Direct server to NAS connection for repository

[pkullmann]

This may take a minute to explain but most of it is caused by the desire not to get my backups infected by malware again. We had them set up for ISCSI and they all got nailed by the malware.
We have multiple remote sites that have Netgear NAS devices with dual network cards. There is one NIC connected to the network switch for MGMT and backup purposes right now. I have configured the NAS device SMB share to only be accessible from the Veeam IP addresses (B and R server and local proxy) and only using a local NAS device username/password. I would like to further restrict this by using the second NAS nic connected directly to the VM host with a specific VM switch to a second VMnic on the proxy VM. I know that I can communicate with a share on the second NIC via Windows OS on the proxy host , but I'm unable to create the backup repository in Veeam B and R. The Veeam B and R server is in a completely different site. I have specified the proxy host during creation of the repository but it won't talk to the NAS device. Is there any way to do what I'm trying to do or should I just be happy with the access restrictions already in place?

Thank for you time.

[PTide]

Hi,

I might need some clarifications...

I have configured the NAS device SMB share to only be accessible from the Veeam IP addresses (B and R server and local proxy) and only using a local NAS device username/password.

And where are those remote SMB shares are mounted? Do you mount them on VBR across WAN? Where is your gateway server?

I know that I can communicate with a share on the second NIC via Windows OS on the proxy host

"Communicate" in a sense "mount the share on proxy"?

but I'm unable to create the backup repository in Veeam B and R.

So, you are trying to make SMB shares to work as repos, right? Then again - which server do you pick as a gateway?

Thanks!

[pkullmann]

The SMB shares are advertised from the Netgear device and are connected as a repository using the Veeam server repository creation wizard Network Attached storage option on the B and R server using the the local backup proxy as gateway server. They are not actually "mounted" in the usual windows share mounted sense of the word.

Yes Communicate as in mount the share on the proxy server as a mapped drive in widows OS. I do not want a static drive mapping that would give potential access to share during virus infection.

Yes I'm attempting to make the SMB shares a network attached storage repository. I pick the local proxy server as a gateway.

[pkullmann]

the catch is that it works if the NIC is connected to a switch using an IP address that is routed throughout the WAN. It does not work if the NAS NIC is directly connected to the back of the physical server. (no switch or network routing)

[PTide]

Ok, essentially you want the following schema in which Proxy/Gateway will be present on both networks (MGMT/Backup and a separate one for NAS):

[VBR] <=====[MGMT+Backup Network]=====> [[vSwitch-1][vNIC-1]][PROXY/GATEWAY][vNIC-2][vSwitch-2][pNIC-2] <==== [WAN] ====> [NIC-2][NAS]

NAS devices stay in remote locations and are present in both networks as well.
VBR stays only in MGMT/Backup.

Legend:

pNIC-2 = a physical NIC in VM host
vNIC-2 = a separate vNIC in proxy VM attached to a separate vSwitch-2, not connected to the MGMT/Backup network
vSwitch-2 = a dedicated switch for proxy VM
vNIC-1 = a separate vNIC in proxy VM attached to a separate vSwitch-1, in MGMT/Backup network
vSwitch-1 = a dedicated switch for proxy VM

Is that correct?

Thanks!

[pkullmann]

Not quite. the proxy/gateway is actually at the remote site on the other side of the WAN. And its just a CAT 5 wire between pNIC 2 and NIC-2[NAS]