local support and he ask me to uncheck the option " Enable VMware Tools quiescence " but I found I could still restore the files without login the guest O.S.

Any guys know the workarounds or the version 8 could solve my current secuirty problem?! I know there is a encryption option for version 8. However, if during restore process without typing the password for decryption. It cannot help to solve my problem too.

ALSWI

[emachabert]

As you are the admin, and because a VM is just a bunch of files you are allowed to copy, it is normal you have access to the files....

If you think of it in the physical world, it is like you had access to the hard drive and could duplicate or/and mount it to another physical machine. Then you would have access to the NTFS partitions and thus files on it....

From my point of view, the only way to keep the data confidential Inside the machine, even Inside the backup files, would be to use File System encryption on source machine. And you (the Admin)should not be aware of the encryption key.

[nielsengelen]

As you are the full administrator and you are just backing up the VM this behaviour is normal. You could use encryption on guest os level to prevent this from happening but if I understand it correct you are not managing the VM and only (somehow) got the password for it?

Encryption in v8 will only encrypt your backup file and you will require a password to unlock it.

[alswi]

Hi,

Thanks so much for your reply first.

Let me state more clearly for my enviroment.

I am the System / VM admin for my company and there are two domain ( example: General.com & Confidentail.com ) in my network.

1) I have the domain admin password for General.com 's Servers but not for Confidential.com

2) Everytime there are some maintenance for confidential.com servers, I have to ask confidentail.com staff to login for me.

3) After using Veeam, I could browse and restore the files from both general.com and confidential.com VM even I have not configured the guest OS account for confidential.com VM 's backup job. <- That is the security concerns.

So, would it be solved the above security concerns with the current version ( ver 7 ) or waiting for version 8 ( Not sure if it could help as if the restore process no need by typing the password manually ?

ALSWI

[veremin]

So, would it be solved the above security concerns with the current version ( ver 7 ) or waiting for version 8 ( Not sure if it could help as if the restore process no need by typing the password manually?

I think that once v8 is released, VeaamZIP functionality will be able to answer your requirements. You will ask confidential.com guys to select VMs they want to backup, input a desired password and start VeeamZIP operation. Once it's finished, you won't be able to restore either VM or guest files without the corresponding password. Thanks.

[emachabert]

But you will always be able to "hot" clone the confidential VM and read the data in there....
If confidentiality is really a concern here (for your hierarchy I supose), only in-guest encryption will prevent you to read the data and steal information...

[Vitaliy S.]

I concur with Eric. If you follow Vladimir's advice, then you will also need to disable a corresponding option in Enterprise Manager, that allows you to restore data from backups that you do not remember/do not know password for. Please see this blog post for further reading > http://www.veeam.com/blog/encryption-co ... te-v8.html

[alswi]

Hi,

I did try restoring the files in encrypted folder from a testing VM with Veeam and give me the "access dined" error. However, I think it may not be in practical for the production Server ( Confidential.com ).

In fact, the productoin server is still a physical server with files sharing to the confidential.com users. And, it is installed with BE to backup the files right now. If I need perform the P2V and then encrypted the files ( The shared folder ), it may cause the other users cannot access the shared files which I need to add the users for the EFS in extra steps. I think there would be some risks for that.

Therefore, I think the encrypition key could help on that. What do you think ?

ALSWI

[veremin]

Therefore, I think the encryption key could help on that. What do you think ?

If your company policy dictates that you should not be able to restore VM or its guest files without inputting corresponding password, then, yes combination of VeeamZIP and encryption key should answer your requirements. However, as mentioned above, there are millions of other ways how you can access confidential data: be it cloning VM or directly accessing underlying files. Thanks.