-
- Enthusiast
- Posts: 32
- Liked: 8 times
- Joined: Oct 30, 2017 8:05 am
- Full Name: David Alexander Watts
- Contact:
FEATURE REQUEST: SQL account for Application aware processing
Case #03485338
We are using Veeam 9.5 update 4. Our veeam server is not joined to the domain for security reasons. When we use application aware processing
We use the local Administrator account which is explained here.
1. Ensure that the account being used by Veeam is a member of the Local Administrators group on the VM that is to be backed up.
2. If the account being used is not named “Administrator”, you must disable UAC on the Guest OS of the VM to be backed up.
https://www.veeam.com/kb1788
Disabling UAC is not an option here so we using the local Administrator to backup a database server.
The problem we face is that in order to use Application aware processing – Truncate SQL logs we need to add the local Administrator to the ‘Sysadmin’ role
In SQL server. This is a big problem for our DBA’s and security department. If the local administrator is compromised so is the database
Would it not be possible to add an extra account credential for SQL logins? this option is available in the Oracle tab, there you can specify Oracle account
with SYSDBA privileges
If there is no workaround to this then we would like this to be a feature request
We are using Veeam 9.5 update 4. Our veeam server is not joined to the domain for security reasons. When we use application aware processing
We use the local Administrator account which is explained here.
1. Ensure that the account being used by Veeam is a member of the Local Administrators group on the VM that is to be backed up.
2. If the account being used is not named “Administrator”, you must disable UAC on the Guest OS of the VM to be backed up.
https://www.veeam.com/kb1788
Disabling UAC is not an option here so we using the local Administrator to backup a database server.
The problem we face is that in order to use Application aware processing – Truncate SQL logs we need to add the local Administrator to the ‘Sysadmin’ role
In SQL server. This is a big problem for our DBA’s and security department. If the local administrator is compromised so is the database
Would it not be possible to add an extra account credential for SQL logins? this option is available in the Oracle tab, there you can specify Oracle account
with SYSDBA privileges
If there is no workaround to this then we would like this to be a feature request
-
- Product Manager
- Posts: 14844
- Liked: 3086 times
- Joined: Sep 01, 2014 11:46 am
- Full Name: Hannes Kasparick
- Location: Austria
- Contact:
Re: FEATURE REQUEST: SQL account for Application aware processing
Hello,
Having that said, it does not solve the the request from the SQL DBAs. From my point of view, every local administrator can compromise everything. In Veeam Agent for Windows, you can set a user:
see here
I understand that this workaround is not perfect...
Best regards,
Hannes
this is only correct for VIX as mentioned in the KB article. VIX is the fallback method and not built for SQL-logshipping. The VIX interface is to slow. So the normal way for SQL log backup should always be network. Restore requires network.If the account being used is not named “Administrator”, you must disable UAC on the Guest OS of the VM to be backed up.
Having that said, it does not solve the the request from the SQL DBAs. From my point of view, every local administrator can compromise everything. In Veeam Agent for Windows, you can set a user:
see here
I understand that this workaround is not perfect...
Best regards,
Hannes
-
- Enthusiast
- Posts: 32
- Liked: 8 times
- Joined: Oct 30, 2017 8:05 am
- Full Name: David Alexander Watts
- Contact:
Re: FEATURE REQUEST: SQL account for Application aware processing
@HannesK
So what you are saying is that i need to install veeam agent for windows on a Virtual machine? Might have misunderstood something here but i thought the agent was only for physical machines
David
So what you are saying is that i need to install veeam agent for windows on a Virtual machine? Might have misunderstood something here but i thought the agent was only for physical machines
David
-
- Product Manager
- Posts: 14726
- Liked: 1707 times
- Joined: Feb 04, 2013 2:07 pm
- Full Name: Dmitry Popov
- Location: Prague
- Contact:
Re: FEATURE REQUEST: SQL account for Application aware processing
Hello David,
Have you tried to create the sql account with limited set of permissions like described in this Help Center article?
Have you tried to create the sql account with limited set of permissions like described in this Help Center article?
Does that help in your case? Thank you!Help Center wrote: To provide minimal permissions, the account must be assigned the following roles and permissions:
SQL Server instance-level role: public.
Database-level roles:db_backupoperator, db_denydatareader, public; for system databases (master, model, msdb) — db_backupoperator, db_datareader, public; for system database (msdb) — db_datawriter.
Securables: view any definition, view server state.
-
- Product Manager
- Posts: 14844
- Liked: 3086 times
- Joined: Sep 01, 2014 11:46 am
- Full Name: Hannes Kasparick
- Location: Austria
- Contact:
Re: FEATURE REQUEST: SQL account for Application aware processing
as mentioned, my workaround is ugly... and I have to admit that I did not read exactly what you wrote so Dima's workaround is probably better. You don't need sysadmin permissions on the database
-
- Enthusiast
- Posts: 32
- Liked: 8 times
- Joined: Oct 30, 2017 8:05 am
- Full Name: David Alexander Watts
- Contact:
Re: FEATURE REQUEST: SQL account for Application aware processing
Thanks that worked fine , thought only the sysadmin could process the transaction logs.
Thanks Again
Thanks Again
Who is online
Users browsing this forum: No registered users and 59 guests