Comprehensive data protection for all workloads
Post Reply
matteu
Veeam Legend
Posts: 824
Liked: 128 times
Joined: May 11, 2018 8:42 am
Contact:

gMSA and VBR 12

Post by matteu »

Hello,

Until V11 I used pre provisioned agent to backup domain controller and local admin account on all the other server.

With V12, I see we can use gMSA.

VBR is in workgroup but gMSA need guest interaction proxy only to be in domain. I'm thinking about keep all my Veeam server out of domain but build 1 VM for guest interaction proxy inside domain and use it for all my backup. My issue is :

1)Does this will slow down my backup because all the Windows backup will have to use this Guest interaction proxy VM ?
I often work with customer with arround 200 / 300 VM with often arround 20 VM backuped at the same time. This design will need to add at least 1 VM and maybe 2 but Veeam will not have anymore any local server password into it.

2) For security reason, I guess it's better to have 2 gMSA : 1 for all server + 1 for all DC right ?

I already read it : https://helpcenter.veeam.com/docs/backu ... ml?ver=120
HannesK
Product Manager
Posts: 14970
Liked: 3159 times
Joined: Sep 01, 2014 11:46 am
Full Name: Hannes Kasparick
Location: Austria
Contact:

Re: gMSA and VBR 12

Post by HannesK »

Hello,

1) unlikely. But you can add more if needed anyway

2) I cannot find hard evidence for your guess. But I don't see anything that can go wrong by using two.

Best regards,
Hannes
matteu
Veeam Legend
Posts: 824
Liked: 128 times
Joined: May 11, 2018 8:42 am
Contact:

Re: gMSA and VBR 12

Post by matteu »

Hello,

Thanks for your answer.

Good to know it for 1) . It's excellent if I can improve the security with only 1 more VM :)
2) It's because when you talked about Tier architecture, nothing can be used at the same time for workstation / server / DC.
Workstation = T2
Server = T1
DC = T0 (and other critical server)

What can logon on T2 should be only be able to logon on T2 and not T1. If something goes wrong with the account, only T2 can be compromised.

Have a nice day !
Post Reply

Who is online

Users browsing this forum: Bing [Bot], masahide.k, Semrush [Bot], steamingPeople and 48 guests